apparmor=“DENIED” operation=“open” profile=“snap.maas.supervisor”

I’m getting these error in syslog, on both the rack and region/rack controllers.

kernel: [ 2130.188062] audit: type=1400 audit(1631910625.692:409): apparmor=“DENIED” operation=“open” profile=“snap.maas.supervisor” name="/etc/gss/mech.d/" pid=9417 comm=“python3” requested_mask=“r” denied_mask=“r” fsuid=0 ouid=0

My searches haven’t helped me find a solution yet, I’m pretty new to app armor.
It logs every 10s or so, so fills the log file with junk.

Any ideas on what is going on, and how to get rid of the errors?

1 Like

Your system must have the SASL GSSAPI plugin installed, so MAAS is accessing these files when it needs to discover user group membership. The AppArmor profile for MAAS (/var/lib/snapd/apparmor/profiles/snap.maas.supervisor) doesn’t allow that.

Please Report a Bug with this log and the installed packages list.

A stop gap is to edit the profile to allow the access, adding the following lines:

# required for sasl GSSAPI plugin
/etc/gss/mech.d/ r,
/etc/gss/mech.d/* r,

snapd will rewrite this file eventually, so this is no solution.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.