[2.0beta1] maas-dhcpd should not attempt reload the apparmor profile when installing in a container

Bug #1569568 reported by Blake Rouse
14
This bug affects 3 people
Affects Status Importance Assigned to Milestone
MAAS
Fix Released
Critical
Blake Rouse

Bug Description

apparmor_parser: Unable to replace "/usr/sbin/dhcpd". Permission denied; attempted to load a profile while confined?
dpkg: error processing package maas-dhcp (--purge):

Tags: packaging

Related branches

Changed in maas:
status: In Progress → Fix Committed
Changed in maas:
status: Fix Committed → Fix Released
Revision history for this message
Andrew McDermott (frobware) wrote :
Download full text (3.9 KiB)

I still see this issue.

I deployed a new/clean ubuntu 16.04 image on a NUC today.

I used the following profile for the container:

ubuntu@nuc03:~$ lxc profile show maas20
name: maas20
config:
  raw.lxc: |-
    lxc.cgroup.devices.allow = c 10:237 rwm
    lxc.aa_profile = unconfined
    lxc.cgroup.devices.allow = b 7:* rwm
  security.privileged: "true"
description: MAAS 20
devices:
  eth0:
    name: eth0
    nictype: bridged
    parent: br-eth0
    type: nic
  loop0:
    path: /dev/loop0
    type: unix-block
  loop1:
    path: /dev/loop1
    type: unix-block
  loop2:
    path: /dev/loop2
    type: unix-block
  loop3:
    path: /dev/loop3
    type: unix-block
  loop4:
    path: /dev/loop4
    type: unix-block
  loop5:
    path: /dev/loop5
    type: unix-block
  loop6:
    path: /dev/loop6
    type: unix-block
  loop7:
    path: /dev/loop7
    type: unix-block

Installing maas-dhcp in the container I see:

ubuntu@maas20:~$ sudo apt install maas-dhcp
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
  isc-dhcp-server libirs-export141 libisccfg-export140
Suggested packages:
  isc-dhcp-server-ldap policycoreutils
The following NEW packages will be installed:
  isc-dhcp-server libirs-export141 libisccfg-export140 maas-dhcp
0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.
Need to get 501 kB of archives.
After this operation, 1,645 kB of additional disk space will be used.
Do you want to continue? [Y/n]
Get:1 http://ppa.launchpad.net/maas/stable/ubuntu xenial/main amd64 maas-dhcp all 2.0.0+bzr5189-0ubuntu1~16.04.1 [33.1 kB]
Get:2 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libisccfg-export140 amd64 1:9.10.3.dfsg.P4-8ubuntu1 [38.6 kB]
Get:3 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libirs-export141 amd64 1:9.10.3.dfsg.P4-8ubuntu1 [17.5 kB]
Get:4 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 isc-dhcp-server amd64 4.3.3-5ubuntu12.1 [412 kB]
Fetched 501 kB in 0s (2,541 kB/s)
Preconfiguring packages ...
Selecting previously unselected package libisccfg-export140.
(Reading database ... 25436 files and directories currently installed.)
Preparing to unpack .../libisccfg-export140_1%3a9.10.3.dfsg.P4-8ubuntu1_amd64.deb ...
Unpacking libisccfg-export140 (1:9.10.3.dfsg.P4-8ubuntu1) ...
Selecting previously unselected package libirs-export141.
Preparing to unpack .../libirs-export141_1%3a9.10.3.dfsg.P4-8ubuntu1_amd64.deb ...
Unpacking libirs-export141 (1:9.10.3.dfsg.P4-8ubuntu1) ...
Selecting previously unselected package isc-dhcp-server.
Preparing to unpack .../isc-dhcp-server_4.3.3-5ubuntu12.1_amd64.deb ...
Unpacking isc-dhcp-server (4.3.3-5ubuntu12.1) ...
Selecting previously unselected package maas-dhcp.
Preparing to unpack .../maas-dhcp_2.0.0+bzr5189-0ubuntu1~16.04.1_all.deb ...
Unpacking maas-dhcp (2.0.0+bzr5189-0ubuntu1~16.04.1) ...
Processing triggers for libc-bin (2.23-0ubuntu3) ...
Processing triggers for systemd (229-4ubuntu7) ...
Processing triggers for ureadahead (0.100.0-19) ...
Processing triggers for man-db (2.7.5-1) ...
Setting up libisccfg-export140 (1:9.10.3.dfsg.P4-8ubuntu1) .....

Read more...

Revision history for this message
Koaps (koaps) wrote :

I'm seeing this too:

During install I see:

apparmor_parser: Unable to replace "/usr/sbin/named". Permission denied; attempted to load a profile while confined?

apparmor_parser: Unable to replace "/usr/sbin/dhcpd". Permission denied; attempted to load a profile while confined?

apparmor_parser: Unable to replace "/usr/sbin/libvirtd". Permission denied; attempted to load a profile while confined?

apparmor_parser: Unable to replace "/usr/lib/libvirt/virt-aa-helper". Permission denied; attempted to load a profile while confined?

$ maas maas version read
Success.
Machine-readable output follows:
{"capabilities": ["networks-management", "static-ipaddresses", "ipv6-deployment-ubuntu", "devices-management", "storage-deployment-ubuntu", "network-deployment-ubuntu"], "subversion": "16.04.1", "version": "2.0.0+bzr5189-0ubuntu1"}

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.