freeipa/ipatests
Stanislav Levin 72adb3279a Azure: Disable AppArmor profile for chrony
The security option 'apparmor:unconfined' tells Docker to not
apply AppArmor profiles for containers at all. This will not
replace or remove any existing profile. For example, this happens
on Ubuntu 20.04 which switched to chrony and brings its AppArmor
profile. Container's chronyd get blocked by AppArmor:

fv-az26-252 audit[11304]: AVC apparmor="DENIED" operation="capable" profile="/usr/sbin/chronyd" pid=11304 comm="chronyd" capability=2  capname="dac_read_search"
fv-az26-252 audit[11304]: AVC apparmor="DENIED" operation="capable" profile="/usr/sbin/chronyd" pid=11304 comm="chronyd" capability=1  capname="dac_override"

So, any of AppArmor profiles can block container's processes by
matching executable name. There are two ways:
1) prepare custom AppArmor unconfined profile, load it on Host and
    reference it in container's configuration. This requires the
    knowledge of profile syntax at least, not to difficult, but
    potentially hard to maintain.
2) disable conflicting profile on Host;

Azure will warn about AVC in either case.
The second one was chosen as more simple.

Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2021-03-30 09:58:42 +02:00
..
azure Azure: Disable AppArmor profile for chrony 2021-03-30 09:58:42 +02:00
man Simplify ipa-run-tests script 2019-07-16 13:23:21 +03:00
prci_definitions Increase timeout for TestIpaHealthCheck to 5400s 2021-03-26 10:54:08 +01:00
pytest_ipa ipatests: log command spawned by pexpect 2021-03-29 14:55:23 +03:00
test_cmdline Make tab completion in console more useful 2020-07-07 12:36:10 +02:00
test_install Unify access to FQDN 2020-10-26 17:11:19 +11:00
test_integration ipatests: update expected message 2021-03-30 07:39:47 +02:00
test_ipaclient Remove support for csrgen 2021-01-21 13:51:45 +01:00
test_ipalib ipatests: test that trailing/leading whitespaces in passwords are allowed 2020-12-18 16:47:59 +02:00
test_ipaplatform Add missing fedora_container platform members 2020-09-29 12:06:24 +02:00
test_ipapython ipatests: add test for multiple permitopen entries in SSH keys 2021-03-29 10:06:07 +03:00
test_ipaserver ipatests: Test secure_ajp_connector works with multiple connectors 2021-03-25 15:43:22 +01:00
test_ipatests_plugins ipatests: Don't turn Pytest IPA deprecation warnings into errors 2020-07-29 15:10:00 -04:00
test_webui test_webui: test_hostgroup: Wait for modal dialog to appear 2021-02-04 13:23:19 +01:00
test_xmlrpc ipatests: expect boolean type for nsaccountlock in user module 2021-03-29 10:11:56 +03:00
__init__.py Make an ipa-tests package 2013-06-17 19:22:50 +02:00
conftest.py ipatests: Don't turn Pytest IPA deprecation warnings into errors 2020-07-29 15:10:00 -04:00
create_external_ca.py Test external CA with DNS name constraints 2019-08-06 12:39:46 +02:00
data.py Fix more bytes/unicode issues 2015-10-22 18:34:46 +02:00
i18n.py Sprinkle raw strings across the code base 2018-09-27 10:23:03 +02:00
ipa-run-tests ipatests: Specify shell implementation 2020-04-21 13:24:50 +02:00
ipa-test-config Rename pytest_plugins to ipatests.pytest_ipa 2018-08-02 17:07:43 +02:00
ipa-test-task ipatests: when talking to AD DCs, use FQDN credentials 2021-01-26 13:05:27 -05:00
Makefile.am Build: fix distribution of static files for web UI 2016-11-09 13:08:32 +01:00
setup.cfg Port all setup.py to setuptools 2016-10-20 18:43:37 +02:00
setup.py ipatests: add a tests-oriented wrapper for pexpect module 2021-02-03 09:06:12 +02:00
test_util.py Fix E712 comparison to True / False 2020-05-05 10:42:46 +02:00
util.py ipatests: Remove no longer needed 'skip' compatibility 2020-04-21 13:24:50 +02:00