Maybe but we would more information to say for sure.
There have been no changes in apparmor between the reported working 20180109 and 20180126.
The warning
> "Warning failed to create cache: usr.sbin.sssd" before the instance
just means that apparmor was not able to cache the binary policy that it loaded. This is not unusual if policy configuration hasn't been updated some image configurations. Eg. if /etc/ is ro and the apparmor cache is at its default location of /etc/apparmor.d/cache. This warning would come during packaging install or boot, before sshd is run.
We can easily test whether apparmor policy load is causing the issue by manually calling the apparmor_parser on policy separate from invoking the application/services associated with the fault.
sudo apparmor_parser -rK /etc/apparmor.d/
we can also decouple apparmor policy enforcement from the application/serives by disabling the profile on the instance
sudo aa-disable /etc/apparmor.d/usr.sbin.sssd
or all profiles
sudo systemctl disable apparmor.service
and we can disable apparmor from being used on the kernel at boot by adding the kernel parameter
apparmor=0
Maybe but we would more information to say for sure.
There have been no changes in apparmor between the reported working 20180109 and 20180126.
The warning
> "Warning failed to create cache: usr.sbin.sssd" before the instance
just means that apparmor was not able to cache the binary policy that it loaded. This is not unusual if policy configuration hasn't been updated some image configurations. Eg. if /etc/ is ro and the apparmor cache is at its default location of /etc/apparmor. d/cache. This warning would come during packaging install or boot, before sshd is run.
We can easily test whether apparmor policy load is causing the issue by manually calling the apparmor_parser on policy separate from invoking the application/ services associated with the fault.
sudo apparmor_parser -rK /etc/apparmor.d/
we can also decouple apparmor policy enforcement from the application/serives by disabling the profile on the instance d/usr.sbin. sssd
sudo aa-disable /etc/apparmor.
or all profiles
sudo systemctl disable apparmor.service
and we can disable apparmor from being used on the kernel at boot by adding the kernel parameter
apparmor=0