[PATCH] apparmor: ceph config file names
christian.ehrhardt at canonical.com
christian.ehrhardt at canonical.com
Thu Oct 7 11:32:42 UTC 2021
From: Christian Ehrhardt <christian.ehrhardt at canonical.com>
If running multiple [1] clusters (uncommon) the ceph config file will be
derived from the cluster name. Therefore the rule to allow to read ceph
config files need to be opened up slightly to allow for that condition.
[1]: https://docs.ceph.com/en/mimic/rados/configuration/common/#running-multiple-clusters
Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1588576
Signed-off-by: Christian Ehrhardt <christian.ehrhardt at canonical.com>
---
src/security/apparmor/libvirt-qemu | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/security/apparmor/libvirt-qemu b/src/security/apparmor/libvirt-qemu
index 4156428163..8cd76d48ec 100644
--- a/src/security/apparmor/libvirt-qemu
+++ b/src/security/apparmor/libvirt-qemu
@@ -199,7 +199,7 @@
/sys/class/ r,
# for rbd
- /etc/ceph/ceph.conf r,
+ /etc/ceph/*.conf r,
# Various functions will need to enumerate /tmp (e.g. ceph), allow the base
# dir and a few known functions like samba support.
--
2.33.0
More information about the libvir-list
mailing list