AppArmor is not enabled on a host after unlock
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Low
|
Jagatguru Prasad Mishra |
Bug Description
Brief Description
-----------------
Apparmor is not getting enabled after unlock on a host. It happens when unlock is issued while the apparmor runtime manifest is not yet applied.
Severity
--------
Minor
Steps to Reproduce
------------------
1. issue system host-lock command
2. System host-update with apparmor=enabled
3. system host-unlock quickly before apparmor runtime manifest is applied
Expected Behavior
------------------
host-unlock shouldn't be allowed unless runtime mainfest is applied.
Actual Behavior
----------------
host-unlock is allowed as runtime manifest is executed asynchronously.
Reproducibility
---------------
<Reproducible/
intermittent
System Configuration
-------
Standard system with 2 controllers and 1 compute node
Branch/Pull Time/Commit
-------
NA
Last Pass
---------
NA
Timestamp/Logs
--------------
'system host-show' shows "appArmor" enabled on all hosts:
[sysadmin@
done
enabled
enabled
enabled
[sysadmin@
do
echo -e "\n\t${i}\n"
sshpass -p $OS_PASSWORD ssh \
-o LogLevel=error \
-o StrictHostKeyCh
${i} \
"/usr/bin/
done
controller-0
No - disabled at boot.
controller-1
Yes
worker-0
Yes
Test Activity
-------------
NA
Workaround
----------
lock-unlock host where apparmor is not enabled
Changed in starlingx: | |
assignee: | nobody → Jagatguru Prasad Mishra (jmishra) |
Changed in starlingx: | |
importance: | Undecided → Low |
tags: | added: stx.9.0 stx.config stx.security |
Fix proposed to branch: master /review. opendev. org/c/starlingx /config/ +/900283
Review: https:/