MAAS

Merge ~alexsander-souza/maas:lp2016908_enable_apparmor into maas:master

  1. Git
  2. lp:~alexsander-souza/maas
  3. lp2016908_enable_apparmor
  4. Merge into master
Proposed by Alexsander de Souza
Status: Merged
Approved by: Alexsander de Souza
Approved revision: 627ac5bbe9d9f9a918a9dec223baa6f7c7c2ba6b
Merge reported by: MAAS Lander
Merged at revision: not available
Proposed branch: ~alexsander-souza/maas:lp2016908_enable_apparmor
Merge into: maas:master
Diff against target: 103 lines (+47/-7)
2 files modified
src/provisioningserver/kernel_opts.py (+15/-3)
src/provisioningserver/tests/test_kernel_opts.py (+32/-4)
Reviewer Review Type Date Requested Status
MAAS Lander Approve
Adam Collard (community) Approve
Dimitri John Ledkov (community) lgtm Approve
Review via email: mp+443301@code.launchpad.net

Commit message

enable apparmor for Jammy and newer releases

the kernel bug that motivated MAAS to disable apparmor was fixed a while ago,
so we don't need to do this for newer releases

fixes LP#2016908

To post a comment you must log in.
~alexsander-souza/maas:lp2016908_enable_apparmor updated
c26c0a1... by Alexsander de Souza

remove leftover debug

Revision history for this message
MAAS Lander (maas-lander) wrote :

UNIT TESTS
-b lp2016908_enable_apparmor lp:~alexsander-souza/maas/+git/maas into -b master lp:~maas-committers/maas

STATUS: SUCCESS
COMMIT: 8f0170a882b213470a311d7a6d106160b07526ed

review: Approve
Revision history for this message
MAAS Lander (maas-lander) wrote :

UNIT TESTS
-b lp2016908_enable_apparmor lp:~alexsander-souza/maas/+git/maas into -b master lp:~maas-committers/maas

STATUS: SUCCESS
COMMIT: c26c0a18ff8d4970aa977acca32a5b2178f8720d

review: Approve
Revision history for this message
Dimitri John Ledkov (xnox) :
review: Approve (lgtm)
Revision history for this message
Adam Collard (adam-collard) :
~alexsander-souza/maas:lp2016908_enable_apparmor updated
627ac5b... by Alexsander de Souza

more robust checking

Revision history for this message
Alexsander de Souza (alexsander-souza) :
Revision history for this message
Adam Collard (adam-collard) :
review: Approve
Revision history for this message
MAAS Lander (maas-lander) wrote :

UNIT TESTS
-b lp2016908_enable_apparmor lp:~alexsander-souza/maas/+git/maas into -b master lp:~maas-committers/maas

STATUS: SUCCESS
COMMIT: 627ac5bbe9d9f9a918a9dec223baa6f7c7c2ba6b

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/src/provisioningserver/kernel_opts.py b/src/provisioningserver/kernel_opts.py
index 7ecbcf7..b0da4a0 100644
--- a/src/provisioningserver/kernel_opts.py
+++ b/src/provisioningserver/kernel_opts.py
@@ -8,6 +8,7 @@ from collections import namedtuple
8import os8import os
99
10import curtin10import curtin
11from distro_info import UbuntuDistroInfo
11from netaddr import IPAddress12from netaddr import IPAddress
1213
13from provisioningserver.drivers import ArchitectureRegistry14from provisioningserver.drivers import ArchitectureRegistry
@@ -111,13 +112,23 @@ def compose_purpose_opts(params):
111 "cc:{'datasource_list': ['MAAS']}end_cc",112 "cc:{'datasource_list': ['MAAS']}end_cc",
112 # Read by cloud-init.113 # Read by cloud-init.
113 "cloud-config-url=%s" % params.preseed_url,114 "cloud-config-url=%s" % params.preseed_url,
114 # Disable apparmor in the ephemeral environment. This addresses
115 # MAAS bug LP: #1677336 due to LP: #1408106
116 "apparmor=0",
117 ]115 ]
118 return kernel_params116 return kernel_params
119117
120118
119def compose_apparmor_opts(params):
120 if params.osystem == "ubuntu":
121 di = UbuntuDistroInfo()
122 codenames = di.get_all()
123 if params.release in codenames and (
124 codenames.index(params.release) < codenames.index("jammy")
125 ):
126 # Disable apparmor in the ephemeral environment. This addresses
127 # MAAS bug LP: #1677336 due to LP: #1408106
128 return ["apparmor=0"]
129 return []
130
131
121def compose_arch_opts(params):132def compose_arch_opts(params):
122 """Return any architecture-specific options required"""133 """Return any architecture-specific options required"""
123 arch_subarch = f"{params.arch}/{params.subarch}"134 arch_subarch = f"{params.arch}/{params.subarch}"
@@ -145,6 +156,7 @@ def compose_kernel_command_line(params):
145 # nomodeset prevents video mode switching.156 # nomodeset prevents video mode switching.
146 options += ["nomodeset"]157 options += ["nomodeset"]
147 options += compose_purpose_opts(params)158 options += compose_purpose_opts(params)
159 options += compose_apparmor_opts(params)
148 # Note: logging opts are not respected by ephemeral images, so160 # Note: logging opts are not respected by ephemeral images, so
149 # these are actually "purpose_opts" but were left generic161 # these are actually "purpose_opts" but were left generic
150 # as it would be nice to have.162 # as it would be nice to have.
diff --git a/src/provisioningserver/tests/test_kernel_opts.py b/src/provisioningserver/tests/test_kernel_opts.py
index 1892a4f..396aa4e 100644
--- a/src/provisioningserver/tests/test_kernel_opts.py
+++ b/src/provisioningserver/tests/test_kernel_opts.py
@@ -310,19 +310,47 @@ class TestKernelOpts(MAASTestCase):
310 # The result of compose_kernel_command_line includes the310 # The result of compose_kernel_command_line includes the
311 # options for apparmor. See LP: #1677336 and LP: #1408106311 # options for apparmor. See LP: #1677336 and LP: #1408106
312 params = self.make_kernel_parameters(312 params = self.make_kernel_parameters(
313 purpose="enlist", fs_host=factory.make_ipv4_address()313 osystem="ubuntu",
314 release="focal",
315 purpose="enlist",
316 fs_host=factory.make_ipv4_address(),
314 )317 )
315 cmdline = compose_kernel_command_line(params)318 cmdline = compose_kernel_command_line(params)
316 self.assertThat(cmdline, ContainsAll(["apparmor=0"]))319 self.assertIn("apparmor=0", cmdline)
317320
318 def test_commissioning_compose_kernel_command_line_apparmor_disabled(self):321 def test_commissioning_compose_kernel_command_line_apparmor_disabled(self):
319 # The result of compose_kernel_command_line includes the322 # The result of compose_kernel_command_line includes the
320 # options for apparmor. See LP: #1677336 and LP: #1408106323 # options for apparmor. See LP: #1677336 and LP: #1408106
321 params = self.make_kernel_parameters(324 params = self.make_kernel_parameters(
322 purpose="commissioning", fs_host=factory.make_ipv4_address()325 osystem="ubuntu",
326 release="focal",
327 purpose="commissioning",
328 fs_host=factory.make_ipv4_address(),
329 )
330 cmdline = compose_kernel_command_line(params)
331 self.assertIn("apparmor=0", cmdline)
332
333 def test_enlist_compose_kernel_command_line_apparmor_default(self):
334 # For Jammy onwards, we should use the kernel default for apparmor
335 params = self.make_kernel_parameters(
336 osystem="ubuntu",
337 release="jammy",
338 purpose="enlist",
339 fs_host=factory.make_ipv4_address(),
340 )
341 cmdline = compose_kernel_command_line(params)
342 self.assertNotIn("apparmor=0", cmdline)
343
344 def test_commissioning_compose_kernel_command_line_apparmor_default(self):
345 # For Jammy onwards, we should use the kernel default for apparmor
346 params = self.make_kernel_parameters(
347 osystem="ubuntu",
348 release="jammy",
349 purpose="commissioning",
350 fs_host=factory.make_ipv4_address(),
323 )351 )
324 cmdline = compose_kernel_command_line(params)352 cmdline = compose_kernel_command_line(params)
325 self.assertThat(cmdline, ContainsAll(["apparmor=0"]))353 self.assertNotIn("apparmor=0", cmdline)
326354
327 def test_commissioning_compose_kernel_command_line_inc_extra_opts(self):355 def test_commissioning_compose_kernel_command_line_inc_extra_opts(self):
328 mock_get_curtin_sep = self.patch(356 mock_get_curtin_sep = self.patch(

Subscribers

People subscribed via source and target branches