Hello friends,
Please can we get a manual review done on latest/edge/strict? This is mainly to support testing of the roadmap item.
Thanks,
Joe
Hello friends,
Please can we get a manual review done on latest/edge/strict? This is mainly to support testing of the roadmap item.
Thanks,
Joe
Hey @joedborg,
I see the latest uploaded revision is making use of the system-files
interface as well as home
with the read: all
attribute. Could you please explain why such access is needed?
Thanks!
Hello @emitorino
home
with read: all
is needed on the advice of @ijohnson, because people need to be able to access files in order to apply configuration to Kubernetes:
[86842.701588] audit: type=1400 audit(1621513559.335:310749): apparmor="DENIED" operation="open" profile="snap.microk8s.kubectl" name="/home/jackal/workspace/microk8s/tests/templates/ingress.yaml" pid=208097 comm="kubectl" requested_mask="r" denied_mask="r" fsuid=0 ouid=1000
system-files
is needed as Kubernetes must configure certain things on the host, depending on how the user chooses to configure it. I believe this is expected if someone is installing MicroK8s.
Many thanks,
Joe
@joedborg is this request still valid?
I dont see the latest revision of microk8s is using system-files
nor home
with read:all