Add ceph paths to usr.bin.nova-compute aa profile

The current profile does not include ceph paths
which breaks nova-compute if
libvirt-image-backend=rbd when in enforce mode.
Also fix access to /tmp and /var/tmp.

Change-Id: Ie03a43ef73ca5f97f4f9e5edcefd261a0e36abf9
Closes-Bug: 1732492
This commit is contained in:
Edward Hope-Morley 2017-11-15 18:04:00 +00:00
parent 84c840227f
commit 0423eae1df
1 changed files with 4 additions and 4 deletions

View File

@ -70,9 +70,7 @@
/sys/devices/system/node/** r,
/sys/devices/virtual/block/nbd*/ r,
/sys/devices/virtual/net/** w,
/tmp/* rw,
/tmp/*/ rw,
/tmp/** rw,
/tmp/{,**} rw,
/usr/bin/ r,
/usr/bin/* rix,
/usr/lib/gcc/x86_64-linux-gnu/4.8/collect2 rix,
@ -87,7 +85,7 @@
/var/run/libvirt/* rw,
/var/run/libvirt/libvirt-sock rw,
/var/run/openvswitch/db.sock rw,
/var/tmp/* w,
/var/tmp/{,**} rw,
{% if ubuntu_release <= '12.04' %}
/proc/*/mounts r,
/proc/*/status r,
@ -95,4 +93,6 @@
owner @{PROC}/@{pid}/mounts r,
owner @{PROC}/@{pid}/status r,
{% endif %}
/var/lib/charm/*/ceph.conf r,
/etc/ceph/* r,
}