Stopping containers with apparmor

Stubbs · February 10, 2019, 12:12pm

I’ve just installed a fresh Ubuntu LTS (18.04), installed docker-ce and started a home-assistant container with this docker-compose file:

version: "3"
services:
  homeassistant:
    container_name: home-assistant
    image: homeassistant/home-assistant
    volumes:
      - /home/stuart/home-assistant-config:/config
      - /etc/localtime:/etc/localtime:ro
    restart: always
    network_mode: host

However the path to home assistant config was wrong, so I’m trying to stop the image to recreate it with the new config, but I’m getting this error:

Error response from daemon: cannot stop container: home-assistant: Cannot kill container 5b3748bad815a0ceb86d9f29356e366e11b374b69a1b726c8dd53a7e4996226b: unknown error after kill: runc did not terminate sucessfully: container_linux.go:387: signaling init process caused "permission denied"

How do you restart containers with apparmor installed?

Robban · February 10, 2019, 12:28pm

By default you need to s op containers as sudo

Stubbs · February 10, 2019, 4:55pm

I’ve tried that. I get the same error.

Doesn’t look like you can uninstall apparmor without also removing docker-compose, or vice versa either.

flamingm0e · February 10, 2019, 4:56pm

Docker-compose down

Docker-compose up -d

Stubbs · February 10, 2019, 4:58pm

I know the commands I need, but look at the error in the original post …

flamingm0e · February 10, 2019, 5:01pm

I saw the error.

I don’t understand why you think apparmor is blocking you.

I can do this all day long on an Ubuntu 18.04 machine with literally nothing done to apparmor

Stubbs · February 10, 2019, 5:05pm

Ok, I see. I Googled the error and the most common reasons were to do with apparmor, with the solution being to disable apparmor, remove the config for the command you’re running and then restart, however Docker’s apparmor config is generated at runtime and loaded straight into memory when Docker starts, so there’s no time to disable it.

I don’t imagine apparmor’s purpose is to stop things being restarted, rather to stop unauthorised people doing it …

flamingm0e · February 10, 2019, 5:07pm

So sudo docker-compose down doesn’t do anything? Same error message?

Stubbs · February 10, 2019, 5:12pm

Yes, the same error.

I have managed to totally disable apparmor, and shut down the container, but it’s left things in a mess which I’m currently trying to clean up. I did that by shutting down aa, then disabling it.

$ sudo systemctl stop apparmor
$ sudo systemctl disable apparmor

Then I rebooted to be sure.

I’ll sort that and see what I can come up about apparmor & docker, I’ve never used apparmor before, and maybe this is more of a question for Docker support than Home Assistant.

flamingm0e · February 10, 2019, 5:15pm

I can tell you that I have an Ubuntu 1804 server running docker compose just fine and I’ve never touched apparmor. I didn’t need to touch it, so it’s running the same as the day I stood up the server.

Stubbs · February 10, 2019, 5:41pm

How did you install docker/docker-compose ?

flamingm0e · February 10, 2019, 5:43pm

Installed docker-ce because it’s recommended over what’s in the Ubuntu repos, and installed docker-compose the normal way I guess. It was either through pip or apt