apt-get says apparmor is installed, but the Docker kernel compatibility check says it's not

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
2
down vote

favorite












I'm in the process of installing Docker for the first time.



In the official documentation, at this point, it says I should download and run a script (check-config.sh) to test whether my system has all the things needed for Docker.



When I run the script (as docker user), it outputs a list of dependencies categorized by importance. Of the requirements listed under "Generally necessary" (the most important ones), the only one it says I'm missing is something called apparmor_parser:



- apparmor: enabled, but apparmor_parser missing
(use "apt-get install apparmor" to fix this)


but when I run sudo apt-get update and sudo apt-get install apparmor I get this:



$ sudo apt-get install apparmor
Reading package lists... Done
Building dependency tree
Reading state information... Done
apparmor is already the newest version (2.10.95-0ubuntu2.9).
0 to upgrade, 0 to newly install, 0 to remove and 3 not to upgrade.


All the other evidence I've seen suggests apparmor is installed: cat /sys/module/apparmor/parameters/enabled returns Y, and docker run hello-world outputs something sensible.



The relevant part of the check-config.sh script goes like this:



if command -v apparmor_parser &> /dev/null; then
echo "$(wrap_good 'apparmor' 'enabled and tools installed')"
else
echo "$(wrap_bad 'apparmor' 'enabled, but apparmor_parser missing')"
...


I don't know what command -v apparmor_parser means. When I ran it I got no output.



I worry that if apparmor isn't installed, or if it is but Docker doesn't know where to find it, I could end up running Docker with missing security features. What should I do?



Linux version etc:



$ uname -srvmpio
Linux 4.13.0-39-generic #44~16.04.1-Ubuntu SMP Thu Apr 5 16:43:10 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux


UPDATE:



apparmor_parser is in /sbin/, so the script couldn't find it. When I run PATH=$PATH:/sbin ./check-config.sh it appears to work. But when I run /sbin/apparmor_parser I get apparmor_parser: Sorry. You need root privileges to run this programme.. And when I run sudo apparmor_parser I get Warning from stdin (line 1): apparmor_parser: cannot use or update cache, disable, or force-complain via stdin (and it doesn't terminate until I press Ctrl+C). So it still looks to me as if it might still not be working. And I don't want to have to run Docker as root.







share|improve this question





















  • command -v apparmor_parser checks if apparmor_parser exists in your PATH. If /sbin/apparmor_parser is a valid command but apparmor_parser isn't, then your PATH needs updating.
    – dsstorefile1
    Apr 29 at 10:21






  • 1




    @dsstorefile1 That could be part of it. I can't run it as not root, but with sudo apparmor_parser I get Warning from stdin (line 1): apparmor_parser: cannot use or update cache, disable, or force-complain via stdin. What does that mean? And are you sure that adding /sbin to $PATH is a good idea?
    – David Knipe
    Apr 29 at 10:23











  • Adding /sbin/ to PATH is a good idea. It doesn't grant your user any permissions it doesn't already have and allows easy access to handy utilities that don't necessarily require elevated privileges such as ifconfig.
    – dsstorefile1
    Apr 29 at 10:28






  • 1




    Fair enough. Yes, that seems to work, thanks. But (going off on a tangent a bit...) does it matter that I got that error message from running apparmor_parser as root? And does it matter that the docker user can't run apparmor_parser directly? (apparmor_parser: Sorry. You need root privileges to run this programme.)
    – David Knipe
    Apr 29 at 10:34










  • I don't know about that since I don't use Docker, so I'll let someone else answer your tangent.
    – dsstorefile1
    Apr 29 at 10:37














up vote
2
down vote

favorite












I'm in the process of installing Docker for the first time.



In the official documentation, at this point, it says I should download and run a script (check-config.sh) to test whether my system has all the things needed for Docker.



When I run the script (as docker user), it outputs a list of dependencies categorized by importance. Of the requirements listed under "Generally necessary" (the most important ones), the only one it says I'm missing is something called apparmor_parser:



- apparmor: enabled, but apparmor_parser missing
(use "apt-get install apparmor" to fix this)


but when I run sudo apt-get update and sudo apt-get install apparmor I get this:



$ sudo apt-get install apparmor
Reading package lists... Done
Building dependency tree
Reading state information... Done
apparmor is already the newest version (2.10.95-0ubuntu2.9).
0 to upgrade, 0 to newly install, 0 to remove and 3 not to upgrade.


All the other evidence I've seen suggests apparmor is installed: cat /sys/module/apparmor/parameters/enabled returns Y, and docker run hello-world outputs something sensible.



The relevant part of the check-config.sh script goes like this:



if command -v apparmor_parser &> /dev/null; then
echo "$(wrap_good 'apparmor' 'enabled and tools installed')"
else
echo "$(wrap_bad 'apparmor' 'enabled, but apparmor_parser missing')"
...


I don't know what command -v apparmor_parser means. When I ran it I got no output.



I worry that if apparmor isn't installed, or if it is but Docker doesn't know where to find it, I could end up running Docker with missing security features. What should I do?



Linux version etc:



$ uname -srvmpio
Linux 4.13.0-39-generic #44~16.04.1-Ubuntu SMP Thu Apr 5 16:43:10 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux


UPDATE:



apparmor_parser is in /sbin/, so the script couldn't find it. When I run PATH=$PATH:/sbin ./check-config.sh it appears to work. But when I run /sbin/apparmor_parser I get apparmor_parser: Sorry. You need root privileges to run this programme.. And when I run sudo apparmor_parser I get Warning from stdin (line 1): apparmor_parser: cannot use or update cache, disable, or force-complain via stdin (and it doesn't terminate until I press Ctrl+C). So it still looks to me as if it might still not be working. And I don't want to have to run Docker as root.







share|improve this question





















  • command -v apparmor_parser checks if apparmor_parser exists in your PATH. If /sbin/apparmor_parser is a valid command but apparmor_parser isn't, then your PATH needs updating.
    – dsstorefile1
    Apr 29 at 10:21






  • 1




    @dsstorefile1 That could be part of it. I can't run it as not root, but with sudo apparmor_parser I get Warning from stdin (line 1): apparmor_parser: cannot use or update cache, disable, or force-complain via stdin. What does that mean? And are you sure that adding /sbin to $PATH is a good idea?
    – David Knipe
    Apr 29 at 10:23











  • Adding /sbin/ to PATH is a good idea. It doesn't grant your user any permissions it doesn't already have and allows easy access to handy utilities that don't necessarily require elevated privileges such as ifconfig.
    – dsstorefile1
    Apr 29 at 10:28






  • 1




    Fair enough. Yes, that seems to work, thanks. But (going off on a tangent a bit...) does it matter that I got that error message from running apparmor_parser as root? And does it matter that the docker user can't run apparmor_parser directly? (apparmor_parser: Sorry. You need root privileges to run this programme.)
    – David Knipe
    Apr 29 at 10:34










  • I don't know about that since I don't use Docker, so I'll let someone else answer your tangent.
    – dsstorefile1
    Apr 29 at 10:37












up vote
2
down vote

favorite









up vote
2
down vote

favorite











I'm in the process of installing Docker for the first time.



In the official documentation, at this point, it says I should download and run a script (check-config.sh) to test whether my system has all the things needed for Docker.



When I run the script (as docker user), it outputs a list of dependencies categorized by importance. Of the requirements listed under "Generally necessary" (the most important ones), the only one it says I'm missing is something called apparmor_parser:



- apparmor: enabled, but apparmor_parser missing
(use "apt-get install apparmor" to fix this)


but when I run sudo apt-get update and sudo apt-get install apparmor I get this:



$ sudo apt-get install apparmor
Reading package lists... Done
Building dependency tree
Reading state information... Done
apparmor is already the newest version (2.10.95-0ubuntu2.9).
0 to upgrade, 0 to newly install, 0 to remove and 3 not to upgrade.


All the other evidence I've seen suggests apparmor is installed: cat /sys/module/apparmor/parameters/enabled returns Y, and docker run hello-world outputs something sensible.



The relevant part of the check-config.sh script goes like this:



if command -v apparmor_parser &> /dev/null; then
echo "$(wrap_good 'apparmor' 'enabled and tools installed')"
else
echo "$(wrap_bad 'apparmor' 'enabled, but apparmor_parser missing')"
...


I don't know what command -v apparmor_parser means. When I ran it I got no output.



I worry that if apparmor isn't installed, or if it is but Docker doesn't know where to find it, I could end up running Docker with missing security features. What should I do?



Linux version etc:



$ uname -srvmpio
Linux 4.13.0-39-generic #44~16.04.1-Ubuntu SMP Thu Apr 5 16:43:10 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux


UPDATE:



apparmor_parser is in /sbin/, so the script couldn't find it. When I run PATH=$PATH:/sbin ./check-config.sh it appears to work. But when I run /sbin/apparmor_parser I get apparmor_parser: Sorry. You need root privileges to run this programme.. And when I run sudo apparmor_parser I get Warning from stdin (line 1): apparmor_parser: cannot use or update cache, disable, or force-complain via stdin (and it doesn't terminate until I press Ctrl+C). So it still looks to me as if it might still not be working. And I don't want to have to run Docker as root.







share|improve this question













I'm in the process of installing Docker for the first time.



In the official documentation, at this point, it says I should download and run a script (check-config.sh) to test whether my system has all the things needed for Docker.



When I run the script (as docker user), it outputs a list of dependencies categorized by importance. Of the requirements listed under "Generally necessary" (the most important ones), the only one it says I'm missing is something called apparmor_parser:



- apparmor: enabled, but apparmor_parser missing
(use "apt-get install apparmor" to fix this)


but when I run sudo apt-get update and sudo apt-get install apparmor I get this:



$ sudo apt-get install apparmor
Reading package lists... Done
Building dependency tree
Reading state information... Done
apparmor is already the newest version (2.10.95-0ubuntu2.9).
0 to upgrade, 0 to newly install, 0 to remove and 3 not to upgrade.


All the other evidence I've seen suggests apparmor is installed: cat /sys/module/apparmor/parameters/enabled returns Y, and docker run hello-world outputs something sensible.



The relevant part of the check-config.sh script goes like this:



if command -v apparmor_parser &> /dev/null; then
echo "$(wrap_good 'apparmor' 'enabled and tools installed')"
else
echo "$(wrap_bad 'apparmor' 'enabled, but apparmor_parser missing')"
...


I don't know what command -v apparmor_parser means. When I ran it I got no output.



I worry that if apparmor isn't installed, or if it is but Docker doesn't know where to find it, I could end up running Docker with missing security features. What should I do?



Linux version etc:



$ uname -srvmpio
Linux 4.13.0-39-generic #44~16.04.1-Ubuntu SMP Thu Apr 5 16:43:10 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux


UPDATE:



apparmor_parser is in /sbin/, so the script couldn't find it. When I run PATH=$PATH:/sbin ./check-config.sh it appears to work. But when I run /sbin/apparmor_parser I get apparmor_parser: Sorry. You need root privileges to run this programme.. And when I run sudo apparmor_parser I get Warning from stdin (line 1): apparmor_parser: cannot use or update cache, disable, or force-complain via stdin (and it doesn't terminate until I press Ctrl+C). So it still looks to me as if it might still not be working. And I don't want to have to run Docker as root.









share|improve this question












share|improve this question




share|improve this question








edited May 18 at 21:29









GAD3R

22.1k154891




22.1k154891









asked Apr 29 at 10:16









David Knipe

865




865











  • command -v apparmor_parser checks if apparmor_parser exists in your PATH. If /sbin/apparmor_parser is a valid command but apparmor_parser isn't, then your PATH needs updating.
    – dsstorefile1
    Apr 29 at 10:21






  • 1




    @dsstorefile1 That could be part of it. I can't run it as not root, but with sudo apparmor_parser I get Warning from stdin (line 1): apparmor_parser: cannot use or update cache, disable, or force-complain via stdin. What does that mean? And are you sure that adding /sbin to $PATH is a good idea?
    – David Knipe
    Apr 29 at 10:23











  • Adding /sbin/ to PATH is a good idea. It doesn't grant your user any permissions it doesn't already have and allows easy access to handy utilities that don't necessarily require elevated privileges such as ifconfig.
    – dsstorefile1
    Apr 29 at 10:28






  • 1




    Fair enough. Yes, that seems to work, thanks. But (going off on a tangent a bit...) does it matter that I got that error message from running apparmor_parser as root? And does it matter that the docker user can't run apparmor_parser directly? (apparmor_parser: Sorry. You need root privileges to run this programme.)
    – David Knipe
    Apr 29 at 10:34










  • I don't know about that since I don't use Docker, so I'll let someone else answer your tangent.
    – dsstorefile1
    Apr 29 at 10:37
















  • command -v apparmor_parser checks if apparmor_parser exists in your PATH. If /sbin/apparmor_parser is a valid command but apparmor_parser isn't, then your PATH needs updating.
    – dsstorefile1
    Apr 29 at 10:21






  • 1




    @dsstorefile1 That could be part of it. I can't run it as not root, but with sudo apparmor_parser I get Warning from stdin (line 1): apparmor_parser: cannot use or update cache, disable, or force-complain via stdin. What does that mean? And are you sure that adding /sbin to $PATH is a good idea?
    – David Knipe
    Apr 29 at 10:23











  • Adding /sbin/ to PATH is a good idea. It doesn't grant your user any permissions it doesn't already have and allows easy access to handy utilities that don't necessarily require elevated privileges such as ifconfig.
    – dsstorefile1
    Apr 29 at 10:28






  • 1




    Fair enough. Yes, that seems to work, thanks. But (going off on a tangent a bit...) does it matter that I got that error message from running apparmor_parser as root? And does it matter that the docker user can't run apparmor_parser directly? (apparmor_parser: Sorry. You need root privileges to run this programme.)
    – David Knipe
    Apr 29 at 10:34










  • I don't know about that since I don't use Docker, so I'll let someone else answer your tangent.
    – dsstorefile1
    Apr 29 at 10:37















command -v apparmor_parser checks if apparmor_parser exists in your PATH. If /sbin/apparmor_parser is a valid command but apparmor_parser isn't, then your PATH needs updating.
– dsstorefile1
Apr 29 at 10:21




command -v apparmor_parser checks if apparmor_parser exists in your PATH. If /sbin/apparmor_parser is a valid command but apparmor_parser isn't, then your PATH needs updating.
– dsstorefile1
Apr 29 at 10:21




1




1




@dsstorefile1 That could be part of it. I can't run it as not root, but with sudo apparmor_parser I get Warning from stdin (line 1): apparmor_parser: cannot use or update cache, disable, or force-complain via stdin. What does that mean? And are you sure that adding /sbin to $PATH is a good idea?
– David Knipe
Apr 29 at 10:23





@dsstorefile1 That could be part of it. I can't run it as not root, but with sudo apparmor_parser I get Warning from stdin (line 1): apparmor_parser: cannot use or update cache, disable, or force-complain via stdin. What does that mean? And are you sure that adding /sbin to $PATH is a good idea?
– David Knipe
Apr 29 at 10:23













Adding /sbin/ to PATH is a good idea. It doesn't grant your user any permissions it doesn't already have and allows easy access to handy utilities that don't necessarily require elevated privileges such as ifconfig.
– dsstorefile1
Apr 29 at 10:28




Adding /sbin/ to PATH is a good idea. It doesn't grant your user any permissions it doesn't already have and allows easy access to handy utilities that don't necessarily require elevated privileges such as ifconfig.
– dsstorefile1
Apr 29 at 10:28




1




1




Fair enough. Yes, that seems to work, thanks. But (going off on a tangent a bit...) does it matter that I got that error message from running apparmor_parser as root? And does it matter that the docker user can't run apparmor_parser directly? (apparmor_parser: Sorry. You need root privileges to run this programme.)
– David Knipe
Apr 29 at 10:34




Fair enough. Yes, that seems to work, thanks. But (going off on a tangent a bit...) does it matter that I got that error message from running apparmor_parser as root? And does it matter that the docker user can't run apparmor_parser directly? (apparmor_parser: Sorry. You need root privileges to run this programme.)
– David Knipe
Apr 29 at 10:34












I don't know about that since I don't use Docker, so I'll let someone else answer your tangent.
– dsstorefile1
Apr 29 at 10:37




I don't know about that since I don't use Docker, so I'll let someone else answer your tangent.
– dsstorefile1
Apr 29 at 10:37















active

oldest

votes











Your Answer







StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);








 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f440704%2fapt-get-says-apparmor-is-installed-but-the-docker-kernel-compatibility-check-sa%23new-answer', 'question_page');

);

Post as a guest



































active

oldest

votes













active

oldest

votes









active

oldest

votes






active

oldest

votes










 

draft saved


draft discarded


























 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f440704%2fapt-get-says-apparmor-is-installed-but-the-docker-kernel-compatibility-check-sa%23new-answer', 'question_page');

);

Post as a guest













































































Popular posts from this blog

How to check contact read email or not when send email to Individual?

Displaying single band from multi-band raster using QGIS

How many registers does an x86_64 CPU actually have?