Keystone apparmor policy is not activated after controller deploy
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mirantis OpenStack |
Fix Released
|
Medium
|
Alexey Stupnikov |
Bug Description
Release: Mirantis OpenStack 9.2
Build number: 528
Keystone Apparmor policy is not activated during package install time.
When Keystone package installed on controller the apparmor service is not refreshed/updated correctly Only the manual restart forces the keystone policy to be activated.
When controller is rebooted the service apparmor comes up with including the earlier not applied keystone policy.
Before controller reboot:
root@cic-2:~# apparmor_status
apparmor module is loaded.
7 profiles are loaded.
7 profiles are in enforce mode.
/sbin/dhclient
/usr/
/usr/
/usr/sbin/ntpd
/usr/sbin/slapd
/usr/
docker-default
0 profiles are in complain mode.
2 processes have profiles defined.
2 processes are in enforce mode.
/usr/sbin/ntpd (4610)
/usr/sbin/slapd (16102)
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
After controller reboot:
root@cic-2:~# apparmor_status
apparmor module is loaded.
8 profiles are loaded.
7 profiles are in enforce mode.
/sbin/dhclient
/usr/
/usr/
/usr/sbin/ntpd
/usr/sbin/slapd
/usr/
docker-default
1 profiles are in complain mode.
/usr/
2 processes have profiles defined.
2 processes are in enforce mode.
/usr/sbin/ntpd (6269)
/usr/sbin/slapd (8663)
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
Changed in mos: | |
milestone: | 9.x-updates → 9.2-mu-3 |
assignee: | nobody → MOS Maintenance (mos-maintenance) |
status: | New → Confirmed |
Changed in mos: | |
assignee: | MOS Maintenance (mos-maintenance) → Alexey Stupnikov (astupnikov) |
sla2 for 9.0-updates