ptrace denied spam on syslog

[3141592Pie]

Huhu Dear team, i really enjoy your container project. It is runnign fine on debian. Iam just wondering if you can explain/stop the system message spam:

[ 8341.933370] audit: type=1400 audit(1621966268.393:633): apparmor="DENIED" operation="ptrace" profile="docker-default" pid=3811 comm="boinc" requested_mask="read" denied_mask="read" peer="unconfined"
[ 8351.947878] audit: type=1400 audit(1621966278.405:634): apparmor="DENIED" operation="ptrace" profile="docker-default" pid=3811 comm="boinc" requested_mask="read" denied_mask="read" peer="unconfined"
[ 8361.962093] audit: type=1400 audit(1621966288.421:635): apparmor="DENIED" operation="ptrace" profile="docker-default" pid=3811 comm="boinc" requested_mask="read" denied_mask="read" peer="unconfined"

So basically every 10 seconds a new message is generated.

I use this script for generating the docker container:

notify-send 'Start Boinc'
docker rm boinc
docker run -d \
  --name boinc \
  --net=host \
  --pid=host \
  -v ~/boinc/:/var/lib/boinc \
  -e BOINC_GUI_RPC_PASSWORD="nicecertifiedbutcensoredpassword" \
  boinc/client
sleep 2
boincmgr -nd -p nicecertifiedbutcensoredpassword --datadir ~/boinc/

Can you tell me how to prevent this messages but keep the container secured? If i just disable the security of apparmor, i could also use the non dockerised version of Boinc.

Background of this request is that my machine eventually restarts without notification and this messages fill the syslogs massively.

Thank you for your attention even if this is not a strict "functional" issue of the container.

lg aus Berlin

[adamradocz]

Have you installed AppArmor on the host?

[pataquets]

Same here, under Ubuntu Bionic, which has AppArmor built-in, indeed.