MAAS rack server triggers Apparmor denial on virsh KVM SSH host interactions
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
MAAS | Status tracked in 3.6 | |||||
3.4 |
Won't Fix
|
Low
|
Unassigned | |||
3.5 |
Won't Fix
|
Low
|
Unassigned | |||
3.6 |
Triaged
|
Low
|
Unassigned |
Bug Description
Hello,
I'm just opening this bug to report an Apparmor denial that a MAAS rackd server is triggering:
---
Mar 09 17:12:24 host audit[3206]: AVC apparmor="DENIED" operation="open" profile=
Mar 09 17:12:24 host kernel: audit: type=1400 audit(167838194
---
This happens (at least) when:
1. A new KVM SSH virsh host is added
2. An existing KVM SSH virsh host is refreshed
3. Composing a new machine on a KVM SSH virsh host
As far as I can tell, this doesn't appear to be negatively impacting MAAS functionality. Recommend evaluating if MAAS should have read access to that file (probably should?), and if so, correcting the Apparmor profile accordingly, or if not, adjusting MAAS to stop trying to access it?
Thanks for your time!
Running:
root # snap list maas
Name Version Rev Tracking Publisher Notes
maas 3.3.0-13159-
description: | updated |
Changed in maas: | |
status: | New → Triaged |
importance: | Undecided → Low |
Changed in maas: | |
milestone: | none → 3.4.0 |
Changed in maas: | |
milestone: | 3.4.0 → 3.4.x |
Changed in maas: | |
milestone: | 3.4.x → 3.5.x |