AppArmor 权限被拒绝加载配置文件

tag-icon tag-icon linux permissions apparmor
AppArmor 权限被拒绝加载配置文件

我正在尝试在运行 Ubuntu 20.04 的 VPS 上启动 docker-compose 文件,但我在使用 AppArmor 时遇到问题。我有以下错误:

systemctl status apparmor

● apparmor.service - Load AppArmor profiles
     Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Mon 2023-02-27 10:56:35 UTC; 1h 19min ago
       Docs: man:apparmor(7)
             https://gitlab.com/apparmor/apparmor/wikis/home/
    Process: 78 ExecStart=/lib/apparmor/apparmor.systemd reload (code=exited, status=1/FAILURE)
   Main PID: 78 (code=exited, status=1/FAILURE)

Feb 27 10:56:34 vps-zap468762-3 apparmor.systemd[241]: /sbin/apparmor_parser: Unable to replace "nscd".  Permission denied; attempted to load a profile while confined?
Feb 27 10:56:35 vps-zap468762-3 apparmor.systemd[245]: /sbin/apparmor_parser: Unable to replace "smbd".  Permission denied; attempted to load a profile while confined?
Feb 27 10:56:35 vps-zap468762-3 apparmor.systemd[249]: /sbin/apparmor_parser: Unable to replace "/usr/sbin/tcpdump".  Permission denied; attempted to load a profile while confine>
Feb 27 10:56:35 vps-zap468762-3 apparmor.systemd[247]: /sbin/apparmor_parser: Unable to replace "/etc/init.d/nscd".  Permission denied; attempted to load a profile while confined?
Feb 27 10:56:35 vps-zap468762-3 apparmor.systemd[247]: /sbin/apparmor_parser: Unable to replace "smbldap-useradd".  Permission denied; attempted to load a profile while confined?
Feb 27 10:56:35 vps-zap468762-3 apparmor.systemd[251]: /sbin/apparmor_parser: Unable to replace "traceroute".  Permission denied; attempted to load a profile while confined?
Feb 27 10:56:35 vps-zap468762-3 apparmor.systemd[78]: Error: At least one profile failed to load
Feb 27 10:56:35 vps-zap468762-3 systemd[1]: apparmor.service: Main process exited, code=exited, status=1/FAILURE
Feb 27 10:56:35 vps-zap468762-3 systemd[1]: apparmor.service: Failed with result 'exit-code'.
Feb 27 10:56:35 vps-zap468762-3 systemd[1]: Failed to start Load AppArmor profiles.

执行docker-compose up命令时,出现同样的错误。 aa-status 返回 0 个加载的配置文件:

apparmor module is loaded.
0 profiles are loaded.
0 profiles are in enforce mode.
0 profiles are in complain mode.
0 processes have profiles defined.
0 processes are in enforce mode.
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.

我已经尝试过:

  • 重新安装 docker 和 docker-compose
  • 重新安装 apparmor 和 apparmor-utils

我希望你能以某种方式帮助我,提前致谢!

相关内容