failed to enable bpfLsmEnforcer #11
Description
I tried to enable bpfLsmEnforcer with this command:
helm install varmor varmor-0.5.4.tgz --namespace varmor --create-namespace --set image.registry="elkeid-cn-beijing.cr.volces.com" --set bpfLsmEnforcer.enabled=true However, I found vamor-agent failed to start:
kubectl get pod -n varmorNAME READY STATUS RESTARTS AGE
varmor-agent-5prn9 0/1 CrashLoopBackOff 8 16m
varmor-agent-d78l4 0/1 CrashLoopBackOff 8 16m
varmor-agent-xq6sf 0/1 CrashLoopBackOff 8 16m
varmor-manager-599f6fd885-5frk5 1/1 Running 0 16m
varmor-manager-599f6fd885-jqmp7 1/1 Running 0 16m
varmor-manager-599f6fd885-p8z4b 1/1 Running 0 16mThis is the error log:
kubectl describe pod -n varmor varmor-agent-5prn9Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled <unknown> default-scheduler Successfully assigned varmor/varmor-agent-5prn9 to k8s-master
Warning Failed 16m (x4 over 17m) kubelet, k8s-master Error: failed to start container "agent": Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: unable to apply apparmor profile: apparmor failed to apply profile: open /proc/self/attr/apparmor/exec: read-only file system: unknown
Normal Pulling 15m (x5 over 17m) kubelet, k8s-master Pulling image "elkeid-cn-beijing.cr.volces.com/varmor/varmor:v0.5.4"
Normal Pulled 15m (x5 over 17m) kubelet, k8s-master Successfully pulled image "elkeid-cn-beijing.cr.volces.com/varmor/varmor:v0.5.4"
Normal Created 15m (x5 over 17m) kubelet, k8s-master Created container agent
Warning BackOff 2m9s (x66 over 16m) kubelet, k8s-master Back-off restarting failed containerIt seems runc failed to open apparmor profile?
open /proc/self/attr/apparmor/exec: read-only file system: unknown