ward exec sandbox fails on ser8 (apparmor_restrict_unprivileged_userns) — fleet-converge silently failing #370
Labels
No labels
burndown-2026-06
coherence-core
consult
headless
interactive
P0
P1
P2
P3
P4
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
coilyco-flight-deck/infrastructure#370
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
ward exec's sandbox fails on ser8, so every audited fleet verb on the ops plane is broken — including thefleet-convergetimer, which has almost certainly been failing silently since ser8 came up.Symptom
Surfaced while activating the Telegram fleet producers (#369), but it is not specific to that verb — it hits any
ward execon ser8.Root cause
ser8 runs with AppArmor's unprivileged-userns restriction on:
/proc/sys/kernel/apparmor_restrict_unprivileged_userns = 1(Ubuntu 24.04 default hardening)kernel.unprivileged_userns_clone = 1anduser.max_user_namespaces = 235662are both fine — it is AppArmor, not the classic toggles)ward execcreates an unprivileged user+mount namespace for its sandbox and runsmount --make-rprivate; AppArmor denies the userns toward(a Homebrew binary with no AppArmor profile), somake-rprivatereturns EPERM.Blast radius
fleet-converge.shrunsward exec ansible-sync action=applyevery 30 min on ser8) has been failing on every tick. It pushes ahighalert on failure — but coily/ntfy were down, so the alerts went nowhere. Double-silent.ward execverb invoked on ser8 (interactive or timer).kai-serverand the failure stayed hidden.Fix options
ward(preferred, keeps the host hardened). Ship a profile permittingusernsfor theward/coilybinary path, loaded via an ansible role so it converges fleet-wide on Ubuntu 24.04 hosts. Hardening stays on for everything else.kernel.apparmor_restrict_unprivileged_userns=0via a persisted/etc/sysctl.d/drop-in (ansible-managed). One line, un-breaks everything, but weakens a host hardening (unprivileged userns is an exploit primitive). Posture call.make-rprivateand degrade to an unsandboxed (audited-only) exec with a warning, instead of hard-failing. Belongs upstream in ward; tracks separately.Also worth fixing regardless
fleet-converge failing silently for weeks is the exact "auto-converge that fails quietly is the disease it cures" failure mode its own docs warn about. Once Telegram alerting lands (#369), a failed converge will at least be loud. Consider a vmalert rule on a fleet-converge heartbeat/last-success timestamp so a wedged timer pages on its own.
Found during the ntfy->Telegram migration (#369). Host: ser8 (Beelink SER8, Ubuntu 24.04).