New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
apparmor: Install a default apparmor profile #232
Conversation
Signed-off-by: Naadir Jeewa <jeewan@vmware.com>
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: randomvariable The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/hold |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
@randomvariable: PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@randomvariable: What more needs to be done here? Do we need this support across OSs or just photon OS?
Is this appArmor problem or waiting for ip timeout issue? |
I didn't actually test it, I think at the time I wrote this, I didn't know how to get image builder to work. Thanks for reminding me. |
/remove lifecycle |
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
/remove-lifecycle rotten |
template: | ||
dest: /etc/apparmor.d/container-default | ||
src: etc/apparmor.d/container-default | ||
when: ansible_os_family == "Debian" || ansible_os_family == "VMware Photon OS" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would it make sense to try and detect this?
I think there are potentially a few different approaches we could take here:
- simply check if
/etc/apparmor.d/
exists - check
/sys/kernel/security/lsm
to see if apparmor is present - check if
/sys/module/apparmor/parameters/enabled
exists
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This conditional also seems redundant with the same conditional existing on the import_tasks
in iamges/capi/ansible/roles/containerd/tasks/main.yml
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-contributor-experience at kubernetes/community. |
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-contributor-experience at kubernetes/community. |
@randomvariable: The following tests failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
Rotten issues close after 30d of inactivity. Send feedback to sig-contributor-experience at kubernetes/community. |
@fejta-bot: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Part of #231
Should install a profile you can use in Kubernetes, as well as ensuring the right binaries exist on PhotonOS.
Been unable to get Packer to run on vSphere though.
Signed-off-by: Naadir Jeewa jeewan@vmware.com