Maybe but we would more information to say for sure.

There have been no changes in apparmor between the reported working
20180109 and 20180126.

The warning
> "Warning failed to create cache: usr.sbin.sssd" before the instance

just means that apparmor was not able to cache the binary policy that it
loaded. This is not unusual if policy configuration hasn't been updated
some image configurations. Eg. if /etc/ is ro and the apparmor cache is
at its default location of /etc/apparmor.d/cache. This warning would
come during packaging install or boot, before sshd is run.

We can easily test whether apparmor policy load is causing the issue by
manually calling the apparmor_parser on policy separate from invoking
the application/services associated with the fault.

  sudo apparmor_parser -rK /etc/apparmor.d/

we can also decouple apparmor policy enforcement from the application/serives 
by disabling the profile on the instance
  sudo aa-disable /etc/apparmor.d/usr.sbin.sssd

or all profiles
  sudo systemctl disable apparmor.service

and we can disable apparmor from being used on the kernel at boot by adding the 
kernel parameter

You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

  sssd appears to crash AWS c5 and m5 instances, cause 100% CPU

To manage notifications about this bug go to:

ubuntu-bugs mailing list

Reply via email to