Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

unable to fetch available disks: permission denied: apparmor="DENIED" #495

Open
xypron opened this issue Jan 28, 2025 · 1 comment
Open

unable to fetch available disks: permission denied: apparmor="DENIED" #495

xypron opened this issue Jan 28, 2025 · 1 comment

Comments

@xypron
Copy link
Contributor

xypron commented Jan 28, 2025

I am running microceph built from origin/main on a riscv64 Ubuntu 25.04 system and see an apparmor denial:

# microceph init -d || journalctl -n10 | cat
MicroCeph has already been initialized.

Would you like to add additional servers to the cluster? (yes/no) [default=no]: 
Would you like to add additional local disks to MicroCeph? (yes/no) [default=yes]: 
Error: internal error: unable to fetch unpartitioned disks: internal error: unable to fetch available disks: failed listing storage devices: Failed to read "/proc/self/mountinfo": open /proc/self/mountinfo: permission denied
Jan 28 13:53:32 vf23 microceph.daemon[140710]: time="2025-01-28T13:53:32+01:00" level=debug msg="Got raw response struct from microcluster daemon" endpoint="https://192.168.103.47:7443/core/1.0/ready" method=GET
Jan 28 13:53:32 vf23 microceph.daemon[140710]: time="2025-01-28T13:53:32+01:00" level=debug msg="Got raw response struct from microcluster daemon" endpoint="https://192.168.103.47:7443/core/1.0/cluster" method=GET
Jan 28 13:53:32 vf23 microceph.daemon[140710]: time="2025-01-28T13:53:32+01:00" level=debug msg="Got raw response struct from microcluster daemon" endpoint="http://control.socket/core/internal/heartbeat" method=POST
Jan 28 13:53:36 vf23 systemd[1]: Started snap.microceph.microceph-5ccf9e7b-5932-43b8-9701-273918222a0d.scope.
Jan 28 13:53:36 vf23 kernel: audit: type=1400 audit(1738068816.852:2347): apparmor="DENIED" operation="capable" class="cap" profile="snap.microceph.microceph" pid=146573 comm="microceph" capability=2  capname="dac_read_search"
Jan 28 13:53:36 vf23 microceph.daemon[140710]: time="2025-01-28T13:53:36+01:00" level=debug msg="Matched trusted cert" fingerprint=8e63768e21777c7f42dc90e76907b112332dad1e1848200f7b8b8e0833e05a36 subject="CN=root@vf23,O=LXD"
Jan 28 13:53:36 vf23 microceph.daemon[140710]: time="2025-01-28T13:53:36+01:00" level=debug msg="Trusting HTTP request to \"/core/1.0/ready\" from \"192.168.103.47:46328\" with fingerprint \"8e63768e21777c7f42dc90e76907b112332dad1e1848200f7b8b8e0833e05a36\""
Jan 28 13:53:36 vf23 microceph.daemon[140710]: time="2025-01-28T13:53:36+01:00" level=debug msg="Got raw response struct from microcluster daemon" endpoint="https://192.168.103.47:7443/core/1.0/ready" method=GET
Jan 28 13:53:41 vf23 kernel: audit: type=1400 audit(1738068821.320:2348): apparmor="DENIED" operation="open" class="file" profile="snap.microceph.daemon" name="/proc/140710/mountinfo" pid=140710 comm="microcephd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Jan 28 13:53:41 vf23 systemd[1]: snap.microceph.microceph-5ccf9e7b-5932-43b8-9701-273918222a0d.scope: Deactivated successfully.
@syncronize-issues-to-jira Syncronize issues to Jira
Copy link

Thank you for reporting your feedback to us!

The internal ticket has been created: https://warthogs.atlassian.net/browse/CEPH-1135.

This message was autogenerated

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@xypron