-
Notifications
You must be signed in to change notification settings - Fork 6.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix #6118: Use OS packaging default for apparmor_profile in crio.conf #6125
Fix #6118: Use OS packaging default for apparmor_profile in crio.conf #6125
Conversation
Welcome @jeanfabrice! |
Hi @jeanfabrice. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@jeanfabrice Thank you for the PR and contribution! /ok-to-test |
/approve Does this mean we will be able to re-introduce some of the crio CI jobs? |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jeanfabrice, Miouge1 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/lgtm one of the CI job didn't report its completion status to GitHub but it passed. I'll try to restart the job. It's not a CRI-O job anyway... |
* Enable crio 1.18 (#6197) * fix CRI-O repos for centos distributions (#6224) * fix CRI-O repos for centos distributions * fix CRI-O repos for centos distributions - revert workarounds * fix CRI-O repos for centos distributions - use https for centos repos * avoid 302 redirects for centos repos * Use OS packaging default value for apparmor_profile in crio.conf (#6125) Co-authored-by: jeanfabrice <github@bobo-rousselin.com>
What type of PR is this?
/kind bug
What this PR does / why we need it:
While vanilla cri-o makes cri-o is using a
cri-default
apparmor profile (see https://github.com/cri-o/cri-o/blob/master/docs/crio.conf.5.md), Opensuze Kubic OS packages (the ones used by Kubespray to install cri-o, at least for CentOS, Debian and Ubuntu) install and use a default apparmor profile named 'cri-default-'.Having the
crio.conf
file statically configured withapparmor_profile="cri-default"
makes cri-o crashes at start since this profile is not installed.Best option is to not define
apparmor_profile
incrio.conf
and lets cri-o defaults to'cri-default-<crio-version>'
Which issue(s) this PR fixes:
Fixes #6118
Special notes for your reviewer:`
No clue on how cri-o default apparmor profile is handled on others distributions
Does this PR introduce a user-facing change?: