My k8s cluster faces the same problem on Ubuntu 24.04 with containerd 1.7.12. I searched the web and found some info: 1, containerd codes its apparmor profile in go source code. 2, containerd has fixed this issue in recent releases, 1.7.19 or even earlier version. The profile template file now contains two more lines: "signal (receive) peer=runc" and "signal (receive) peer=crun". 3, disabling apparmor and rebooting the system can workaround this problem. At least, my k8s can terminates pod now.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2040483 Title: AppArmor denies crun sending signals to containers (stop, kill) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/golang-github-containers-common/+bug/2040483/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
