I have used Incus-based containers for nearly a year. From Ubuntu 25.04, somethings weird happened, many commands just hang, not return.
This post spot the cause: AppArmor blocks sending signals on Ubuntu 25.04 host.
There is no true fix yet, there are two workarounds:
- Disable
apparmor_unconfined_restriction
sudo sysctl -w kernel.apparmor_restrict_unprivileged_unconfined=0
(Ref)
- Using Incus profile
incus profile create apparmor-fix
incus profile set apparmor-fix raw.apparmor="signal peer=@{profile_name}//&unconfined,"
incus profile assign ubuntu-in-incus default,apparmor-fix
Replace "ubuntu-in-incus" with your container name.