Skip to content

unable to fetch available disks: permission denied: apparmor="DENIED" #495

New issue
New issue
Open
Open
unable to fetch available disks: permission denied: apparmor="DENIED"#495
@xypron

Description

@xypron
xypron
opened on Jan 28, 2025

I am running microceph built from origin/main on a riscv64 Ubuntu 25.04 system and see an apparmor denial:

# microceph init -d || journalctl -n10 | cat
MicroCeph has already been initialized.

Would you like to add additional servers to the cluster? (yes/no) [default=no]: 
Would you like to add additional local disks to MicroCeph? (yes/no) [default=yes]: 
Error: internal error: unable to fetch unpartitioned disks: internal error: unable to fetch available disks: failed listing storage devices: Failed to read "/proc/self/mountinfo": open /proc/self/mountinfo: permission denied
Jan 28 13:53:32 vf23 microceph.daemon[140710]: time="2025-01-28T13:53:32+01:00" level=debug msg="Got raw response struct from microcluster daemon" endpoint="https://192.168.103.47:7443/core/1.0/ready" method=GET
Jan 28 13:53:32 vf23 microceph.daemon[140710]: time="2025-01-28T13:53:32+01:00" level=debug msg="Got raw response struct from microcluster daemon" endpoint="https://192.168.103.47:7443/core/1.0/cluster" method=GET
Jan 28 13:53:32 vf23 microceph.daemon[140710]: time="2025-01-28T13:53:32+01:00" level=debug msg="Got raw response struct from microcluster daemon" endpoint="http://control.socket/core/internal/heartbeat" method=POST
Jan 28 13:53:36 vf23 systemd[1]: Started snap.microceph.microceph-5ccf9e7b-5932-43b8-9701-273918222a0d.scope.
Jan 28 13:53:36 vf23 kernel: audit: type=1400 audit(1738068816.852:2347): apparmor="DENIED" operation="capable" class="cap" profile="snap.microceph.microceph" pid=146573 comm="microceph" capability=2  capname="dac_read_search"
Jan 28 13:53:36 vf23 microceph.daemon[140710]: time="2025-01-28T13:53:36+01:00" level=debug msg="Matched trusted cert" fingerprint=8e63768e21777c7f42dc90e76907b112332dad1e1848200f7b8b8e0833e05a36 subject="CN=root@vf23,O=LXD"
Jan 28 13:53:36 vf23 microceph.daemon[140710]: time="2025-01-28T13:53:36+01:00" level=debug msg="Trusting HTTP request to \"/core/1.0/ready\" from \"192.168.103.47:46328\" with fingerprint \"8e63768e21777c7f42dc90e76907b112332dad1e1848200f7b8b8e0833e05a36\""
Jan 28 13:53:36 vf23 microceph.daemon[140710]: time="2025-01-28T13:53:36+01:00" level=debug msg="Got raw response struct from microcluster daemon" endpoint="https://192.168.103.47:7443/core/1.0/ready" method=GET
Jan 28 13:53:41 vf23 kernel: audit: type=1400 audit(1738068821.320:2348): apparmor="DENIED" operation="open" class="file" profile="snap.microceph.daemon" name="/proc/140710/mountinfo" pid=140710 comm="microcephd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Jan 28 13:53:41 vf23 systemd[1]: snap.microceph.microceph-5ccf9e7b-5932-43b8-9701-273918222a0d.scope: Deactivated successfully.

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions