In last weekend, I was building Cloudflare Zero Trust tunnel for my Kubernetes Homelab.
Before new test I wanted to clean up Docker registery.
At begining I had issues to remove Docker container. After few fail, AI assistant in Warp terminal start activity to solve my challange.
Below I present how I removed problematic container with AI assistance.
I run sudo docker ps to list active containers.
Below I present how I removed problematic container with AI assistance.
I run sudo docker ps to list active containers.
First attempt was to stop container. It was unsuccesfull.
AI agent in Warp suggent to use command sudo docker kill containerID.
It looks like there's a permission issue. Let me try stopping it with a force option or check if we need different permissions:
AI suggent to check if Docker daemon is working correctly. It was running correctly..
In next I was advised to inspect container in matter RestartPolicy restains.
sudo docker inspect containerID | grep -E "(RestartPolicy|Protected|ReadOnly)"
In next command was invoked full restart policy.
sudo docker inspect containerID --format='{{json .HostConfig.RestartPolicy}}'
The restart policy is set to "no", so that's not the issue. This might be related to apparmor or another security mechanism. Let me try, if there are any apparmor or selinux restrictions:
AppArmor is blocking the signal operations needed to stop the container. The container appears to be running under a snap version of Docker, and there's a conflict with AppArmor permissions.
Let me try stopping the container using the container name instead, and also try restarting the Docker service if needed:
The same permission issue persists. This appears to be an AppArmor policy conflict with the snap version of Docker. Let me try to temporarily disable the AppArmor profile for Docker.
In next step AI Claude, check how docker was installed.
I can see that Docker is installed as a snap and there are multiple AppArmor profiles active.
The AppArmor utilities aren't available. Afterwards I restart Docker daemon, but it do not help to remove container mentioned above.
Next was attemp to stop snap Docker.
After sudo docker ps, none container was running.
In next step, I started Docker daemon removed container.
and removed container.
AI agent in Warp suggent to use command sudo docker kill containerID.
It looks like there's a permission issue. Let me try stopping it with a force option or check if we need different permissions:
AI suggent to check if Docker daemon is working correctly. It was running correctly..
In next I was advised to inspect container in matter RestartPolicy restains.
sudo docker inspect containerID | grep -E "(RestartPolicy|Protected|ReadOnly)"
In next command was invoked full restart policy.
sudo docker inspect containerID --format='{{json .HostConfig.RestartPolicy}}'
The restart policy is set to "no", so that's not the issue. This might be related to apparmor or another security mechanism. Let me try, if there are any apparmor or selinux restrictions:
AppArmor is blocking the signal operations needed to stop the container. The container appears to be running under a snap version of Docker, and there's a conflict with AppArmor permissions.
Let me try stopping the container using the container name instead, and also try restarting the Docker service if needed:
The same permission issue persists. This appears to be an AppArmor policy conflict with the snap version of Docker. Let me try to temporarily disable the AppArmor profile for Docker.
In next step AI Claude, check how docker was installed.
I can see that Docker is installed as a snap and there are multiple AppArmor profiles active.
The AppArmor utilities aren't available. Afterwards I restart Docker daemon, but it do not help to remove container mentioned above.
Next was attemp to stop snap Docker.
After sudo docker ps, none container was running.
In next step, I started Docker daemon removed container.
and removed container.
The solution:
1. Stop the entire Docker:
sudo snap stop docker
2. Restart the Docker snap service using
sudo snap start docker
3. Remove container
sudo docker rm containerID
DOKU:
https://gcore.com/learning/advanced-docker-security-with-apparmor
No comments:
Post a Comment