Re-enable AppArmor enforcement

Ensure tests are run with aa-profile-mode=enforce. So we should be able
to notice any future behavioral changes in the upstream or additional
rules required for nova-compute AppArmor profile in the functional
tests.

func-test-pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/870

Depends-Onː Id2db3a70b8d1287bda006f1bbc5442038f7070f1
Related-Bug: #1979812
Related-Bug: #1939389

Change-Id: If658d9e8ee11248ef09e774f3e21fe0f801dc066
This commit is contained in:
Nobuto Murata 2022-07-07 09:37:28 +09:00
parent 8656303f29
commit ba21da64f6
3 changed files with 3 additions and 6 deletions

View File

@ -138,8 +138,7 @@ applications:
options: options:
config-flags: auto_assign_floating_ip=False config-flags: auto_assign_floating_ip=False
enable-live-migration: false enable-live-migration: false
# disable apparmor because of https://bugs.launchpad.net/charm-nova-compute/+bug/1979812 aa-profile-mode: enforce
# aa-profile-mode: enforce
#ephemeral-device: /dev/vdb #ephemeral-device: /dev/vdb
#ephemeral-unmount: /mnt #ephemeral-unmount: /mnt
debug: true debug: true

View File

@ -138,8 +138,7 @@ applications:
options: options:
config-flags: auto_assign_floating_ip=False config-flags: auto_assign_floating_ip=False
enable-live-migration: false enable-live-migration: false
# disable apparmor because of https://bugs.launchpad.net/charm-nova-compute/+bug/1979812 aa-profile-mode: enforce
# aa-profile-mode: enforce
#ephemeral-device: /dev/vdb #ephemeral-device: /dev/vdb
#ephemeral-unmount: /mnt #ephemeral-unmount: /mnt
debug: true debug: true

View File

@ -138,8 +138,7 @@ applications:
options: options:
config-flags: auto_assign_floating_ip=False config-flags: auto_assign_floating_ip=False
enable-live-migration: false enable-live-migration: false
# disable apparmor because of https://bugs.launchpad.net/charm-nova-compute/+bug/1979812 aa-profile-mode: enforce
# aa-profile-mode: enforce
#ephemeral-device: /dev/vdb #ephemeral-device: /dev/vdb
#ephemeral-unmount: /mnt #ephemeral-unmount: /mnt
debug: true debug: true