OpenStack Nova Compute Charm

Bug #1821767
Comment #2

Comment 2 for bug 1821767

Revision history for this message

Drew Freiberger (afreiberger) wrote on 2019-03-26:

Here are the detach app armor traces:

[2904353.570983] audit: type=1400 audit(1553614943.564:489): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="libvirt-0ed090c8-f408-4f66-8208-4f025e996025" pid=606020 comm="apparmor_parser"
[2904353.775248] audit: type=1400 audit(1553614943.768:490): apparmor="ALLOWED" operation="exec" profile="/usr/bin/nova-compute" name="/sbin/iscsiadm" pid=606129 comm="privsep-helper" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 target="/usr/bin/nova-compute//null-/sbin/iscsiadm"
[2904353.786613] audit: type=1400 audit(1553614943.780:491): apparmor="ALLOWED" operation="open" profile="/usr/bin/nova-compute//null-/sbin/iscsiadm" name="/etc/ld.so.cache" pid=606129 comm="iscsiadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[2904353.786659] audit: type=1400 audit(1553614943.780:492): apparmor="ALLOWED" operation="open" profile="/usr/bin/nova-compute//null-/sbin/iscsiadm" name="/lib/x86_64-linux-gnu/libc-2.23.so" pid=606129 comm="iscsiadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[2904353.787304] audit: type=1400 audit(1553614943.780:493): apparmor="ALLOWED" operation="file_mprotect" profile="/usr/bin/nova-compute//null-/sbin/iscsiadm" name="/sbin/iscsiadm" pid=606129 comm="iscsiadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[2904353.787347] audit: type=1400 audit(1553614943.780:494): apparmor="ALLOWED" operation="file_mprotect" profile="/usr/bin/nova-compute//null-/sbin/iscsiadm" name="/lib/x86_64-linux-gnu/ld-2.23.so" pid=606129 comm="iscsiadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[2904353.788002] audit: type=1400 audit(1553614943.780:495): apparmor="ALLOWED" operation="open" profile="/usr/bin/nova-compute//null-/sbin/iscsiadm" name="/etc/iscsi/nodes/" pid=606129 comm="iscsiadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[2904353.788067] audit: type=1400 audit(1553614943.780:496): apparmor="ALLOWED" operation="capable" profile="/usr/bin/nova-compute//null-/sbin/iscsiadm" pid=606129 comm="iscsiadm" capability=1 capname="dac_override"
[2904353.788091] audit: type=1400 audit(1553614943.780:497): apparmor="ALLOWED" operation="open" profile="/usr/bin/nova-compute//null-/sbin/iscsiadm" name="/etc/iscsi/nodes/iqn.2010-06.com.purestorage:flasharray.401a4a5a9b723cc8/" pid=606129 comm="iscsiadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[2904353.788234] audit: type=1400 audit(1553614943.780:498): apparmor="ALLOWED" operation="open" profile="/usr/bin/nova-compute//null-/sbin/iscsiadm" name="/run/lock/iscsi/lock" pid=606129 comm="iscsiadm" requested_mask="wrc" denied_mask="wrc" fsuid=0 ouid=0

Here are the detach app armor traces:

[2904353.570983] audit: type=1400 audit(1553614943.564:489): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="libvirt-0ed090c8-f408-4f66-8208-4f025e996025" pid=606020 comm="apparmor_parser"
[2904353.775248] audit: type=1400 audit(1553614943.768:490): apparmor="ALLOWED" operation="exec" profile="/usr/bin/nova-compute" name="/sbin/iscsiadm" pid=606129 comm="privsep-helper" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 target="/usr/bin/nova-compute//null-/sbin/iscsiadm"
[2904353.786613] audit: type=1400 audit(1553614943.780:491): apparmor="ALLOWED" operation="open" profile="/usr/bin/nova-compute//null-/sbin/iscsiadm" name="/etc/ld.so.cache" pid=606129 comm="iscsiadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[2904353.786659] audit: type=1400 audit(1553614943.780:492): apparmor="ALLOWED" operation="open" profile="/usr/bin/nova-compute//null-/sbin/iscsiadm" name="/lib/x86_64-linux-gnu/libc-2.23.so" pid=606129 comm="iscsiadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[2904353.787304] audit: type=1400 audit(1553614943.780:493): apparmor="ALLOWED" operation="file_mprotect" profile="/usr/bin/nova-compute//null-/sbin/iscsiadm" name="/sbin/iscsiadm" pid=606129 comm="iscsiadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[2904353.787347] audit: type=1400 audit(1553614943.780:494): apparmor="ALLOWED" operation="file_mprotect" profile="/usr/bin/nova-compute//null-/sbin/iscsiadm" name="/lib/x86_64-linux-gnu/ld-2.23.so" pid=606129 comm="iscsiadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[2904353.788002] audit: type=1400 audit(1553614943.780:495): apparmor="ALLOWED" operation="open" profile="/usr/bin/nova-compute//null-/sbin/iscsiadm" name="/etc/iscsi/nodes/" pid=606129 comm="iscsiadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[2904353.788067] audit: type=1400 audit(1553614943.780:496): apparmor="ALLOWED" operation="capable" profile="/usr/bin/nova-compute//null-/sbin/iscsiadm" pid=606129 comm="iscsiadm" capability=1  capname="dac_override"
[2904353.788091] audit: type=1400 audit(1553614943.780:497): apparmor="ALLOWED" operation="open" profile="/usr/bin/nova-compute//null-/sbin/iscsiadm" name="/etc/iscsi/nodes/iqn.2010-06.com.purestorage:flasharray.401a4a5a9b723cc8/" pid=606129 comm="iscsiadm" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
[2904353.788234] audit: type=1400 audit(1553614943.780:498): apparmor="ALLOWED" operation="open" profile="/usr/bin/nova-compute//null-/sbin/iscsiadm" name="/run/lock/iscsi/lock" pid=606129 comm="iscsiadm" requested_mask="wrc" denied_mask="wrc" fsuid=0 ouid=0