It appears that the same version of apparmor parser (2.13.3 as reported by Simon), behaves differently when running in the container. Specifically, the command that snapd also executes did not fail in the container, while it should have. Actually there's even an error message but the exit code is still 0. Since it did not fail, then snapd assumes that bpf is supported and generates a snippet for snap-confine apparmor profile.
I think the first step here, is to figure out why apparmor_parser did not fail. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1964636 Title: Incorrect handling of apparmor `bpf` capability To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1964636/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
