| id | MCPX_DOCKER_SNAP_APPARMOR |
|---|---|
| title | MCPX_DOCKER_SNAP_APPARMOR |
| sidebar_label | SNAP_APPARMOR |
| description | Snap-installed Docker on Ubuntu blocks mcpproxy's security scanner via AppArmor. |
Severity: warn Domain: Docker
mcpproxy's security scanner sandbox launches the upstream stdio server inside
a Docker container with --security-opt no-new-privileges and a pinned
AppArmor profile. On Ubuntu's snap-installed Docker, AppArmor's profile
transition combined with no-new-privileges causes every command in the
container to fail with operation not permitted — the scanner can't run.
This is a known incompatibility between snap Docker's AppArmor confinement and the security flags mcpproxy needs for the scanner. Other (non-scanner) Docker isolation works fine.
You have four options:
sudo snap remove docker
# Then install Docker Desktop, Colima, or rootless Docker
# https://docs.docker.com/engine/install/ubuntu/If the real goal is to confine stdio servers on a snap-docker host, switch the
isolation mode to sandbox. Servers are confined natively with a Linux
Landlock filesystem allowlist + setrlimit (kernel 5.13+), which is unaffected
by the snap-docker/AppArmor conflict because it needs no Docker and no user
namespaces:
{ "docker_isolation": { "mode": "sandbox" } }Trade-off: the Docker-based scanner plugins cannot run under sandbox, so they
are skipped and the affected server's security_scan.status becomes
degraded (the always-on in-process tpa-descriptions scanner still runs).
This is MCP-34.4 / D3 option (b) — clean, surfaced degradation. See
Security Isolation → Scanner behaviour.
The error panel includes a Disable scanner for this server fix-step. The CLI equivalent:
mcpproxy upstream patch <server-name> --no-scanner --dry-runDrop --dry-run to apply. The server will still run with isolation, but
without TPA pre-flight scanning.
If you trust the upstream and don't need isolation:
{ "isolation": { "enabled": false } }See scanner snap-docker AppArmor incompatibility for the upstream tracking issue.