Audit note on hugepages


what could be the solution for getting rid of the snap audit issue on hugepages.

I have this entry in my snapcraft.yaml, so I though I would be covered already.

      command: bin/edge-info
        - edge-identity-file
        - mount-observe
        - network-bind
        - login-session-observe
        - steam-support
        - procps

Procps is there, which I think should then cover the command free which I am guessing (I can see hugepages accessed in the code) is causing the issue.

So, why am I still getting this?

 audit[27424]: AVC apparmor="DENIED" operation="open" profile="snap.pelion-edge.version" name="/sys/kernel/mm/hugepages/" pid=27424 comm="kubelet" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

Interestingly, I can’t see that anything would be missing from the edge-info command output, so what is really getting blocked?

This gets printed anyway:

  • Physical Memory: 8105 MB

The value is also correct.