Why does docker run helloworld on a fresh Ubuntu 20.04 fail with `unable to apply apparmor profile`?

Avogadro

2/19/24, 9:19 PM

I've tried a fresh install of Ubuntu (release 20.04) on my cloud server and then tried to install docker and run the setup based on information from Ubuntu's Official Page.

When I reach the step for testing with "Hello World"by running:

sudo docker run hello-world

I would get the following error:

docker: Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: unable to apply apparmor profile: apparmor failed to apply profile: write /proc/self/attr/apparmor/exec: no such file or directory: unknown.
ERRO[0000] error waiting for container:

I'd like to be able to run docker on my instance.

2254

1 + 0

docker

20.04

Score:5

Ubuntu

Avogadro

2/19/24, 9:19 PM

The error message gives little bits of clues, but most importantly says it has a problem with apparmor. Checking my version of app armor using the command: aa-status produced a not found message indicating that it was not installed on my OS. I installed apparmor with the command:

sudo apt install apparmor

Subsequentally, I ran the docker hello world again:

sudo docker run hello-world

It was able to run and produce the correct output.

+ 5

Artur Meinild

2/19/24, 9:42 PM

One has to wonder why AppArmor wasn't installed in the first place - I don't know if this is normal for cloud images?

popey

2/20/24, 1:26 AM

It's a dependency of `snapd`, perhaps @avogadro removed it?

Avogadro

2/20/24, 11:00 AM

@ArturMeinild / @popey : I'm using a hosting service from [HostWinds](https://www.hostwinds.com/) using their 'Unmanaged SSD Cloud 3' service using their Ubunutu 20.04 install. After testing for `snapd`, it is not installed for some reason. I'm wondering if Hostwinds modified the Ubuntu image to be as slim as possible?

Avogadro

2/20/24, 11:16 AM

I would like to improve 'why' I got this error. Hostwinds confirmed that they do use the standard Ubuntu server image for installs. As a test, I tried to pull the latest Ubuntu docker image and run it to try out snapd. Both `apparmor` and `snap` are not installed. I cannot find documentation that says these _shouldn't_ be installed, so I'm starting to go down a rabbit hole here.

Eneko

2/27/24, 11:56 AM

My system needed a reboot after installing apparmor.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Why does docker run helloworld on a fresh Ubuntu 20.04 fail with `unable to apply apparmor profile`?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.