[Bug 1906727] Re: focal iscsiadm and blockdev location is wrongly mention in apparmor profi; le

James Page 1906727 at bugs.launchpad.net
Fri Dec 4 07:10:39 UTC 2020


** Also affects: nova (Ubuntu)
   Importance: Undecided
       Status: New

** Changed in: charm-nova-compute
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/1906727

Title:
  focal iscsiadm and blockdev location is wrongly mention in apparmor
  profi;le

Status in OpenStack nova-compute charm:
  Invalid
Status in nova package in Ubuntu:
  New

Bug description:
  While going the netap integration find out that following locations of
  binary are wrong for focal.

  /usr/sbin/blockdev
  /usr/sbin/iscsiadm
  /etc/multipath.conf

  after adding the following entries attach the iscsi volume and detach iscsi volume works fine.
    /usr/sbin/iscsiadm rix,
    /usr/sbin/blockdev rix,
    /etc/multipath.conf r,

  Otherwise if apparnor profile is enabled the get the following DENIED
  messages in DMESG

  Dec  3 21:03:15 node05 kernel: [21390.228906] audit: type=1400
  audit(1607029395.480:462): apparmor="DENIED" operation="exec"
  profile="/usr/bin/nova-compute" name="/usr/sbin/iscsiadm" pid=1432437
  comm="privsep-helper" requested_mask="x" denied_mask="x" fsuid=0
  ouid=0

  [22157.818194] audit: type=1400 audit(1607030163.076:490):
  apparmor="DENIED" operation="exec" profile="/usr/bin/nova-compute"
  name="/usr/sbin/blockdev" pid=1463984 comm="privsep-helper"
  requested_mask="x" denied_mask="x" fsuid=0 ouid=0

To manage notifications about this bug go to:
https://bugs.launchpad.net/charm-nova-compute/+bug/1906727/+subscriptions



More information about the Ubuntu-openstack-bugs mailing list