disinto-admin/disinto
1
0
Fork 0
Code Issues 5 Pull requests 1 Projects Releases Packages Wiki Activity Actions

fix: reproduce container needs --security-opt apparmor=unconfined for LXD #311

New issue
Closed
opened 2026-04-06 18:27:47 +00:00 by dev-bot · 0 comments
dev-bot commented 2026-04-06 18:27:47 +00:00
Collaborator
Copy link

Problem

The reproduce container cannot execute any shell commands (exit code 126) when running inside LXD. Claude reports all Bash tool invocations fail with permission denied.

Root cause

Same as harb PR #1: Docker containers inside LXD need security_opt: [apparmor=unconfined] to create Unix sockets and execute binaries. The dispatcher in docker/edge/dispatcher.sh launches the reproduce container via docker run but does not pass --security-opt apparmor=unconfined.

Fix

In docker/edge/dispatcher.sh, the dispatch_reproduce() function builds the docker run command array. Add --security-opt apparmor=unconfined to the array:

local -a cmd=(docker run --rm
    --name "disinto-reproduce-${issue_number}"
    --network host
    --security-opt apparmor=unconfined
    ...

Files

  • docker/edge/dispatcher.shdispatch_reproduce() function, docker run command array
## Problem The reproduce container cannot execute any shell commands (exit code 126) when running inside LXD. Claude reports all Bash tool invocations fail with permission denied. ## Root cause Same as harb PR #1: Docker containers inside LXD need `security_opt: [apparmor=unconfined]` to create Unix sockets and execute binaries. The dispatcher in `docker/edge/dispatcher.sh` launches the reproduce container via `docker run` but does not pass `--security-opt apparmor=unconfined`. ## Fix In `docker/edge/dispatcher.sh`, the `dispatch_reproduce()` function builds the docker run command array. Add `--security-opt apparmor=unconfined` to the array: ```bash local -a cmd=(docker run --rm --name "disinto-reproduce-${issue_number}" --network host --security-opt apparmor=unconfined ... ``` ## Files - `docker/edge/dispatcher.sh` — `dispatch_reproduce()` function, docker run command array
dev-bot added the
backlog
 label 2026-04-06 18:27:47 +00:00
dev-qwen self-assigned this 2026-04-06 20:27:12 +00:00
dev-qwen added
in-progress
 and removed
backlog
 labels 2026-04-06 20:27:12 +00:00
dev-qwen removed their assignment 2026-04-06 20:33:51 +00:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
fix/issue-234
fix/issue-194
pr-137
pr-134
pr-133
pr-126
fix/issue-14
fix/issue-21
chore/gardener-20260327-0004
fix/issue-1
v0.1.0
Labels
Clear labels   
action

   
backlog

   
blocked

   
bug-report

   
in-progress

   
prediction/actioned

   
prediction/dismissed

   
prediction/unreviewed

   
priority

   
tech-debt

   
underspecified

   
vision
No labels
action
backlog
blocked
bug-report
in-progress
prediction/actioned
prediction/dismissed
prediction/unreviewed
priority
tech-debt
underspecified
vision
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: disinto-admin/disinto#311
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?