CircleCI/AppArmor issue for validation on Ubuntu Linux

mattgodbolt · August 16, 2018, 2:01pm

Hey all,

I’m on Ubuntu 18.04, installed circleci and docker via snap (and the two are linked as per the installation instructions).

I can execute local ci builds fine.

Until recently circleci config validate was working, but as of today I get:

$ circleci config validate
Error: Could not load config file at .circleci/config.yml: open .circleci/config.yml: permission denied

And looking in dmesg I see:

[607668.330776] audit: type=1400 audit(1534427762.045:493): apparmor=“DENIED” operation=“open” profile=“snap.circleci.circleci” name="/home/mattgodbolt/PATH_REDACTED/.circleci/config.yml" pid=12052 comm=“circleci” requested_mask=“r” denied_mask=“r” fsuid=1000 ouid=1000

Can anyone help me debug/diagnose why the apparmor profile for snap.cirlceci.circleci is denying access to this file? Can anyone think why it may have changed?

Thanks, Matt

mattgodbolt · August 16, 2018, 2:14pm

I spoke too soon, the local builds are also failing:

rpc error: code = 2 desc = oci runtime error: exec failed: container_linux.go:1370: sending signal 0 to pid 16358 caused "permission denied"

====>> Error executing build steps
Error: 
CircleCI was unable to run the job runner because we were unable to execute commands in build container.

and in dmesg:

[608745.999589] audit: type=1400 audit(1534428839.731:552): apparmor="DENIED" operation="signal" profile="docker-default" pid=16636 comm="docker-runc" requested_mask="receive" denied_mask="receive" signal=exists peer="unconfined"
[608746.045196] audit: type=1400 audit(1534428839.779:553): apparmor="DENIED" operation="signal" profile="docker-default" pid=26173 comm="docker-containe" requested_mask="receive" denied_mask="receive" signal=kill peer="unconfined"

(with many other similar lines above).

Any ideas? Thanks in advance, Matt

KPrasch · August 18, 2018, 11:06pm

I am also being effected by this.

ERROR: ld.so: object 'libgtk3-nocsd.so.0' from LD_PRELOAD cannot be preloaded (failed to map segment from shared object): ignored.
Error: Could not load config file at .circleci/config.yml: open .circleci/config.yml: permission denied

levlaz · August 19, 2018, 5:34am

cc @FelicianoTech any ideas here?

FelicianoTech · August 29, 2018, 9:38pm

No, I don’t know.

As the Local CLI is morphing into the new, CircleCI CLI, I’m no longer leading it. I made a GitHub Issue.

FelicianoTech · September 6, 2018, 2:50pm

For anyone who hasn’t visited the GitHub link, the issue that I found related to this I’ve fixed.

system · March 19, 2019, 3:27am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
"permission denied" while validating yml with CLI Build Environment	3	4216	November 16, 2018
CircleCI was unable to run the job runner Build Environment	19	7719	September 28, 2019
Circleci local execute fails to checkout code when the local mounted directory has mode 0640 Feedback & Bug Reports	1	1502	January 29, 2020
Local excute failng with permision errors Feedback & Bug Reports	3	1930	July 20, 2021
Permission Denied Error When Executing a Job Locally on CircleCI CLI Build Environment cli	3	1625	August 29, 2022

CircleCI/AppArmor issue for validation on Ubuntu Linux

Related topics