"apparmor failed to apply profile: write /proc/self/attr/apparmor/exec: no such file or directory" on Docker 23.0.1

[kit-ty-kate]

Description

I'm unable to use docker run or docker build with docker 23.0.1 but it works fine once i downgrade to 20.10.23

$ docker --version
Docker version 23.0.1, build a5ee5b1dfc
$ docker run --rm -it alpine
docker: Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: unable to apply apparmor profile: apparmor failed to apply profile: write /proc/self/attr/apparmor/exec: no such file or directory: unknown.
$ sudo pacman -U /var/cache/pacman/pkg/docker-1:20.10.23-1-aarch64.pkg.tar.xz
$ sudo systemctl restart containerd
$ sudo systemctl restart docker
$ docker --version
Docker version 20.10.23, build 715524332f
$ docker run --rm -it alpine
/ # # it works

Reproduce

docker run --rm -it alpine

Expected behavior

No response

docker version

Client:
 Version:           23.0.1
 API version:       1.42
 Go version:        go1.20
 Git commit:        a5ee5b1dfc
 Built:             Sat Feb 11 14:55:47 2023
 OS/Arch:           linux/arm64
 Context:           default

Server:
 Engine:
  Version:          23.0.1
  API version:      1.42 (minimum version 1.12)
  Go version:       go1.20
  Git commit:       bc3805a0a0
  Built:            Sat Feb 11 14:55:47 2023
  OS/Arch:          linux/arm64
  Experimental:     false
 containerd:
  Version:          v1.6.18
  GitCommit:        2456e983eb9e37e47538f59ea18f2043c9a73640.m
 runc:
  Version:          1.1.4
  GitCommit:        
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

docker info

Client:
 Context:    default
 Debug Mode: false

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 1
 Server Version: 23.0.1
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 2456e983eb9e37e47538f59ea18f2043c9a73640.m
 runc version: 
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 6.1.0-asahi-2-2-edge-ARCH
 Operating System: Arch Linux ARM
 OSType: linux
 Architecture: aarch64
 CPUs: 10
 Total Memory: 30.97GiB
 Name: alarm
 ID: 3OXJ:JKFP:4SZA:IB5Z:CY6L:D7V2:6J5Q:IZPV:IKL2:R5A2:KSIK:XLMH
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

Additional Info

Distribution: Archlinux

$ uname -a
Linux alarm 6.1.0-asahi-2-2-edge-ARCH #2 SMP PREEMPT_DYNAMIC Fri, 16 Dec 2022 05:04:23 +0000 aarch64 GNU/Linux

dmesg has the line:

[22449.030165] audit: type=1400 audit(1677086992.603:18): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name="docker-default" pid=73331 comm="runc:[2:INIT]"

journalctl -u docker has the line:

Feb 22 17:40:00 alarm dockerd[75323]: time="2023-02-22T17:40:00.931390701Z" level=warning msg="AppArmor enabled on system but \"apparmor_parser\" binary is missing, so profile can't be loaded"

[kit-ty-kate]

It looks related to #44942

[neersighted]

Duplicate #44970.