sous-chefs / apparmor Goto Github PK
View Code? Open in Web Editor NEWDevelopment repository for the apparmor cookbook
Home Page: https://supermarket.chef.io/cookbooks/apparmor
License: Apache License 2.0
Development repository for the apparmor cookbook
Home Page: https://supermarket.chef.io/cookbooks/apparmor
License: Apache License 2.0
We want to go to chef 13, but we can't use this cookbook along side the ntp cookbook since they have resources with the same name
Deprecated features used!
Cloning resource attributes for service[apparmor] from prior resource
Previous service[apparmor]: /var/chef/cache/cookbooks/ntp/recipes/apparmor.rb:20:in `from_file'
Current service[apparmor]: /var/chef/cache/cookbooks/apparmor/recipes/default.rb:30:in `from_file' at 1 location:
- /var/chef/cache/cookbooks/apparmor/recipes/default.rb:30:in `from_file'
See https://docs.chef.io/deprecations_resource_cloning.html for further details.
its invoking wrong systemd command to enable apparmor service. Instead of
/bin/systemctl enable apparmor
the recipe needs to execute:
/bin/systemctl enable apparmor.service
stacktrace:
Recipe: apparmor::default
* apt_package[apparmor] action install (up to date)
* service[apparmor] action start (up to date)
* service[apparmor] action enable
================================================================================
Error executing action `enable` on resource 'service[apparmor]'
================================================================================
Mixlib::ShellOut::ShellCommandFailed
------------------------------------
Expected process to exit with [0], but received '1'
---- Begin output of /bin/systemctl enable apparmor ----
STDOUT:
STDERR: Synchronizing state for apparmor.service with sysvinit using update-rc.d...
Executing /usr/sbin/update-rc.d apparmor defaults
Executing /usr/sbin/update-rc.d apparmor enable
Failed to execute operation: No such file or directory
---- End output of /bin/systemctl enable apparmor ----
Ran /bin/systemctl enable apparmor returned 1
Resource Declaration:
---------------------
# In /var/chef/cache/cookbooks/apparmor/recipes/default.rb
30: service 'apparmor' do
31: action actions
32: supports [:restart, :reload, :status]
33: stop_command '/usr/sbin/service apparmor teardown'
34: end
35: end
Compiled Resource:
------------------
# Declared in /var/chef/cache/cookbooks/apparmor/recipes/default.rb:30:in `from_file'
service("apparmor") do
action [:start, :enable]
supports {:restart=>true, :reload=>true, :status=>true}
retries 0
retry_delay 2
default_guard_interpreter :default
service_name "apparmor"
running true
pattern "apparmor"
stop_command "/usr/sbin/service apparmor teardown"
declared_type :service
cookbook_name "apparmor"
recipe_name "default"
end
Running handlers:
[2015-07-13T00:32:08-07:00] ERROR: Running exception handlers
Running handlers complete
It would be very helpful to have a LWRP to manage apparmor profiles. This could be used to add / remove apparmor profiles without creating multiple resources to first add the profile and then reload the profile. Cookbooks like the NTP cookbook could use this to solve their apparmor issues.
This goes along with the LWRP to manage apparmor profiles. The default recipe should be empty so that users can include it just for the LWRP. There should be a manage recipe that either enables or disables apparmor and the default should probably be enable.
So ehm... wouldn't it be more flexible if the resource apparmor_policy
would be a template and not a static cookbook_file
?
I would simply use an .erb
template to dynamically create apparmor_policies...
2.0.3
The Readme says the minimum Chef version is 12.7 while the metadata.rb
says 15.3.
Best
Christopher
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
This repository currently has no open or pending branches.
.github/workflows/ci.yml
sous-chefs/.github 3.1.1
actions/checkout v4
actionshub/chef-install 3.0.0
actionshub/test-kitchen 3.0.0
.github/workflows/stale.yml
actions/stale v9
3.0.2
14.7.17
Ubuntu 18.04 LTS on Azure VM, and same version on vagrant/test-kitchen using 'bento/ubuntu-18.04'
Trying to disable apparmor by including the cookbook attribute: override['apparmor']['disable'] = true
And then running include_recipe 'apparmor'
in a recipe. However, this results in an error on the platform.
This happens when running the default recipe with node['apparmor']['disable'] == true
The apparmor service should be disabled and removed as described in the cookbook documentation.
Recipe: apparmor::default
* apt_package[apparmor] action remove[2018-11-27T09:11:11-07:00] INFO: Processing apt_package[apparmor] action remove (apparmor::default line 25)
[2018-11-27T09:11:40-07:00] INFO: apt_package[apparmor] removed
- remove package apparmor
* service[apparmor] action stop[2018-11-27T09:11:40-07:00] INFO: Processing service[apparmor] action stop (apparmor::default line 30)
================================================================================
Error executing action `stop` on resource 'service[apparmor]'
================================================================================
Mixlib::ShellOut::ShellCommandFailed
------------------------------------
Expected process to exit with [0], but received '2'
---- Begin output of /usr/sbin/service apparmor teardown ----
STDOUT:
STDERR: /etc/init.d/apparmor: 35: .: Can't open /lib/apparmor/functions
---- End output of /usr/sbin/service apparmor teardown ----
Ran /usr/sbin/service apparmor teardown returned 2
Resource Declaration:
---------------------
# In /tmp/kitchen/cache/cookbooks/apparmor/recipes/default.rb
30: service 'apparmor' do
31: action actions
32: supports [:restart, :reload, :status]
33: stop_command '/usr/sbin/service apparmor teardown'
34: end
35: end
Compiled Resource:
------------------
# Declared in /tmp/kitchen/cache/cookbooks/apparmor/recipes/default.rb:30:in `from_file'
service("apparmor") do
action [:stop, :disable]
default_guard_interpreter :default
service_name "apparmor"
enabled nil
running nil
masked nil
pattern "apparmor"
stop_command "/usr/sbin/service apparmor teardown"
declared_type :service
cookbook_name "apparmor"
recipe_name "default"
supports {:restart=>true, :reload=>true, :status=>true}
end
System Info:
------------
chef_version=14.7.17
platform=ubuntu
platform_version=18.04
ruby=ruby 2.5.3p105 (2018-10-18 revision 65156) [x86_64-linux]
program_name=/opt/chef/bin/chef-client
executable=/opt/chef/bin/chef-client
[2018-11-27T09:11:40-07:00] INFO: Running queued delayed notifications before re-raising exception
Running handlers:
[2018-11-27T09:11:40-07:00] ERROR: Running exception handlers
Running handlers complete
[2018-11-27T09:11:40-07:00] ERROR: Exception handlers complete
Chef Client failed. 3 resources updated in 42 seconds
[2018-11-27T09:11:40-07:00] FATAL: Stacktrace dumped to /tmp/kitchen/cache/chef-stacktrace.out
[2018-11-27T09:11:40-07:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
[2018-11-27T09:11:40-07:00] FATAL: Mixlib::ShellOut::ShellCommandFailed: service[apparmor] (apparmor::default line 30) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received '2'
---- Begin output of /usr/sbin/service apparmor teardown ----
STDOUT:
STDERR: /etc/init.d/apparmor: 35: .: Can't open /lib/apparmor/functions
---- End output of /usr/sbin/service apparmor teardown ----
Ran /usr/sbin/service apparmor teardown returned 2
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.