Re: [ovs-dev] [PATCH ovn] ci: Disable apparmor for test runs.

Mon, 02 Jun 2025 03:23:13 -0700 

On 6/2/25 9:00 AM, Ales Musil wrote:
> The apparmor is preventing sudo command in Fedora container, setting
> it apparmor profile to unconfined doesn't seem to help. Disable it
> completely as workaround.
> 
> Signed-off-by: Ales Musil <amu...@redhat.com>
> ---

Hi Ales,

Thanks for the patch!

Looking at other places where we might need the workaround I was
surprised to see that the CI is green for ovn-fake-multinode periodic jobs.

So I think we might need to do two things:
- bump fedora version to something currently supported (we use fedora 38
for multinode tests and 39 for periodic unit/system tests - both
versions are not supported anymore)
- add the apparmor workaround to multinode jobs too.

What do you think?

Regards,
Dumitru

>  .ci/linux-util.sh          |  9 +++++++++
>  .github/workflows/test.yml | 10 ++++++++++
>  2 files changed, 19 insertions(+)
> 
> diff --git a/.ci/linux-util.sh b/.ci/linux-util.sh
> index 7a336a994..b5bd1f8c9 100755
> --- a/.ci/linux-util.sh
> +++ b/.ci/linux-util.sh
> @@ -40,3 +40,12 @@ function fix_etc_hosts()
>  
>      diff -u ./hosts.bak /etc/hosts || true
>  }
> +
> +# Workaround until https://github.com/actions/runner-images/issues/10015
> +# is resolved in some way.
> +function disable_apparmor()
> +{
> +    # https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2093797
> +    sudo aa-teardown || true
> +    sudo systemctl disable --now apparmor.service
> +}
> diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
> index eff1be175..32d1070e5 100644
> --- a/.github/workflows/test.yml
> +++ b/.github/workflows/test.yml
> @@ -42,6 +42,11 @@ jobs:
>            . .ci/linux-util.sh
>            fix_etc_hosts
>  
> +      - name: Disable apparmor
> +        run: |
> +          . .ci/linux-util.sh
> +          disable_apparmor
> +
>        - name: Choose image distro
>          if: github.event_name == 'push' || github.event_name == 
> 'pull_request'
>          run: |
> @@ -157,6 +162,11 @@ jobs:
>          . .ci/linux-util.sh
>          fix_etc_hosts
>  
> +    - name: Disable apparmor
> +      run: |
> +        . .ci/linux-util.sh
> +        disable_apparmor
> +
>      - name: image cache
>        id: image_cache
>        uses: actions/cache@v4

_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Reply via email to