Project

General

Profile

Actions
Copy link

action #161996

open

Add apparmor smoke test after maintenance updates are installed

Added by rbranco 21 days ago. Updated 20 days ago.

Status:
New
Priority:
Normal
Assignee:
-
Target version:
-
Start date:
2024-06-09
Due date:
% Done:

0%

Estimated time:

Description

The apparmor profile included in pasta|passt uncovered an issue that disabled Apparmor for all:
https://bugzilla.opensuse.org/show_bug.cgi?id=1226031

A simple smoke test could have helped here.

https://suse.slack.com/archives/C02DR0C5XUY/p1717932745148109

Actions
Copy link
 #1

Updated by ph03nix 21 days ago

rbranco wrote:

The apparmor profile included in pasta|passt uncovered an issue that disabled Apparmor for all:
https://bugzilla.opensuse.org/show_bug.cgi?id=1226031

A simple smoke test could have helped here.

https://suse.slack.com/archives/C02DR0C5XUY/p1717932745148109

We're running more than a smoke test for podman on Tumbleweed, which includes also the pasta|passt network stack. What are we missing?

Actions
Copy link
 #2

Updated by rbranco 20 days ago ยท Edited

ph03nix wrote in #note-1:

rbranco wrote:

The apparmor profile included in pasta|passt uncovered an issue that disabled Apparmor for all:
https://bugzilla.opensuse.org/show_bug.cgi?id=1226031

A simple smoke test could have helped here.

https://suse.slack.com/archives/C02DR0C5XUY/p1717932745148109

We're running more than a smoke test for podman on Tumbleweed, which includes also the pasta|passt network stack. What are we missing?

We need a smoke test for Apparmor after all the maintenance updates are applied.

This command failed on my recent Tumbleweed installation because of the "problematic" passt Apparmor profile:
aa-complain /usr/sbin/dnsmasq

ERROR: Can't parse mount rule mount "" -> "/",

I think we could've catched this earlier with a smoke test for Apparmor running aa-complain...

Actions
Copy link

Also available in: Atom PDF