Add ceph paths to usr.bin.nova-compute aa profile
The current profile does not include ceph paths which breaks nova-compute if libvirt-image-backend=rbd when in enforce mode. Also fix access to /tmp and /var/tmp. Change-Id: Ie03a43ef73ca5f97f4f9e5edcefd261a0e36abf9 Closes-Bug: 1732492
This commit is contained in:
parent
84c840227f
commit
0423eae1df
|
@ -70,9 +70,7 @@
|
||||||
/sys/devices/system/node/** r,
|
/sys/devices/system/node/** r,
|
||||||
/sys/devices/virtual/block/nbd*/ r,
|
/sys/devices/virtual/block/nbd*/ r,
|
||||||
/sys/devices/virtual/net/** w,
|
/sys/devices/virtual/net/** w,
|
||||||
/tmp/* rw,
|
/tmp/{,**} rw,
|
||||||
/tmp/*/ rw,
|
|
||||||
/tmp/** rw,
|
|
||||||
/usr/bin/ r,
|
/usr/bin/ r,
|
||||||
/usr/bin/* rix,
|
/usr/bin/* rix,
|
||||||
/usr/lib/gcc/x86_64-linux-gnu/4.8/collect2 rix,
|
/usr/lib/gcc/x86_64-linux-gnu/4.8/collect2 rix,
|
||||||
|
@ -87,7 +85,7 @@
|
||||||
/var/run/libvirt/* rw,
|
/var/run/libvirt/* rw,
|
||||||
/var/run/libvirt/libvirt-sock rw,
|
/var/run/libvirt/libvirt-sock rw,
|
||||||
/var/run/openvswitch/db.sock rw,
|
/var/run/openvswitch/db.sock rw,
|
||||||
/var/tmp/* w,
|
/var/tmp/{,**} rw,
|
||||||
{% if ubuntu_release <= '12.04' %}
|
{% if ubuntu_release <= '12.04' %}
|
||||||
/proc/*/mounts r,
|
/proc/*/mounts r,
|
||||||
/proc/*/status r,
|
/proc/*/status r,
|
||||||
|
@ -95,4 +93,6 @@
|
||||||
owner @{PROC}/@{pid}/mounts r,
|
owner @{PROC}/@{pid}/mounts r,
|
||||||
owner @{PROC}/@{pid}/status r,
|
owner @{PROC}/@{pid}/status r,
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
/var/lib/charm/*/ceph.conf r,
|
||||||
|
/etc/ceph/* r,
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue