etcdctl snap not able to write to /var/lib/nagios/etcd-alarm-list.txt
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Etcd Charm |
Fix Released
|
Medium
|
Unassigned | ||
Bug Description
When we run the etcd snap in an LXD container, we see a couple of denials on the host hosting the LXD container such as:
[70955.020329] audit: type=1400 audit(168551832
In a VM for example, this works fine and I do not see the apparmor deny.
I see two ways forward to fixing the issue:
1) Add the following to the etcdctl snap apparmor profile:
/var/lib/
2) Change the cron template file in order to use tee to write the file instead of directing the output at https:/
Example:
* * * * * root [ -x /snap/bin/etcdctl ] && ETCDCTL_API=3 /snap/bin/etcdctl --endpoints=
I am happy to send a patch, just looking to know what is your preferred way of patching before sending a PR.
Thanks.
David.
| Kevin W Monroe (kwmonroe) wrote | #1 |
| Changed in charm-etcd: | |
| status: | New → Triaged |
| importance: | Undecided → Medium |
| milestone: | none → 1.28 |
| Changed in charm-etcd: | |
| status: | Triaged → Fix Committed |
| tags: | removed: needs-review |
| Changed in charm-etcd: | |
| status: | Fix Committed → Fix Released |
Hey David, thanks for the report and patch offer! My preference is option 2 (| tee) over adjusting the aa profile.