The issue was found testing the OnlyOffice DocumentServer installation in a default Debian 10 installation with snap and docker (from snap) installed after it.
An OnlyOffice worker confirmed the issue in other default Debian 10 installation using the netinstall with both OnlyOffice DocumentServer and the “hello-world” docker image at the moment to run it.
The provided output after trying to run in both cases is related with AppArmor dedicated docker default-profile:
docker: Error response from daemon: AppArmor enabled on system but the docker-default profile could not be loaded: running /sbin/apparmor_parser apparmor_parser --version failed with output: Failed to load features from ‘/usr/share/apparmor-features/features’: No such file or directory
error: exit status 1.
From my ignorance I also provided the output that “/sbin/apparmor_parser apparmor_parser --version” it throws confirming there were no issues running it and that the “/usr/share/apparmor-features/features” file existed and was readable for every user.
Seems odd – as far as I understand, the Docker daemon itself embeds this docker-default profile which it then loads during the start of the daemon, and unless the Snappy profile blocked us, that should’ve worked (because all the required utilities for doing that should’ve been part of the snap or the OS, IIRC).
I wonder if there’s anything useful in the denials logs for the affected host that might give clues? If the issue is reproducible, it might be useful to set up a clean new host to ensure we get just the set of denials that show up after the initial install of the Docker snap?