/travis-ci

Support snapd (AppArmor 2.4 compatibility patch) #7318

Open
johnsca opened this Issue Feb 14, 2017 · 6 comments

Comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
4 participants
@johnsca @BanzaiMan @chuckbutler @elopio
@johnsca

johnsca commented Feb 14, 2017

Attempting to use snaps in Travis results in an AppArmor error, as seen in https://travis-ci.org/juju-solutions/layer-cwr/builds/201647356

- Setup snap "charm" (11) security profiles (cannot setup apparmor for snap "charm": cannot load apparmor profile "snap.charm.charm": cannot load apparmor profile: exit status 1
apparmor_parser output:
Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.)
Warning: unable to find a suitable fs in /proc/mounts, is it mounted?
Use --subdomainfs to override.
@BanzaiMan
Owner

BanzaiMan commented Feb 14, 2017

I'm not familiar with AppArmor, but can't you just use sudo to address whatever problem it is complaining about?

@johnsca johnsca referenced this issue in juju-solutions/layer-cwr Feb 22, 2017

Merged

Containerize build using LXD #92

@chuckbutler

chuckbutler commented Feb 22, 2017
Edited 1 time

@BanzaiMan I don't think that's going to work, we're running in constrained containers. This would need to be allowed through the hosts apparmor restrictions. We don't have access to tune that in jobs from what I'm aware of.

There's some debugging information here:
https://developer.ubuntu.com/en/snappy/guides/security/

-- edit --

But this doesn't focus on the requirements for snapd, so it's not as helpful as I originally thought when I scanned for the info this morning.

And I've also reached out to the snappy folks and xreffed with this bug.

@johnsca johnsca referenced this issue in juju/charm-tools Feb 22, 2017

Closed

charm-tools from the juju/stable ppa is not installable on trusty #303

@BanzaiMan
Owner

BanzaiMan commented Feb 22, 2017

What does this mean?

Warning: unable to find a suitable fs in /proc/mounts, is it mounted?

What sort of file system is "suitable"?
@chuckbutler

chuckbutler commented Feb 22, 2017
Edited 1 time

I think this is related to the kernel version. I don't have the expertise in this to make a proper recommendation yet, but I'm confident we'll confer with the snap devs and get a proper recommendation.
@chuckbutler

chuckbutler commented Apr 4, 2017

As this issue has gone silent for quite some time, as an update. This is certainly related to the version of the kernel shipping with the trusty image that in use in Travis.

The required update is the linux-image-generic-lts-xenial package that ships a 4.4 kernel. Snapd is using the features of the 4.4 kernel for security and isolation. Without it, snaps will not work in trusty, and a xenial alternative would need to be made available.
@elopio

elopio commented Jun 23, 2017
Edited 1 time

Hey everybody! Good news, with the recent update of the trusty machines, I am now able to install snaps! This issue can be closed.

Take a look here: https://travis-ci.org/elopio/ipfs-snap/builds/246040583#L2182

I haven't checked how well the snap runs. I will start trying that now.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment