Skip to content

ci: disable AppArmor on host for integration test#2601

Merged
adrianreber merged 1 commit into
openhpc:4.xfrom
adrianreber:2026-06-05-apparmor
Jun 6, 2026
Merged

ci: disable AppArmor on host for integration test#2601
adrianreber merged 1 commit into
openhpc:4.xfrom
adrianreber:2026-06-05-apparmor

Conversation

@adrianreber
Copy link
Copy Markdown
Member

@adrianreber adrianreber commented Jun 5, 2026

Host-level AppArmor profiles on Ubuntu runners deny access to /run/systemd/notify for processes like chronyd inside privileged containers, even with --security-opt apparmor=unconfined. Stop and disable AppArmor on the runner before launching the container.

Generated with Claude Code (https://claude.ai/code)

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Jun 5, 2026
edited
Loading

🚀 CCache Statistics

Configuration 🐧 RHEL 🦊 openEuler
🖥️ x86_64 / gnu15 🟡 20.00% 🟢 78.33%
🖥️ x86_64 / intel 🟡 22.03% -
💪 aarch64 / gnu15 🟡 20.00% 🟢 78.33%
📊 Detailed Statistics

openEuler (aarch64)

Cacheable calls:     60 / 124 (48.39%)
  Hits:              47 /  60 (78.33%)
    Direct:          47 /  47 (100.0%)
    Preprocessed:     0 /  47 ( 0.00%)
  Misses:            13 /  60 (21.67%)
Uncacheable calls:   64 / 124 (51.61%)
Local storage:
  Cache size (GiB): 0.0 / 5.0 ( 0.00%)
  Hits:              47 /  60 (78.33%)
  Misses:            13 /  60 (21.67%)

openEuler (x86_64)

Cacheable calls:     60 / 124 (48.39%)
  Hits:              47 /  60 (78.33%)
    Direct:          47 /  47 (100.0%)
    Preprocessed:     0 /  47 ( 0.00%)
  Misses:            13 /  60 (21.67%)
Uncacheable calls:   64 / 124 (51.61%)
Local storage:
  Cache size (GiB): 0.0 / 5.0 ( 0.00%)
  Hits:              47 /  60 (78.33%)
  Misses:            13 /  60 (21.67%)

RHEL (aarch64/gnu15)

Cacheable calls:    215 / 420 (51.19%)
  Hits:              43 / 215 (20.00%)
    Direct:          43 /  43 (100.0%)
    Preprocessed:     0 /  43 ( 0.00%)
  Misses:           172 / 215 (80.00%)
Uncacheable calls:  205 / 420 (48.81%)
Local storage:
  Cache size (GiB): 0.0 / 5.0 ( 0.09%)
  Hits:              43 / 215 (20.00%)
  Misses:           172 / 215 (80.00%)

RHEL (x86_64/gnu15)

Cacheable calls:    215 / 420 (51.19%)
  Hits:              43 / 215 (20.00%)
    Direct:          42 /  43 (97.67%)
    Preprocessed:     1 /  43 ( 2.33%)
  Misses:           172 / 215 (80.00%)
Uncacheable calls:  205 / 420 (48.81%)
Local storage:
  Cache size (GiB): 0.0 / 5.0 ( 0.09%)
  Hits:              43 / 215 (20.00%)
  Misses:           172 / 215 (80.00%)

RHEL (x86_64/intel)

Cacheable calls:    227 / 612 (37.09%)
  Hits:              50 / 227 (22.03%)
    Direct:          49 /  50 (98.00%)
    Preprocessed:     1 /  50 ( 2.00%)
  Misses:           177 / 227 (77.97%)
Uncacheable calls:  385 / 612 (62.91%)
Local storage:
  Cache size (GiB): 0.0 / 5.0 ( 0.09%)
  Hits:              50 / 227 (22.03%)
  Misses:           177 / 227 (77.97%)

🤖 Generated from workflow run 27059961549

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Jun 5, 2026
edited
Loading

Test Results

 29 files  ±0  29 suites  ±0   49s ⏱️ +2s
 59 tests ±0  52 ✅  - 1  6 💤 ±0  1 ❌ +1 
105 runs  ±0  96 ✅  - 1  8 💤 ±0  1 ❌ +1 

For more details on these failures, see this check.

Results for commit f8b8d7c. ± Comparison against base commit 40638de.

♻️ This comment has been updated with latest results.

@adrianreber adrianreber force-pushed the 2026-06-05-apparmor branch from 7388ad1 to 9c85e35 Compare June 6, 2026 10:34
@adrianreber
ci: disable AppArmor on host for integration test
f8b8d7c 
Host-level AppArmor profiles on Ubuntu runners deny access to
/run/systemd/notify for processes like chronyd inside privileged
containers, even with --security-opt apparmor=unconfined. Stop
and disable AppArmor on the runner before launching the container.

Generated with Claude Code (https://claude.ai/code)

Signed-off-by: Adrian Reber <areber@redhat.com>
@adrianreber adrianreber force-pushed the 2026-06-05-apparmor branch from 9c85e35 to f8b8d7c Compare June 6, 2026 11:13
@adrianreber adrianreber merged commit cca9c11 into openhpc:4.x Jun 6, 2026
23 of 25 checks passed
@adrianreber adrianreber deleted the 2026-06-05-apparmor branch June 6, 2026 13:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@adrianreber