Merge "Add iSCSI to nova-compute AppArmor profile"
This commit is contained in:
commit
316bf6cd85
|
@ -25,18 +25,22 @@
|
|||
|
||||
network inet raw,
|
||||
network inet stream,
|
||||
network unix stream,
|
||||
|
||||
deny /* w,
|
||||
|
||||
/bin/* rix,
|
||||
/dev/disk/** r,
|
||||
/dev/nbd* rw,
|
||||
/dev/tty rw,
|
||||
/dev/pts/* r,
|
||||
/dev/sd* r,
|
||||
/etc/default/locale r,
|
||||
/etc/environment r,
|
||||
/etc/iscsi/initiatorname.iscsi r,
|
||||
/etc/iscsi/** rw,
|
||||
/etc/machine-id r,
|
||||
/etc/modprobe.d/ r,
|
||||
/etc/modprobe.d/** r,
|
||||
/etc/mtab rw,
|
||||
/etc/nova/** r,
|
||||
/etc/ssh/ssh_config r,
|
||||
|
@ -45,6 +49,7 @@
|
|||
/etc/sudoers.d/ r,
|
||||
/etc/sudoers.d/* r,
|
||||
/proc/*/cmdline r,
|
||||
/proc/cmdline r,
|
||||
/proc/sys/net/ipv6/conf/** w,
|
||||
/proc/*/task/*/comm wr,
|
||||
/proc/*/fd/ r,
|
||||
|
@ -55,11 +60,14 @@
|
|||
/proc/version r,
|
||||
/proc/loadavg r,
|
||||
/run/libvirt/libvirt-sock rw,
|
||||
/run/lock/iscsi/ rw,
|
||||
/run/lock/iscsi/** rwl,
|
||||
/run/lock/nova/nova-iptables wk,
|
||||
/run/lock/qemu-nbd-nbd* w,
|
||||
/run/openvswitch/db.sock rw,
|
||||
/sbin/blockdev rix,
|
||||
/sbin/brctl rix,
|
||||
/sbin/iscsiadm rix,
|
||||
/sbin/ldconfig rix,
|
||||
/sbin/ldconfig.real rix,
|
||||
/sbin/mkfs rix,
|
||||
|
@ -69,16 +77,26 @@
|
|||
/sbin/mkswap rix,
|
||||
/sys/block/ r,
|
||||
/sys/class/fc_host/{,**} r,
|
||||
/sys/class/iscsi_host/ r,
|
||||
/sys/class/iscsi_session/ r,
|
||||
/sys/class/iscsi_transport/ r,
|
||||
/sys/class/scsi_host/ r,
|
||||
/sys/devices/pci*/** r,
|
||||
/sys/devices/pci/** r,
|
||||
/sys/devices/pci*/**/scan rw,
|
||||
/sys/devices/pci*/**/delete rw,
|
||||
/sys/devices/platform/** rw,
|
||||
/sys/devices/system/cpu/ r,
|
||||
/sys/devices/system/cpu/** r,
|
||||
/sys/devices/system/node/ r,
|
||||
/sys/devices/system/node/** r,
|
||||
/sys/devices/virtual/block/nbd*/ r,
|
||||
/sys/devices/virtual/iscsi_transport/** r,
|
||||
/sys/devices/virtual/net/** w,
|
||||
/sys/module/scsi_transport_iscsi/** r,
|
||||
/sys/module/libiscsi/** r,
|
||||
/sys/module/libiscsi_tcp/** r,
|
||||
/sys/module/iscsi_tcp/** r,
|
||||
/tmp/{,**} rw,
|
||||
/{usr/,}lib/udev/scsi_id PUx,
|
||||
/usr/bin/ r,
|
||||
|
|
Loading…
Reference in New Issue