From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gaio@lilliput.linux.it>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id AA509BB37C
 for <pve-user@lists.proxmox.com>; Sat, 23 Mar 2024 16:40:41 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id 8C39C12081
 for <pve-user@lists.proxmox.com>; Sat, 23 Mar 2024 16:40:11 +0100 (CET)
Received: from picard.linux.it (picard.linux.it [IPv6:2001:1418:10:5::2])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS
 for <pve-user@lists.proxmox.com>; Sat, 23 Mar 2024 16:40:10 +0100 (CET)
Received: by picard.linux.it (Postfix, from userid 10)
 id 0A6CF3CFB79; Sat, 23 Mar 2024 16:40:03 +0100 (CET)
Received: from news by eraldo.lilliput.linux.it with local (Exim 4.92)
 (envelope-from <gaio@lilliput.linux.it>) id 1ro3Pd-0007Z9-6N
 for pve-user@lists.proxmox.com; Sat, 23 Mar 2024 16:36:01 +0100
From: Marco Gaiarin <gaio@lilliput.linux.it>
Date: Sat, 23 Mar 2024 16:28:58 +0100
Organization: Il gaio usa sempre TIN per le liste, fallo anche tu!!!
Message-ID: <o293dk-v3l1.ln1@hermione.lilliput.linux.it>
X-Trace: eraldo.lilliput.linux.it 1711208054 28984 192.168.1.24 (23 Mar 2024
 15:34:14 GMT)
X-Mailer: tin/2.6.2-20220130 ("Convalmore") (Linux/5.15.0-101-generic (x86_64))
X-Gateway-System: SmartGate 1.4.5 <news.lilliput.linux.it>
To: pve-user@lists.proxmox.com
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.631 Adjusted score from AWL reputation of From: address
 BAYES_20               -0.001 Bayes spam probability is 5 to 20%
 DMARC_PASS               -0.1 DMARC pass policy
 JMQ_SPF_NEUTRAL           0.5 SPF set to ?all
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_PASS          -0.001 SPF: HELO matches SPF record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: [PVE-User] Apparmor complain on ubuntu LXC...
X-BeenThere: pve-user@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE user list <pve-user.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-user>, 
 <mailto:pve-user-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-user/>
List-Post: <mailto:pve-user@lists.proxmox.com>
List-Help: <mailto:pve-user-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user>, 
 <mailto:pve-user-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Sat, 23 Mar 2024 15:40:41 -0000


After an upgrade (minor; still on 22.04) of the container, the PVE7 host
start to complain:

	Mar 23 13:30:58 ino kernel: [6658681.626390] audit: type=1400 audit(1711197058.833:79): apparmor="DENIED" operation="exec" namespace="root//lxc-107_<-var-lib-lxc>" profile="ubuntu_pro_apt_news" name="/bin/uname" pid=1224393 comm="python3" requested_mask="x" denied_mask="x" fsuid=100000 ouid=100000

container have just 'nesting=1'.


How can i do? Thanks.

-- 
  If you hear something late at night
  some kind of trouble, some kind of fight
  just don't ask me what it was				(S. Vega)