Does anyone have any guidance on why I can’t get Umbrell to install on an “unconfined” (aka apparmor should be disabled) LXC container inside Proxmox?
======================================
============ CONFIGURING =============
========= UMBREL (mainnet) ===========
======================================
Generating auth credentials
Generating Tor password
Unable to find image 'getumbrel/tor:0.4.7.8@sha256:2ace83f22501f58857fa9b403009f595137fa2e7986c4fda79d82a8119072b6a' locally
docker.io/getumbrel/tor@sha256:2ace83f22501f58857fa9b403009f595137fa2e7986c4fda79d82a8119072b6a: Pulling from getumbrel/tor
461246efe0a7: Pulling fs layer
c8bc27c5e55c: Pulling fs layer
472ce9feeded: Pulling fs layer
472ce9feeded: Verifying Checksum
472ce9feeded: Download complete
461246efe0a7: Verifying Checksum
461246efe0a7: Download complete
461246efe0a7: Pull complete
c8bc27c5e55c: Verifying Checksum
c8bc27c5e55c: Download complete
c8bc27c5e55c: Pull complete
472ce9feeded: Pull complete
Digest: sha256:2ace83f22501f58857fa9b403009f595137fa2e7986c4fda79d82a8119072b6a
Status: Downloaded newer image for getumbrel/tor@sha256:2ace83f22501f58857fa9b403009f595137fa2e7986c4fda79d82a8119072b6a
docker: Error response from daemon: AppArmor enabled on system but the docker-default profile could not be loaded: running `/usr/sbin/apparmor_parser apparmor_parser -Kr /var/lib/docker/tmp/docker-default881224890` failed with output: apparmor_parser: Unable to replace "docker-default". Permission denied; attempted to load a profile while confined?
Steps to reproduce:
- Create new LXC container (priviledged) using Ubuntu 22.04
- apt-get update; install curl
- Run umbrell install all-in-one
curl -L https://umbrel.sh | bash
- It will fail.
aa-status
root@umbrel:~# aa-status
apparmor module is loaded.
44 profiles are loaded.
44 profiles are in enforce mode.
/usr/bin/lxc-start
/usr/bin/man
/usr/sbin/chronyd
:lxc-113_<-var-lib-lxc>:/usr/bin/man
:lxc-113_<-var-lib-lxc>:/usr/lib/NetworkManager/nm-dhcp-client.action
:lxc-113_<-var-lib-lxc>:/usr/lib/NetworkManager/nm-dhcp-helper
:lxc-113_<-var-lib-lxc>:/usr/lib/connman/scripts/dhclient-script
:lxc-113_<-var-lib-lxc>:/{,usr/}sbin/dhclient
:lxc-113_<-var-lib-lxc>:lsb_release
:lxc-113_<-var-lib-lxc>:man_filter
:lxc-113_<-var-lib-lxc>:man_groff
:lxc-113_<-var-lib-lxc>:nvidia_modprobe
:lxc-113_<-var-lib-lxc>:nvidia_modprobe//kmod
:lxc-113_<-var-lib-lxc>:tcpdump
:lxc-114_<-var-lib-lxc>:/usr/bin/man
:lxc-114_<-var-lib-lxc>:/usr/lib/NetworkManager/nm-dhcp-client.action
:lxc-114_<-var-lib-lxc>:/usr/lib/NetworkManager/nm-dhcp-helper
:lxc-114_<-var-lib-lxc>:/usr/lib/connman/scripts/dhclient-script
:lxc-114_<-var-lib-lxc>:/{,usr/}sbin/dhclient
:lxc-114_<-var-lib-lxc>:docker-default
:lxc-114_<-var-lib-lxc>:lsb_release
:lxc-114_<-var-lib-lxc>:man_filter
:lxc-114_<-var-lib-lxc>:man_groff
:lxc-114_<-var-lib-lxc>:nvidia_modprobe
:lxc-114_<-var-lib-lxc>:nvidia_modprobe//kmod
:lxc-114_<-var-lib-lxc>:tcpdump
lsb_release
lxc-101_</var/lib/lxc>
lxc-102_</var/lib/lxc>
lxc-103_</var/lib/lxc>
lxc-104_</var/lib/lxc>
lxc-105_</var/lib/lxc>
lxc-113_</var/lib/lxc>
lxc-114_</var/lib/lxc>
lxc-container-default
lxc-container-default-cgns
lxc-container-default-with-mounting
lxc-container-default-with-nesting
man_filter
man_groff
nvidia_modprobe
nvidia_modprobe//kmod
swtpm
tcpdump
0 profiles are in complain mode.
0 profiles are in kill mode.
0 profiles are in unconfined mode.
0 processes have profiles defined.
0 processes are in enforce mode.
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
0 processes are in mixed mode.
0 processes are in kill mode.
root@umbrel:~#
LXC container settings from proxmox ct115.conf
pct config 115
arch: amd64
cores: 8
hostname: umbrel
memory: 4192
net0: name=eth0,bridge=vmbr0,firewall=1,hwaddr=52:C8:D0:34:B9:3A,ip=dhcp,type=veth
ostype: ubuntu
rootfs: local-zfs:subvol-115-disk-0,size=60G
swap: 512
lxc.apparmor.profile: unconfined
Thanks in advance.