search

canonical / opensearch-snap

OpenSearch Snap
Apache License 2.0
1 stars 6 forks source link

Snap fails to read hugepages folder on sysfs #66

Closed phvalguima closed 1 month ago

phvalguima commented 2 months ago

At early start of the snap, the JVM will try to read the /sys/kernel/mm/hugepages/ and fail with permission denied:

[32370.680133] audit: type=1400 audit(1719167877.129:1244): apparmor="DENIED" operation="open" class="file" profile="snap.opensearch.daemon" name="/sys/kernel/mm/hugepages/" pid=96690 
comm="java" requested_mask="r" denied_mask="r" fsuid=584788 ouid=0                          
[32370.847235] audit: type=1400 audit(1719167877.293:1245): apparmor="DENIED" operation="open" class="file" profile="snap.opensearch.daemon" name="/sys/kernel/mm/hugepages/" pid=96707 
comm="java" requested_mask="r" denied_mask="r" fsuid=584788 ouid=0                          
[32370.917110] audit: type=1400 audit(1719167877.365:1246): apparmor="DENIED" operation="open" class="file" profile="snap.opensearch.daemon" name="/sys/kernel/mm/hugepages/" pid=96728 
comm="java" requested_mask="r" denied_mask="r" fsuid=584788 ouid=0                          
[32371.109975] audit: type=1400 audit(1719167877.557:1247): apparmor="DENIED" operation="open" class="file" profile="snap.opensearch.daemon" name="/sys/kernel/mm/hugepages/" pid=96746 
comm="java" requested_mask="r" denied_mask="r" fsuid=584788 ouid=0                          
[32371.709342] audit: type=1400 audit(1719167878.157:1248): apparmor="DENIED" operation="open" class="file" profile="snap.opensearch.daemon" name="/sys/kernel/mm/hugepages/" pid=96686 
comm="java" requested_mask="r" denied_mask="r" fsuid=584788 ouid=0                          
[32375.271374] audit: type=1400 audit(1719167881.717:1249): apparmor="DENIED" operation="mkdir" class="file" profile="snap.opensearch.daemon" name="/nonexistent/" pid=96686 comm="java"
 requested_mask="c" denied_mask="c" fsuid=584788 ouid=584788                                
[32375.271385] audit: type=1400 audit(1719167881.717:1250): apparmor="DENIED" operation="mkdir" class="file" profile="snap.opensearch.daemon" name="/nonexistent/" pid=96686 comm="java"
 requested_mask="c" denied_mask="c" fsuid=584788 ouid=584788                                
[32375.272431] audit: type=1400 audit(1719167881.721:1251): apparmor="DENIED" operation="mkdir" class="file" profile="snap.opensearch.daemon" name="/nonexistent/" pid=96686 comm="java"
 requested_mask="c" denied_mask="c" fsuid=584788 ouid=584788                                
[32375.272444] audit: type=1400 audit(1719167881.721:1252): apparmor="DENIED" operation="mkdir" class="file" profile="snap.opensearch.daemon" name="/nonexistent/" pid=96686 comm="java"
 requested_mask="c" denied_mask="c" fsuid=584788 ouid=584788
github-actions[bot] commented 2 months ago

https://warthogs.atlassian.net/browse/DPE-4731

phvalguima commented 1 month ago

Closed by #68