When attaching multiattach volumes apparmor nova-compute profile blocks some operations
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Nova Compute Charm |
Fix Committed
|
Undecided
|
Felipe Reyes | ||
2023.1 |
Fix Released
|
Undecided
|
Unassigned | ||
2023.2 |
Fix Released
|
Undecided
|
Unassigned | ||
Yoga |
Fix Committed
|
Undecided
|
Unassigned | ||
Zed |
Fix Released
|
Undecided
|
Unassigned | ||
nova-compute (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
This is happening in jammy nova-compute version 3:25.2.0-0ubuntu1
When attaching multiattach volumes the following warnings are logged:
2023-10-12 09:45:25.723 3906368 WARNING os_brick.
Command: blkid /dev/mapper/
Exit code: -
Stdout: None
Stderr: None: oslo_concurrenc
2023-10-12 09:45:25.800 3906368 WARNING os_brick.
2023-10-12 09:45:25.806 958579 WARNING os_brick.
and in syslog I can see:
Oct 12 09:13:59 machine1 kernel: [18324599.319817] audit: type=1400 audit(169710203
Oct 12 09:13:59 machine1 kernel: [18324599.319844] audit: type=1400 audit(169710203
Oct 12 09:13:59 machine1 kernel: [18324599.346662] audit: type=1400 audit(169710203
Oct 12 09:13:59 machine1 kernel: [18324599.346745] audit: type=1400 audit(169710203
Oct 12 09:13:59 machine1 kernel: [18324599.364823] audit: type=1400 audit(169710203
Oct 12 09:13:59 machine1 kernel: [18324599.369262] audit: type=1400 audit(169710203
Oct 12 09:13:59 machine1 kernel: [18324599.369299] audit: type=1400 audit(169710203
Warnings are gone if I set the apparmor profile to complain with:
aa-complain /etc/apparmor.
description: | updated |
description: | updated |
Changed in charm-nova-compute: | |
status: | Incomplete → New |
Changed in charm-nova-compute: | |
assignee: | nobody → Felipe Reyes (freyes) |
Fwiw, when the last time I looked into, access denial for blkid and nvme wasn't in the critical path although it was a valid issue for NVMEoF use case. /bugs.launchpad .net/charm- nova-compute/ +bug/1979812
https:/