Acceptance criteria: - [x] AppArmor profile from devstack is applied to stage k8s node - SRE will actually apply the profile: https://2u-internal.atlassian.net/browse/GSRE-2699 - PRs to get this file into the right repo first: https://github.com/edx/devstack/pull/117 and https://github.com/edx/public-dockerfiles/pull/106 - [x] Ensure we have a ticket for finding a long-term approach to where the profile will be managed and maintained and how it will be deployed: https://2u-internal.atlassian.net/browse/GSRE-2701 - [x] Django setting `CODEJAIL_ENABLED` set to True in stage, and `CODE_JAIL` values configured - [x] https://github.com/edx/edx-internal/pull/12478 - [x] https://github.com/edx/edx-internal/pull/12479 - [x] Test procedure that was developed in https://github.com/edx/edx-arch-experiments/issues/896 passes to our satisfaction, from a security and basic functionality perspective (OK to have some non-security bugs)
Acceptance criteria:
CODEJAIL_ENABLEDset to True in stage, andCODE_JAILvalues configured