podman: podman run fails on Ubuntu 23.10 (Error: install profile containers-default-0.50.1: generate default profile into pipe: get AppArmor version: convert AppArmor patch version: strconv.Atoi: parsing "0~alpha2": invalid syntax)
Issue Description
# podman run fedora:rawhide ls
Error: install profile containers-default-0.50.1: generate default profile into pipe: get AppArmor version: convert AppArmor patch version: strconv.Atoi: parsing "0~alpha2": invalid syntax
Steps to reproduce the issue
Describe the results you received
error
Describe the results you expected
no error
podman info output
podman info
host:
arch: amd64
buildahVersion: 1.28.2
cgroupControllers:
- cpuset
- cpu
- io
- memory
- hugetlb
- pids
- rdma
- misc
cgroupManager: systemd
cgroupVersion: v2
conmon:
package: conmon_2.1.6+ds1-1_amd64
path: /usr/bin/conmon
version: 'conmon version 2.1.6, commit: unknown'
cpuUtilization:
idlePercent: 88.8
systemPercent: 1.13
userPercent: 10.08
cpus: 8
distribution:
codename: mantic
distribution: ubuntu
version: "23.10"
eventLogger: journald
hostname: ubuntu-16gb-hil-1
idMappings:
gidmap: null
uidmap: null
kernel: 6.5.0-5-generic
linkmode: dynamic
logDriver: journald
memFree: 10791440384
memTotal: 16363732992
networkBackend: netavark
ociRuntime:
name: crun
package: crun_1.8.5-1_amd64
path: /usr/bin/crun
version: |-
crun version 1.8.5
commit: b6f80f766c9a89eb7b1440c0a70ab287434b17ed
rundir: /run/user/0/crun
spec: 1.0.0
+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +WASM:wasmedge +YAJL
os: linux
remoteSocket:
exists: true
path: /run/podman/podman.sock
security:
apparmorEnabled: true
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: false
seccompEnabled: true
seccompProfilePath: /usr/share/containers/seccomp.json
selinuxEnabled: false
serviceIsRemote: false
slirp4netns:
executable: /usr/bin/slirp4netns
package: slirp4netns_1.2.0-1_amd64
version: |-
slirp4netns version 1.2.0
commit: 656041d45cfca7a4176f6b7eed9e4fe6c11e8383
libslirp: 4.7.0
SLIRP_CONFIG_VERSION_MAX: 4
libseccomp: 2.5.4
swapFree: 0
swapTotal: 0
uptime: 0h 21m 23.00s
plugins:
authorization: null
log:
- k8s-file
- none
- passthrough
- journald
network:
- bridge
- macvlan
volume:
- local
registries: {}
store:
configFile: /usr/share/containers/storage.conf
containerStore:
number: 3
paused: 0
running: 0
stopped: 3
graphDriverName: overlay
graphOptions: {}
graphRoot: /var/lib/containers/storage
graphRootAllocated: 241635364864
graphRootUsed: 7267053568
graphStatus:
Backing Filesystem: extfs
Native Overlay Diff: "true"
Supports d_type: "true"
Using metacopy: "false"
imageCopyTmpDir: /var/tmp
imageStore:
number: 7
runRoot: /run/containers/storage
volumePath: /var/lib/containers/storage/volumes
version:
APIVersion: 4.3.1
Built: 0
BuiltTime: Thu Jan 1 00:00:00 1970
GitCommit: ""
GoVersion: go1.20.7
Os: linux
OsArch: linux/amd64
Version: 4.3.1
Podman in a container
No
Privileged Or Rootless
None
Upstream Latest Release
Yes
Additional environment details
Additional environment details
Additional information
Additional information like issue happens only occasionally or issue happens with a particular architecture or on a particular setting
About this issue
- Original URL
- State: closed
- Created 9 months ago
- Comments: 17 (11 by maintainers)
Commits related to this issue
- apparmor: fix parsing beta/alpha version Copied from github.com/moby/moby who already has a fix for it. Tested manually on a Ubuntu 23.10 (beta) VM. Fixes: #containers/podman/issues/20278 Signed-off... — committed to vrothberg/common by vrothberg 9 months ago
- apparmor: fix parsing beta/alpha version Copied from github.com/moby/moby who already has a fix for it. Tested manually on a Ubuntu 23.10 (beta) VM. Fixes: #containers/podman/issues/20278 Signed-off... — committed to alvistack/containers-common by vrothberg 9 months ago
- apparmor: fix parsing beta/alpha version Copied from github.com/moby/moby who already has a fix for it. Tested manually on a Ubuntu 23.10 (beta) VM. Fixes: #containers/podman/issues/20278 Signed-off... — committed to alvistack/containers-common by vrothberg 9 months ago
- apparmor: fix parsing beta/alpha version Copied from github.com/moby/moby who already has a fix for it. Tested manually on a Ubuntu 23.10 (beta) VM. Fixes: #containers/podman/issues/20278 Signed-off... — committed to alvistack/containers-common by vrothberg 9 months ago
- apparmor: fix parsing beta/alpha version Copied from github.com/moby/moby who already has a fix for it. Tested manually on a Ubuntu 23.10 (beta) VM. Fixes: #containers/podman/issues/20278 Signed-off... — committed to alvistack/containers-common by vrothberg 9 months ago
- apparmor: fix parsing beta/alpha version Copied from github.com/moby/moby who already has a fix for it. Tested manually on a Ubuntu 23.10 (beta) VM. Fixes: #containers/podman/issues/20278 Signed-off... — committed to alvistack/containers-common by vrothberg 9 months ago
- apparmor: fix parsing beta/alpha version Copied from github.com/moby/moby who already has a fix for it. Tested manually on a Ubuntu 23.10 (beta) VM. Fixes: #containers/podman/issues/20278 Signed-off... — committed to alvistack/containers-common by vrothberg 9 months ago
Apparently this issue is specific to ubuntu mantic (23.10), and curently to noble (the current dev release). It is not observable on earlier releases of ubuntu, such as lunar, or on any Debian release, as none of those distro ship a version of apparmor that comes with
~alpha2string in its version.apparently this has been reported in ubuntu as https://bugs.launchpad.net/podman/+bug/2040082
I don’t think so, apart from waiting for the affected Ubuntu/Debian to pull in the fix. You could use
--privilegedin the meantime, but I wouldn’t recommend that for obvious reasons.Hi @MarcoFalke , I think it happens because of
alphapatch, maybe try a diff something like this and see if it works. If this works then we can push this patch tocontainers/common