This is not limited to podman but apparently a problem with containers in general:
I have a very similar issue with LXD containers. Since the HWE kernel upgraded to 6.14 some programs like firefox and steam within the container are not able to open network sockets triggering the same apparmor message as above: [ 3723.620380] audit: type=1400 audit(1753900739.790:2911): apparmor="DENIED" operation="create" class="net" info="failed af match" error=-13 namespace="root//lxd-games_<var-snap-lxd-common-lxd>" profile="firefox" pid=41055 comm=444E53205265736F6C766572202332 family="inet" sock_type="dgram" protocol=0 requested="create" denied="create" If I boot the previous 6.11 kernel it works. If I configure "lxc.apparmor.profile = unconfined" it works even with the 6.14 kernel. So, I think this is an issue with apparmor or the related kernel interfaces. Some more observations: - This is not a general networking issue, for example a "wget https://google.de"; worked within the container while firefox did not. - I find the 'info="failed af match"' very peculiar. The address family is "inet", why wouldn't it match? Googling for "failed af match" only yielded this bug report. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2118824 Title: Podman containers with no-new-privilleges fail to create network sockets due to AppArmor denial To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/podman/+bug/2118824/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
