Fix commands hanging in Incus container when host OS is Ubuntu

Linux

I have used Incus-based containers for nearly a year. From Ubuntu 25.04, somethings weird happened, many commands just hang, not return.

This post spot the cause: AppArmor blocks sending signals on Ubuntu 25.04 host.

There is no true fix yet, there are two workarounds:

  1. Disable apparmor_unconfined_restriction
sudo sysctl -w kernel.apparmor_restrict_unprivileged_unconfined=0

(Ref)

  1. Using Incus profile
incus profile create apparmor-fix
incus profile set apparmor-fix raw.apparmor="signal peer=@{profile_name}//&unconfined,"
incus profile assign ubuntu-in-incus default,apparmor-fix

Replace "ubuntu-in-incus" with your container name.

Another issue: Starting Redis with systemctl also fails in Incus, with error log like this:

redis-server.service: Failed to set up user namespacing: No such file or directory

The fix is to enable nesting namespace:

incus profile set default security.nesting true
← The trickiness of HTML checkbox Define UI comprising Dropdown in Blueprint for modern GTK apps →