[PATCH] apparmor: ceph config file names
Christian Ehrhardt
christian.ehrhardt at canonical.com
Mon Oct 11 06:04:46 UTC 2021
On Sat, Oct 9, 2021 at 2:33 PM Jamie Strandboge <jamie at strandboge.com> wrote:
>
> On Thu, 07 Oct 2021, christian.ehrhardt at canonical.com wrote:
>
> > From: Christian Ehrhardt <christian.ehrhardt at canonical.com>
> >
> > If running multiple [1] clusters (uncommon) the ceph config file will be
> > derived from the cluster name. Therefore the rule to allow to read ceph
> > config files need to be opened up slightly to allow for that condition.
> >
> > [1]: https://docs.ceph.com/en/mimic/rados/configuration/common/#running-multiple-clusters
> >
> > Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1588576
> >
> > Signed-off-by: Christian Ehrhardt <christian.ehrhardt at canonical.com>
> > ---
> > src/security/apparmor/libvirt-qemu | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/src/security/apparmor/libvirt-qemu b/src/security/apparmor/libvirt-qemu
> > index 4156428163..8cd76d48ec 100644
> > --- a/src/security/apparmor/libvirt-qemu
> > +++ b/src/security/apparmor/libvirt-qemu
> > @@ -199,7 +199,7 @@
> > /sys/class/ r,
> >
> > # for rbd
> > - /etc/ceph/ceph.conf r,
> > + /etc/ceph/*.conf r,
> >
> > # Various functions will need to enumerate /tmp (e.g. ceph), allow the base
> > # dir and a few known functions like samba support.
>
> LGTM, thanks!
> --
> Email: jamie at strandboge.com
> IRC: jdstrand
Thank you both Jamie and Michal!,
Reviews are in, no freeze right now, no negative feedback appeared and
the tests work fine.
Thereby I'm pushing this AA change now ...
--
Christian Ehrhardt
Staff Engineer, Ubuntu Server
Canonical Ltd
More information about the libvir-list
mailing list