MAAS

Bug #2009876
Comment #0

Comment 0 for bug 2009876

Revision history for this message

Adam Vest (foxmulder2004) wrote on 2023-03-09:

Hello,

I'm just opening this bug to report an Apparmor denial that a MAAS rackd server is triggering:
---
Mar 09 17:12:24 dell-t410 audit[3206]: AVC apparmor="DENIED" operation="open" profile="snap.maas.supervisor" name="/etc/ssh/ssh_config" pid=3206 comm="ssh" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Mar 09 17:12:24 dell-t410 kernel: audit: type=1400 audit(1678381944.845:60): apparmor="DENIED" operation="open" profile="snap.maas.supervisor" name="/etc/ssh/ssh_config" pid=3206 comm="ssh" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
---

This happens (at least) when:
1. A new KVM SSH virsh host is added
2. An existing KVM SSH virsh host is refreshed
3. Composing a new machine on a KVM SSH virsh host

As far as I can tell, this doesn't appear to be negatively impacting MAAS functionality. Recommend evaluating if MAAS should have read access to that file (probably should?), and if so, correcting the Apparmor profile accordingly, or if not, adjusting MAAS to stop trying to access it?

Thanks for your time!

Running:
root # snap list maas
Name Version Rev Tracking Publisher Notes
maas 3.3.0-13159-g.1c22f7beb 25850 3.3/stable canonical✓ -