對 apparmor 做了一場噩夢,我無法停止 docker 容器,顯然這取決於 apparmor,我不需要運行它。
我跑:
sudo systemctl stop apparmor
但我仍然無法殺死 docker 容器,顯然 apparmor 仍在運行:
apparmor 模組已載入。
64 profiles are loaded.
64 profiles are in enforce mode.
/snap/core/12603/usr/lib/snapd/snap-confine
/snap/core/12603/usr/lib/snapd/snap-confine//mount-namespace-capture-helper
/snap/core/12725/usr/lib/snapd/snap-confine
/snap/core/12725/usr/lib/snapd/snap-confine//mount-namespace-capture-helper
/snap/core/12821/usr/lib/snapd/snap-confine
/snap/core/12821/usr/lib/snapd/snap-confine//mount-namespace-capture-helper
/snap/core/12834/usr/lib/snapd/snap-confine
/snap/core/12834/usr/lib/snapd/snap-confine//mount-namespace-capture-helper
/snap/core/12941/usr/lib/snapd/snap-confine
/snap/core/12941/usr/lib/snapd/snap-confine//mount-namespace-capture-helper
/snap/snapd/14295/usr/lib/snapd/snap-confine
/snap/snapd/14295/usr/lib/snapd/snap-confine//mount-namespace-capture-helper
/snap/snapd/14549/usr/lib/snapd/snap-confine
/snap/snapd/14549/usr/lib/snapd/snap-confine//mount-namespace-capture-helper
/snap/snapd/14978/usr/lib/snapd/snap-confine
/snap/snapd/14978/usr/lib/snapd/snap-confine//mount-namespace-capture-helper
/snap/snapd/15177/usr/lib/snapd/snap-confine
/snap/snapd/15177/usr/lib/snapd/snap-confine//mount-namespace-capture-helper
/snap/snapd/15314/usr/lib/snapd/snap-confine
/snap/snapd/15314/usr/lib/snapd/snap-confine//mount-namespace-capture-helper
/usr/bin/man
/usr/lib/NetworkManager/nm-dhcp-client.action
/usr/lib/NetworkManager/nm-dhcp-helper
/usr/lib/connman/scripts/dhclient-script
/usr/lib/snapd/snap-confine
/usr/lib/snapd/snap-confine//mount-namespace-capture-helper
/usr/sbin/tcpdump
/{,usr/}sbin/dhclient
docker-default
lsb_release
man_filter
man_groff
nvidia_modprobe
nvidia_modprobe//kmod
snap-update-ns.canonical-livepatch
snap-update-ns.core
snap-update-ns.docker
snap-update-ns.lxd
snap.canonical-livepatch.canonical-livepatch
snap.canonical-livepatch.canonical-livepatchd
snap.canonical-livepatch.hook.configure
snap.canonical-livepatch.hook.connect-plug-etc-update-motd-d
snap.canonical-livepatch.hook.disconnect-plug-etc-update-motd-d
snap.canonical-livepatch.hook.remove
snap.core.hook.configure
snap.docker.compose
snap.docker.docker
snap.docker.dockerd
snap.docker.help
snap.docker.hook.install
snap.docker.hook.post-refresh
snap.docker.machine
snap.lxd.activate
snap.lxd.benchmark
snap.lxd.buginfo
snap.lxd.check-kernel
snap.lxd.daemon
snap.lxd.hook.configure
snap.lxd.hook.install
snap.lxd.hook.remove
snap.lxd.lxc
snap.lxd.lxc-to-lxd
snap.lxd.lxd
snap.lxd.migrate
0 profiles are in complain mode.
20 processes have profiles defined.
20 processes are in enforce mode.
/usr/bin/bash (3264412) docker-default
/usr/bin/bash (3395377) docker-default
/usr/bin/node (3395450) docker-default
/usr/bin/cat (3395466) docker-default
/usr/bin/node (3395467) docker-default
/var/tests/node_modules/chromedriver/lib/chromedriver/chromedriver (3395474) docker-default
/opt/google/chrome/chrome (3395480) docker-default
/usr/bin/cat (3395485) docker-default
/usr/bin/cat (3395486) docker-default
/opt/google/chrome/chrome_crashpad_handler (3395488) docker-default
/opt/google/chrome/chrome (3395492) docker-default
/opt/google/chrome/chrome (3395493) docker-default
/opt/google/chrome/chrome (3395506) docker-default
/opt/google/chrome/chrome (3395508) docker-default
/opt/google/chrome/chrome (3395556) docker-default
/snap/canonical-livepatch/132/canonical-livepatchd (1082983) snap.canonical-livepatch.canonical-livepatchd
/snap/docker/1767/bin/dockerd (2355402) snap.docker.dockerd
/snap/docker/1767/bin/containerd (2355545) snap.docker.dockerd
/snap/docker/1767/bin/containerd-shim-runc-v2 (3264390) snap.docker.dockerd
/snap/docker/1767/bin/containerd-shim-runc-v2 (3395352) snap.docker.dockerd
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
答案1
可以使用 PID 強制殺死容器:
docker inspect container_name
kill -9 container_pid