I have a container where I have been running Docker perfectly well for a long time now and I just upgraded the host OS to Ubuntu 24.04. After this, Docker won’t run even “docker run hello-world” anymore successfully inside my container, just spitting out the following error:
ocker: Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error jailing process inside rootfs: pivot_root .: permission denied: unknown.
ERRO[0004] error waiting for container:
Why would upgrading to 24.04 break things like this? How do I fix it?
I didn’t have time to check what was going on earlier, but now that I did, it would seem that AppArmor prevents pivot_root from working. This is, apparently, a new restriction in 24.04 and isn’t affected by the changes mentioned in the release notes.
I know nothing about AppArmor, I dunno how this should be fixed. Besides that, if a user wants to run Docker or something inside a container, they should be able to without having to mess around with AppArmor, IMO, so this should be fixed properly upstream.