[2.0beta1] maas-dhcpd should not attempt reload the apparmor profile when installing in a container

Bug #1569568 reported by Blake Rouse on 2016-04-12
14
This bug affects 3 people
Affects Status Importance Assigned to Milestone
MAAS
Critical
Blake Rouse

Bug Description

apparmor_parser: Unable to replace "/usr/sbin/dhcpd". Permission denied; attempted to load a profile while confined?
dpkg: error processing package maas-dhcp (--purge):

Related branches

Changed in maas:
status: In Progress → Fix Committed
Changed in maas:
status: Fix Committed → Fix Released
Andrew McDermott (frobware) wrote :
Download full text (3.9 KiB)

I still see this issue.

I deployed a new/clean ubuntu 16.04 image on a NUC today.

I used the following profile for the container:

ubuntu@nuc03:~$ lxc profile show maas20
name: maas20
config:
  raw.lxc: |-
    lxc.cgroup.devices.allow = c 10:237 rwm
    lxc.aa_profile = unconfined
    lxc.cgroup.devices.allow = b 7:* rwm
  security.privileged: "true"
description: MAAS 20
devices:
  eth0:
    name: eth0
    nictype: bridged
    parent: br-eth0
    type: nic
  loop0:
    path: /dev/loop0
    type: unix-block
  loop1:
    path: /dev/loop1
    type: unix-block
  loop2:
    path: /dev/loop2
    type: unix-block
  loop3:
    path: /dev/loop3
    type: unix-block
  loop4:
    path: /dev/loop4
    type: unix-block
  loop5:
    path: /dev/loop5
    type: unix-block
  loop6:
    path: /dev/loop6
    type: unix-block
  loop7:
    path: /dev/loop7
    type: unix-block

Installing maas-dhcp in the container I see:

ubuntu@maas20:~$ sudo apt install maas-dhcp
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
  isc-dhcp-server libirs-export141 libisccfg-export140
Suggested packages:
  isc-dhcp-server-ldap policycoreutils
The following NEW packages will be installed:
  isc-dhcp-server libirs-export141 libisccfg-export140 maas-dhcp
0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.
Need to get 501 kB of archives.
After this operation, 1,645 kB of additional disk space will be used.
Do you want to continue? [Y/n]
Get:1 http://ppa.launchpad.net/maas/stable/ubuntu xenial/main amd64 maas-dhcp all 2.0.0+bzr5189-0ubuntu1~16.04.1 [33.1 kB]
Get:2 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libisccfg-export140 amd64 1:9.10.3.dfsg.P4-8ubuntu1 [38.6 kB]
Get:3 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libirs-export141 amd64 1:9.10.3.dfsg.P4-8ubuntu1 [17.5 kB]
Get:4 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 isc-dhcp-server amd64 4.3.3-5ubuntu12.1 [412 kB]
Fetched 501 kB in 0s (2,541 kB/s)
Preconfiguring packages ...
Selecting previously unselected package libisccfg-export140.
(Reading database ... 25436 files and directories currently installed.)
Preparing to unpack .../libisccfg-export140_1%3a9.10.3.dfsg.P4-8ubuntu1_amd64.deb ...
Unpacking libisccfg-export140 (1:9.10.3.dfsg.P4-8ubuntu1) ...
Selecting previously unselected package libirs-export141.
Preparing to unpack .../libirs-export141_1%3a9.10.3.dfsg.P4-8ubuntu1_amd64.deb ...
Unpacking libirs-export141 (1:9.10.3.dfsg.P4-8ubuntu1) ...
Selecting previously unselected package isc-dhcp-server.
Preparing to unpack .../isc-dhcp-server_4.3.3-5ubuntu12.1_amd64.deb ...
Unpacking isc-dhcp-server (4.3.3-5ubuntu12.1) ...
Selecting previously unselected package maas-dhcp.
Preparing to unpack .../maas-dhcp_2.0.0+bzr5189-0ubuntu1~16.04.1_all.deb ...
Unpacking maas-dhcp (2.0.0+bzr5189-0ubuntu1~16.04.1) ...
Processing triggers for libc-bin (2.23-0ubuntu3) ...
Processing triggers for systemd (229-4ubuntu7) ...
Processing triggers for ureadahead (0.100.0-19) ...
Processing triggers for man-db (2.7.5-1) ...
Setting up libisccfg-export140 (1:9.10.3.dfsg.P4-8ubuntu1) .....

Read more...

Koaps (koaps) wrote :

I'm seeing this too:

During install I see:

apparmor_parser: Unable to replace "/usr/sbin/named". Permission denied; attempted to load a profile while confined?

apparmor_parser: Unable to replace "/usr/sbin/dhcpd". Permission denied; attempted to load a profile while confined?

apparmor_parser: Unable to replace "/usr/sbin/libvirtd". Permission denied; attempted to load a profile while confined?

apparmor_parser: Unable to replace "/usr/lib/libvirt/virt-aa-helper". Permission denied; attempted to load a profile while confined?

$ maas maas version read
Success.
Machine-readable output follows:
{"capabilities": ["networks-management", "static-ipaddresses", "ipv6-deployment-ubuntu", "devices-management", "storage-deployment-ubuntu", "network-deployment-ubuntu"], "subversion": "16.04.1", "version": "2.0.0+bzr5189-0ubuntu1"}

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers