[Bug 1906727] Re: focal iscsiadm and blockdev location is wrongly mention in apparmor profi; le

James Page 1906727 at bugs.launchpad.net
Tue Jun 8 12:30:44 UTC 2021 

The blockdev and iscsiadm binaries should be accessible under / and /usr
locations already:

  /{usr/,}sbin/blockdev rix,
  /{usr/,}sbin/iscsiadm rix,

the apparmor patterns should allow that.

/etc/multipath.conf is not included.


** No longer affects: nova (Ubuntu)

** Changed in: charm-nova-compute
       Status: Invalid => Triaged

** Changed in: charm-nova-compute
   Importance: Undecided => High

** Changed in: charm-nova-compute
     Assignee: (unassigned) => James Page (james-page)

** Changed in: charm-nova-compute
       Status: Triaged => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/1906727

Title:
  focal iscsiadm and blockdev location is wrongly mention in apparmor
  profi;le

Status in OpenStack nova-compute charm:
  In Progress

Bug description:
  While going the netap integration find out that following locations of
  binary are wrong for focal.

  /usr/sbin/blockdev
  /usr/sbin/iscsiadm
  /etc/multipath.conf

  after adding the following entries attach the iscsi volume and detach iscsi volume works fine.
    /usr/sbin/iscsiadm rix,
    /usr/sbin/blockdev rix,
    /etc/multipath.conf r,

  Otherwise if apparnor profile is enabled the get the following DENIED
  messages in DMESG

  Dec  3 21:03:15 node05 kernel: [21390.228906] audit: type=1400
  audit(1607029395.480:462): apparmor="DENIED" operation="exec"
  profile="/usr/bin/nova-compute" name="/usr/sbin/iscsiadm" pid=1432437
  comm="privsep-helper" requested_mask="x" denied_mask="x" fsuid=0
  ouid=0

  [22157.818194] audit: type=1400 audit(1607030163.076:490):
  apparmor="DENIED" operation="exec" profile="/usr/bin/nova-compute"
  name="/usr/sbin/blockdev" pid=1463984 comm="privsep-helper"
  requested_mask="x" denied_mask="x" fsuid=0 ouid=0

To manage notifications about this bug go to:
https://bugs.launchpad.net/charm-nova-compute/+bug/1906727/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list