I am trying to containerize my application that uses AppArmor to execute programs in a sandboxed environment (online code judge). The application works perfectly fine on my machine, but I am having trouble getting my policies inside the dockerized version of it to work.
Here is my Dockerfile:
FROM node:18-buster
RUN apt-get update && \
apt-get install -y apparmor apparmor-utils && \
mkdir /etc/apparmor.d/coderatic && \
chmod 700 /etc/apparmor.d/coderatic
# Two policies I want apparmor inside my container to use
COPY coderatic-bin-policy /etc/apparmor.d/coderatic/
COPY coderatic-py3-policy /etc/apparmor.d/coderatic/
WORKDIR /server
COPY ./package*.json ./
RUN npm install
COPY . .
ENV PORT=3000
EXPOSE 3000
CMD sh -c 'apparmor_parser -r -W /etc/apparmor.d/coderatic/coderatic-bin-policy && \
apparmor_parser -r -W /etc/apparmor.d/coderatic/coderatic-py3-policy && \
npm run dev'
But I am getting the following error when running the container:
Warning: unable to find a suitable fs in /proc/mounts, is it mounted?
Use --subdomainfs to override.
I have tried using the --subdomainfs option, but I am unsure what argument to pass to it. I tried using /etc/apparmor.d, but this resulted in a different error that persisted regardless of the path I used.