Revert "action: Remove apparmor disable logic"

author Daan De Meyer <daan.j.demeyer@gmail.com>

Mon, 8 Jul 2024 12:19:42 +0000 (14:19 +0200)

committer Daan De Meyer <daan.j.demeyer@gmail.com>

Mon, 8 Jul 2024 12:20:01 +0000 (14:20 +0200)
author Daan De Meyer <daan.j.demeyer@gmail.com>
Mon, 8 Jul 2024 12:19:42 +0000 (14:19 +0200)
committer Daan De Meyer <daan.j.demeyer@gmail.com>
Mon, 8 Jul 2024 12:20:01 +0000 (14:20 +0200)
diff --git a/action.yaml b/action.yaml

index 0197b0db953bd266f93c5d8fff7725dcd81992c1..267e199db675d197854d615faec7c13423505e6b 100644 (file)
--- a/action.yaml
+++ b/action.yaml
@@ -38,6 +38,17 @@ runs:
          sudo sysctl --ignore --write kernel.apparmor_restrict_unprivileged_unconfined=0
          sudo sysctl --ignore --write kernel.apparmor_restrict_unprivileged_userns=0
  
+  # Both the unix-chkpwd and swtpm profiles are broken (https://gitlab.com/apparmor/apparmor/-/issues/402) so let's
+  # just disable and remove apparmor completely. It's not relevant in this context anyway.
+  # TODO: Remove if https://github.com/actions/runner-images/issues/10015 is ever fixed.
+  - name: Disable and mask apparmor service
+    shell: bash
+    run: |
+        # This command fails with a non-zero error code even though it unloads the apparmor profiles.
+        # https://gitlab.com/apparmor/apparmor/-/issues/403
+        sudo aa-teardown || true
+        sudo apt-get remove apparmor
+
    - name: Dependencies
      shell: bash
      run: |
author	Daan De Meyer <daan.j.demeyer@gmail.com>
	Mon, 8 Jul 2024 12:19:42 +0000 (14:19 +0200)
committer	Daan De Meyer <daan.j.demeyer@gmail.com>
	Mon, 8 Jul 2024 12:20:01 +0000 (14:20 +0200)