** Changed in: charm-nova-compute Status: New => Triaged ** Changed in: nova Status: New => Invalid
** Changed in: charm-nova-compute Importance: Undecided => Medium ** Changed in: charm-nova-compute Assignee: (unassigned) => James Page (james-page) ** Changed in: charm-nova-compute Status: Triaged => In Progress -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1794564 Title: Apparmor denies /usr/bin/nova-compute access to /proc/loadavg on openstack hypervisor show Status in OpenStack nova-compute charm: In Progress Status in OpenStack Compute (nova): Invalid Bug description: On Xenial-Queens cloud, I'm seeing failure with nova-compute 17.0.5-0ubuntu1~cloud0 package unable to run uptime due to a failure to read /proc/loadavg. Kernel log entries: [4726259.738185] audit: type=1400 audit(1537977315.312:59959): apparmor="DENIED" operation="open" profile="/usr/bin/nova-compute" name="/proc/loadavg" pid=1958757 comm="uptime" requested_mask="r" denied_mask="r" fsuid=64060 ouid=0 [4726265.862186] audit: type=1400 audit(1537977321.436:59960): apparmor="DENIED" operation="open" profile="/usr/bin/nova-compute" name="/proc/loadavg" pid=1959961 comm="uptime" requested_mask="r" denied_mask="r" fsuid=64060 ouid=0 This happens when running "openstack hypervisor show <hostname>" with AppArmor in enforce mode. this read access to /proc/loadavg should be added to apparmor profiles for the nova-compute package. To manage notifications about this bug go to: https://bugs.launchpad.net/charm-nova-compute/+bug/1794564/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp