Subject: Rare project developers
List archive
- From: David Schmitz <>
- To: mc36 <>
- Cc:
- Subject: Re: [rare-dev] netconf
- Date: Wed, 15 Feb 2023 09:44:57 +0100 (CET)
- Authentication-results: postout.lrz.de (amavisd-new); dkim=pass (2048-bit key) reason="pass (just generated, assumed good)" header.d=lrz.de
Hi,
the problem is that for building docker containers
the app armor seems to be required, because that is related to the docker daemon
and the docker folks is unwilling to allow to disable
app armor for the Docker daemon, at least according to this thread I found:
https://groups.google.com/g/docker-dev/c/tHH4DGfLVzI
Do you you think you could try to fix your app armor setup?
PS: I am also not at all very experienced with app armor.
Best Regards
David
On Wed, 15 Feb 2023, mc36 wrote:
Date: Wed, 15 Feb 2023 09:16:20 +0100
From: mc36 <>
To: David Schmitz <>
Cc:
Subject: Re: [rare-dev] netconf
hi,
so it's an isolated (throwaway) vm, feel free to break it's apparmor...
tbh i heard apparmor word before, but it's also a black hole in my knowledge... :(
i'm much better when it comes to networking, i swear :)
br,
cs
mc36@fod:~/FOD$
mc36@fod:~/FOD$
mc36@fod:~/FOD$
mc36@fod:~/FOD$ dpkg -l | grep apparmor
rc apparmor 2.13.6-10 amd64 user-space parser utility for AppArmor
ii libapparmor1:amd64 2.13.6-10 amd64 changehat AppArmor library
mc36@fod:~/FOD$
mc36@fod:~/FOD$
mc36@fod:~/FOD$
mc36@fod:~/FOD$ sudo docker run -ti --security-opt apparmor=unconfined netconfget1 bash
Unable to find image 'netconfget1:latest' locally
docker: Error response from daemon: pull access denied for netconfget1, repository does not exist or may require 'docker login': denied: requested access to the resource is denied.
See 'docker run --help'.
mc36@fod:~/FOD$
mc36@fod:~/FOD$
mc36@fod:~/FOD$
On 2/15/23 08:59, David Schmitz wrote:
Hi,
On Wed, 15 Feb 2023, mc36 wrote:
Date: Wed, 15 Feb 2023 08:38:16 +0100This seems to be some issue with your app armor installation.
From: mc36 <>
To: David Schmitz <>
Cc:
Subject: Re: [rare-dev] netconf
some progess but something is still missing:
mc36@fod:~/FOD$
mc36@fod:~/FOD$
mc36@fod:~/FOD$ sudo docker build -f Dockerfiles.d/Dockerfile.fod_netconf_get -t netconfget1 .
Sending build context to Docker daemon 557.3MB
Step 1/16 : FROM debian:bullseye
bullseye: Pulling from library/debian
1e4aec178e08: Pull complete
Digest: sha256:43ef0c6c3585d5b406caa7a0f232ff5a19c1402aeb415f68bcd1cf9d10180af8
Status: Downloaded newer image for debian:bullseye
---> 54e726b437fb
Step 2/16 : ENV LC_ALL en_US.utf8
---> Running in 323415a94986
Removing intermediate container 323415a94986
---> ae17a98ae329
Step 3/16 : RUN apt-get -yy update
---> Running in 1931bbbc04b8
AppArmor enabled on system but the docker-default profile could not be loaded: running `apparmor_parser apparmor_parser --version` failed with output:
error: exec: "apparmor_parser": executable file not found in $PATH
You could either try to fix it,
maybe by (re-)installing apparmor or so.
But, for now, and not to break anything on your side,
just try to explicitly disable the use of apparmor by docker run
with "--security-opt apparmor=unconfined" :
docker run -ti --security-opt apparmor=unconfined netconfget1 bash
(the container will still be isolated regarding filesystem, processes, network, etc. (i.e., regarding what is visible inside it),
just not being further restricted by app armor mandatory acces rules
when accessing what is visible inside it (files, sockets, etc.))
Best Regards
David
mc36@fod:~/FOD$
mc36@fod:~/FOD$
mc36@fod:~/FOD$
mc36@fod:~/FOD$ sudo docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
<none> <none> ae17a98ae329 21 seconds ago 124MB
debian bullseye 54e726b437fb 6 days ago 124MB
mc36@fod:~/FOD$
mc36@fod:~/FOD$
mc36@fod:~/FOD$ sudo docker run -ti -e=NETCONF_HOST=10.10.10.227 -e=NETCONF_PORT=830 -e=NETCONF_USER=netconf -e=NETCONF_PASS=netconf netconfget1
Unable to find image 'netconfget1:latest' locally
docker: Error response from daemon: pull access denied for netconfget1, repository does not exist or may require 'docker login': denied: requested access to the resource is denied.
See 'docker run --help'.
mc36@fod:~/FOD$
mc36@fod:~/FOD$
mc36@fod:~/FOD$
--
David Schmitz
Boltzmannstrasse 1, 85748 Garching
Telefon: +49 89 35831-8765
Leibniz-Rechenzentrum, Germany
Mail:
- Re: [rare-dev] netconf, (continued)
- Re: [rare-dev] netconf, David Schmitz, 02/14/2023
- Re: [rare-dev] netconf, mc36, 02/14/2023
- Re: [rare-dev] netconf, David Schmitz, 02/15/2023
- Re: [rare-dev] netconf, mc36, 02/15/2023
- Re: [rare-dev] netconf, David Schmitz, 02/15/2023
- Re: [rare-dev] netconf, mc36, 02/15/2023
- Re: [rare-dev] netconf, David Schmitz, 02/15/2023
- Re: [rare-dev] netconf, mc36, 02/15/2023
- Re: [rare-dev] netconf, David Schmitz, 02/15/2023
- Re: [rare-dev] netconf, mc36, 02/15/2023
- Re: [rare-dev] netconf, David Schmitz, 02/15/2023
- Re: [rare-dev] netconf, mc36, 02/15/2023
- Re: [rare-dev] netconf, David Schmitz, 02/15/2023
- Re: [rare-dev] netconf, mc36, 02/15/2023
- Re: [rare-dev] netconf, David Schmitz, 02/15/2023
- Re: [rare-dev] netconf, mc36, 02/15/2023
- Re: [rare-dev] netconf, David Schmitz, 02/15/2023
- Re: [rare-dev] netconf, mc36, 02/15/2023
- Re: [rare-dev] netconf, mc36, 02/15/2023
- Re: [rare-dev] netconf, David Schmitz, 02/15/2023
- Re: [rare-dev] netconf, David Schmitz, 02/17/2023
Archive powered by MHonArc 2.6.19.