Project

General

Profile

Actions
Copy link

Incident #7600

closed

rstudio server cannot talk to nlscd when apparmor is active

Added by Andrea Dell'Amico about 8 years ago. Updated about 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
_InfraScience Systems Engineer
Category:
System Application
Target version:
UnSprintable
Start date:
Mar 20, 2017
Due date:
% Done:

100%

Estimated time:
Infrastructure:
Development, Production

Description

On the GARR cloud, where the VMs can run a modern kernel, apparmor is active by default.
rstudio server comes with an apparmor profile that prevents it from reading the nlscd socket.
Without the ability to use the nlscd cache service, even a small delay between rstudio and the ldap server leads to a disconnection.

Actions
Copy link
 #1

Updated by Andrea Dell'Amico about 8 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

I modified the rstudio-server playbook so that now it installs the apparmor-utilities package and, when apparmor is active, runs

aa-complain rstudio-server

That command changes the apparmor policy from enforcing to complain. This way an entry will be logged to the syslog server, but rstudio will be able to access the nlscd socket.

Actions
Copy link

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 8.91 MB)