MAAS rack server triggers Apparmor denial for wgetrc
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
MAAS |
Triaged
|
Medium
|
Unassigned |
Bug Description
Hello,
I'm just opening this bug to report an Apparmor denial that a MAAS rackd server is triggering:
---
Apr 25 19:17:46 host kernel: [ 953.022732] audit: type=1400 audit(168245026
Apr 25 19:18:16 host kernel: [ 983.040451] audit: type=1400 audit(168245029
Apr 25 19:18:46 host kernel: [ 1013.023824] audit: type=1400 audit(168245032
---
As can be seen, this is being logged every 30 seconds, though I'm not sure what process specifically is triggering this. The overall function of the rack controller does not seem to be getting impeded by this denial, so it's mainly an inconvenience in clogging up the syslog (I guess aside from the inability to modify wgetrc in a way that MAAS can use).
Recommend evaluating if MAAS should have read access to that file (probably should?), and if so, correcting the Apparmor profile accordingly, or if not, adjusting MAAS to stop trying to access it?
Thank you for your time!
Running:
root # snap list maas
Name Version Rev Tracking Publisher Notes
maas 3.3.2-13177-
The snap doesn't have an /etc/wgetrc file, we should be able to silence that message by adding --no-config to the wget command line where it's used in MAAS.
Note that the message is not really causing issues, since wget will just fail to read the file and ignore it.