MAAS

Merge ~alexsander-souza/maas:lp2016908_enable_apparmor into maas:master

  1. Git
  2. lp:~alexsander-souza/maas
  3. lp2016908_enable_apparmor
  4. Merge into master
Proposed by Alexsander de Souza
Status: Merged
Approved by: Alexsander de Souza
Approved revision: 627ac5bbe9d9f9a918a9dec223baa6f7c7c2ba6b
Merge reported by: MAAS Lander
Merged at revision: not available
Proposed branch: ~alexsander-souza/maas:lp2016908_enable_apparmor
Merge into: maas:master
Diff against target: 103 lines (+47/-7)
2 files modified
src/provisioningserver/kernel_opts.py (+15/-3)
src/provisioningserver/tests/test_kernel_opts.py (+32/-4)
Reviewer Review Type Date Requested Status
MAAS Lander Approve
Adam Collard (community) Approve
Dimitri John Ledkov (community) lgtm Approve
Review via email: mp+443301@code.launchpad.net

Commit message

enable apparmor for Jammy and newer releases

the kernel bug that motivated MAAS to disable apparmor was fixed a while ago,
so we don't need to do this for newer releases

fixes LP#2016908

To post a comment you must log in.
~alexsander-souza/maas:lp2016908_enable_apparmor updated
c26c0a1... by Alexsander de Souza

remove leftover debug

Revision history for this message
MAAS Lander (maas-lander) wrote :

UNIT TESTS
-b lp2016908_enable_apparmor lp:~alexsander-souza/maas/+git/maas into -b master lp:~maas-committers/maas

STATUS: SUCCESS
COMMIT: 8f0170a882b213470a311d7a6d106160b07526ed

review: Approve
Revision history for this message
MAAS Lander (maas-lander) wrote :

UNIT TESTS
-b lp2016908_enable_apparmor lp:~alexsander-souza/maas/+git/maas into -b master lp:~maas-committers/maas

STATUS: SUCCESS
COMMIT: c26c0a18ff8d4970aa977acca32a5b2178f8720d

review: Approve
Revision history for this message
Dimitri John Ledkov (xnox) :
review: Approve (lgtm)
Revision history for this message
Adam Collard (adam-collard) :
~alexsander-souza/maas:lp2016908_enable_apparmor updated
627ac5b... by Alexsander de Souza

more robust checking

Revision history for this message
Alexsander de Souza (alexsander-souza) :
Revision history for this message
Adam Collard (adam-collard) :
review: Approve
Revision history for this message
MAAS Lander (maas-lander) wrote :

UNIT TESTS
-b lp2016908_enable_apparmor lp:~alexsander-souza/maas/+git/maas into -b master lp:~maas-committers/maas

STATUS: SUCCESS
COMMIT: 627ac5bbe9d9f9a918a9dec223baa6f7c7c2ba6b

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/src/provisioningserver/kernel_opts.py b/src/provisioningserver/kernel_opts.py
2index 7ecbcf7..b0da4a0 100644
3--- a/src/provisioningserver/kernel_opts.py
4+++ b/src/provisioningserver/kernel_opts.py
5@@ -8,6 +8,7 @@ from collections import namedtuple
6 import os
7
8 import curtin
9+from distro_info import UbuntuDistroInfo
10 from netaddr import IPAddress
11
12 from provisioningserver.drivers import ArchitectureRegistry
13@@ -111,13 +112,23 @@ def compose_purpose_opts(params):
14 "cc:{'datasource_list': ['MAAS']}end_cc",
15 # Read by cloud-init.
16 "cloud-config-url=%s" % params.preseed_url,
17- # Disable apparmor in the ephemeral environment. This addresses
18- # MAAS bug LP: #1677336 due to LP: #1408106
19- "apparmor=0",
20 ]
21 return kernel_params
22
23
24+def compose_apparmor_opts(params):
25+ if params.osystem == "ubuntu":
26+ di = UbuntuDistroInfo()
27+ codenames = di.get_all()
28+ if params.release in codenames and (
29+ codenames.index(params.release) < codenames.index("jammy")
30+ ):
31+ # Disable apparmor in the ephemeral environment. This addresses
32+ # MAAS bug LP: #1677336 due to LP: #1408106
33+ return ["apparmor=0"]
34+ return []
35+
36+
37 def compose_arch_opts(params):
38 """Return any architecture-specific options required"""
39 arch_subarch = f"{params.arch}/{params.subarch}"
40@@ -145,6 +156,7 @@ def compose_kernel_command_line(params):
41 # nomodeset prevents video mode switching.
42 options += ["nomodeset"]
43 options += compose_purpose_opts(params)
44+ options += compose_apparmor_opts(params)
45 # Note: logging opts are not respected by ephemeral images, so
46 # these are actually "purpose_opts" but were left generic
47 # as it would be nice to have.
48diff --git a/src/provisioningserver/tests/test_kernel_opts.py b/src/provisioningserver/tests/test_kernel_opts.py
49index 1892a4f..396aa4e 100644
50--- a/src/provisioningserver/tests/test_kernel_opts.py
51+++ b/src/provisioningserver/tests/test_kernel_opts.py
52@@ -310,19 +310,47 @@ class TestKernelOpts(MAASTestCase):
53 # The result of compose_kernel_command_line includes the
54 # options for apparmor. See LP: #1677336 and LP: #1408106
55 params = self.make_kernel_parameters(
56- purpose="enlist", fs_host=factory.make_ipv4_address()
57+ osystem="ubuntu",
58+ release="focal",
59+ purpose="enlist",
60+ fs_host=factory.make_ipv4_address(),
61 )
62 cmdline = compose_kernel_command_line(params)
63- self.assertThat(cmdline, ContainsAll(["apparmor=0"]))
64+ self.assertIn("apparmor=0", cmdline)
65
66 def test_commissioning_compose_kernel_command_line_apparmor_disabled(self):
67 # The result of compose_kernel_command_line includes the
68 # options for apparmor. See LP: #1677336 and LP: #1408106
69 params = self.make_kernel_parameters(
70- purpose="commissioning", fs_host=factory.make_ipv4_address()
71+ osystem="ubuntu",
72+ release="focal",
73+ purpose="commissioning",
74+ fs_host=factory.make_ipv4_address(),
75+ )
76+ cmdline = compose_kernel_command_line(params)
77+ self.assertIn("apparmor=0", cmdline)
78+
79+ def test_enlist_compose_kernel_command_line_apparmor_default(self):
80+ # For Jammy onwards, we should use the kernel default for apparmor
81+ params = self.make_kernel_parameters(
82+ osystem="ubuntu",
83+ release="jammy",
84+ purpose="enlist",
85+ fs_host=factory.make_ipv4_address(),
86+ )
87+ cmdline = compose_kernel_command_line(params)
88+ self.assertNotIn("apparmor=0", cmdline)
89+
90+ def test_commissioning_compose_kernel_command_line_apparmor_default(self):
91+ # For Jammy onwards, we should use the kernel default for apparmor
92+ params = self.make_kernel_parameters(
93+ osystem="ubuntu",
94+ release="jammy",
95+ purpose="commissioning",
96+ fs_host=factory.make_ipv4_address(),
97 )
98 cmdline = compose_kernel_command_line(params)
99- self.assertThat(cmdline, ContainsAll(["apparmor=0"]))
100+ self.assertNotIn("apparmor=0", cmdline)
101
102 def test_commissioning_compose_kernel_command_line_inc_extra_opts(self):
103 mock_get_curtin_sep = self.patch(

Subscribers

People subscribed via source and target branches