apparmor should be disabled by default on Ubuntu #10015
Assignees
Comments
DaanDeMeyer
changed the title
|
@DaanDeMeyer - Thank you for bringing this issue to us, we are investigating on this issue and we will update you on this issue after our findings. |
|
any update? |
kit-ty-kate
added a commit
to kit-ty-kate/opam
that referenced
this issue
Dec 17, 2024
kit-ty-kate
added a commit
to kit-ty-kate/opam
that referenced
this issue
Dec 17, 2024
3 tasks
5 tasks
|
Here's the two projects (or pull requests) where I needed to tame AppArmor to unbreak CI for Ubuntu >=24.04 so far: |
|
FWIW, AppArmor also bit me. |
praveenkumar
added a commit
to praveenkumar/minp
that referenced
this issue
Jan 30, 2025
- actions/runner-images#10015 ``` [1/2] STEP 15/16: RUN echo '{"auths":{"fake":{"auth":"aWQ6cGFzcwo="}}}' > /tmp/.pull-secret && /src/scripts/devenv-builder/configure-vm.sh --no-build --no-set-release-version --skip-dnf-update /tmp/.pull-secret && /src/okd/src/use_okd_assets.sh --replace ${OKD_REPO} ${OKD_VERSION_TAG} sudo: PAM account management error: Authentication service cannot retrieve authentication info ```
praveenkumar
added a commit
to praveenkumar/minp
that referenced
this issue
Jan 30, 2025
- actions/runner-images#10015 ``` [1/2] STEP 15/16: RUN echo '{"auths":{"fake":{"auth":"aWQ6cGFzcwo="}}}' > /tmp/.pull-secret && /src/scripts/devenv-builder/configure-vm.sh --no-build --no-set-release-version --skip-dnf-update /tmp/.pull-secret && /src/okd/src/use_okd_assets.sh --replace ${OKD_REPO} ${OKD_VERSION_TAG} sudo: PAM account management error: Authentication service cannot retrieve authentication info ```
praveenkumar
added a commit
to praveenkumar/minp
that referenced
this issue
Jan 30, 2025
- actions/runner-images#10015 ``` [1/2] STEP 15/16: RUN echo '{"auths":{"fake":{"auth":"aWQ6cGFzcwo="}}}' > /tmp/.pull-secret && /src/scripts/devenv-builder/configure-vm.sh --no-build --no-set-release-version --skip-dnf-update /tmp/.pull-secret && /src/okd/src/use_okd_assets.sh --replace ${OKD_REPO} ${OKD_VERSION_TAG} sudo: PAM account management error: Authentication service cannot retrieve authentication info ```
5 tasks
PastaPastaPasta
added a commit
to dashpay/dash
that referenced
this issue
Feb 7, 2025
…uix action df34f0e ci: Disable apparmor user namespace restrictions in GH Guix action (UdjinM6) Pull request description: ## Issue being fixed or feature implemented actions/runner-images#10015 ## What was done? actions/runner-images#10443 (comment) ## How Has This Been Tested? develop: https://github.com/UdjinM6/dash/actions/runs/13187780750 this PR: https://github.com/UdjinM6/dash/actions/runs/13187795136 ## Breaking Changes n/a ## Checklist: - [ ] I have performed a self-review of my own code - [ ] I have commented my code, particularly in hard-to-understand areas - [ ] I have added or updated relevant unit/integration/functional/e2e tests - [ ] I have made corresponding changes to the documentation - [ ] I have assigned this pull request to a milestone _(for repository code-owners and collaborators only)_ ACKs for top commit: PastaPastaPasta: utACK df34f0e Tree-SHA512: 9353e5c74e46e829f36db168f425bd1f26e3bd6ca630fe915f5cbe66565517a2794c5c87dfd996d56ec2aad28da4ad0fca9aa088188d53f20e73a2387ed22643
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
apparmor.service being enabled by default in the images causes various issues (e.g. https://gitlab.com/apparmor/apparmor/-/issues/402). Given these are ephemeral build VMs where users have full root access already and can trivially disable apparmor anyway, there's no real point in having apparmor enabled. It only serves to cause hard to debug issues. To avoid others running into these issues, I propose to disable apparmor in the runner images.
Platforms affected
Runner images affected
Image version and build link
latest
Is it regression?
no
Expected behavior
apparmor is disabled by default
Actual behavior
apparmor is enabled by default
Repro steps
The text was updated successfully, but these errors were encountered: