OpenStack Nova Compute Charm

nova-compute apparmor profile complains about SEV on AMD compute nodes

Bug #1935697 reported by James Troup
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Nova Compute Charm
Fix Released
High
James Troup
OpenStack Nova Compute Charm 21.10

Bug Description

Jul 09 14:17:21 ps5-ra4-n1 kernel: audit: type=1400 audit(1625840241.680:18853): apparmor="ALLOWED" operation="open" profile="/usr/bin/nova-compute" name="/sys/module/kvm_amd/parameters/sev" pid=3317612 comm="nova-compute" requested_mask="r" denied_mask="r" fsuid=64060 ouid=0

Revision history for this message
James Troup (elmo) wrote :

https://review.opendev.org/c/openstack/charm-nova-compute/+/800285

OpenStack Infra (hudson-openstack)
Changed in charm-nova-compute:
status: New → In Progress
Billy Olsen (billy-olsen)
Changed in charm-nova-compute:
milestone: none → 21.10
assignee: nobody → James Troup (elmo)
importance: Undecided → High
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to charm-nova-compute (master)

Reviewed: https://review.opendev.org/c/openstack/charm-nova-compute/+/800285
Committed: https://opendev.org/openstack/charm-nova-compute/commit/f526b1f4a9d75570b5c77e2846761870626a13da
Submitter: "Zuul (22348)"
Branch: master

commit f526b1f4a9d75570b5c77e2846761870626a13da
Author: James Troup <email address hidden>
Date: Fri Jul 9 18:24:39 2021 +0100

    Allow nova-compute to read /sys/module/kvm_amd/parameters/sev

    Closes-Bug: #1935697
    Change-Id: I4cb54c26f285e0ea283193416f58bda3080bb38d

Changed in charm-nova-compute:
status: In Progress → Fix Committed
Alex Kavanagh (ajkavanagh)
Changed in charm-nova-compute:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.