We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
When Scaphandre is running in a Docker container on a host using AppArmor, the log contains error about denied "ptrace" operation.
Nov 13 09:09:14 server audit[1780857]: AVC apparmor="DENIED" operation="ptrace" profile="docker-default" pid=1780857 comm="tokio-runtime-w" requested_mask="read" denied_mask="read" peer="unconfined" Nov 13 09:09:14 server audit[1780857]: AVC apparmor="DENIED" operation="ptrace" profile="docker-default" pid=1780857 comm="tokio-runtime-w" requested_mask="read" denied_mask="read" peer="unconfined" Nov 13 09:09:14 server audit[1780857]: AVC apparmor="DENIED" operation="ptrace" profile="docker-default" pid=1780857 comm="tokio-runtime-w" requested_mask="read" denied_mask="read" peer="unconfined" Nov 13 09:09:14 server kernel: audit: type=1400 audit(1636790954.599:77337): apparmor="DENIED" operation="ptrace" profile="docker-default" pid=1780857 comm="tokio-runtime-w" requested_mask="read" denied_mask="read" peer="unconfined" Nov 13 09:09:14 server kernel: audit: type=1400 audit(1636790954.599:77338): apparmor="DENIED" operation="ptrace" profile="docker-default" pid=1780857 comm="tokio-runtime-w" requested_mask="read" denied_mask="read" peer="unconfined" Nov 13 09:09:14 server kernel: audit: type=1400 audit(1636790954.599:77339): apparmor="DENIED" operation="ptrace" profile="docker-default" pid=1780857 comm="tokio-runtime-w" requested_mask="read" denied_mask="read" peer="unconfined"
The same logs comes back every 10s.
To avoid AppArmor denying the ptrace call, the container must be run in privileged mode.
Run the provided example stack using docker compose file.
To avoid generating endless logs, either:
Ubuntu 21.10
Linux server 5.13.0-20-generic #20-Ubuntu SMP Fri Oct 15 14:21:35 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
version 20.10.7, build 20.10.7-0ubuntu5.1
The text was updated successfully, but these errors were encountered:
fix: updating docker compose sample stack and docs according to #135
a1a06ea
Hi !
Does this sound enough ? a1a06ea
thanks
Sorry, something went wrong.
bpetit
No branches or pull requests
Bug description
When Scaphandre is running in a Docker container on a host using AppArmor, the log contains error about denied "ptrace" operation.
The same logs comes back every 10s.
To avoid AppArmor denying the ptrace call, the container must be run in privileged mode.
To Reproduce
Run the provided example stack using docker compose file.
Expected behavior
To avoid generating endless logs, either:
OR
Environment
Ubuntu 21.10
Linux server 5.13.0-20-generic #20-Ubuntu SMP Fri Oct 15 14:21:35 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
version 20.10.7, build 20.10.7-0ubuntu5.1
The text was updated successfully, but these errors were encountered: