Misc updates to apparmor profile
Minor refactoring and updates for DENIED messages seen during 'complain' testing with filestore and bluestore based OSD's with journals, db and wal devices. Tested with Ceph Luminous on 18.04 including data generation using rados bench and pg resizing from 8 -> 256 during testing. Change-Id: I705eacfe4d464b96dde25495eecb95db30423b66
This commit is contained in:
parent
de283cdad2
commit
5c1a304e0e
|
@ -1,5 +1,4 @@
|
|||
# vim:syntax=apparmor
|
||||
# Author: Chris Holcombe <xfactor973 at gmail_com>
|
||||
#include <tunables/global>
|
||||
|
||||
/usr/bin/ceph-osd {
|
||||
|
@ -18,25 +17,29 @@
|
|||
network inet6 stream,
|
||||
|
||||
/etc/ceph/* r,
|
||||
|
||||
@{PROC}/@{pids}/auxv r,
|
||||
@{PROC}/@{pids}/net/dev r,
|
||||
@{PROC}/loadavg r,
|
||||
|
||||
/run/ceph/* rw,
|
||||
/srv/ceph/** rwkl,
|
||||
/tmp/ r,
|
||||
/var/lib/ceph/** rwk,
|
||||
/var/lib/ceph/osd/** l,
|
||||
/var/lib/charm/*/ceph.conf r,
|
||||
|
||||
owner @{PROC}/@{pids}/auxv r,
|
||||
owner @{PROC}/@{pids}/net/dev r,
|
||||
owner @{PROC}/@{pids}/task/*/comm rw,
|
||||
|
||||
@{PROC}/loadavg r,
|
||||
@{PROC}/1/cmdline r,
|
||||
@{PROC}/partitions r,
|
||||
@{PROC}/sys/kernel/random/uuid r,
|
||||
|
||||
/var/lib/ceph/** rwkl,
|
||||
/srv/ceph/** rwkl,
|
||||
|
||||
/var/log/ceph/* rwk,
|
||||
/var/run/ceph/* rwk,
|
||||
/var/tmp/ r,
|
||||
|
||||
/{,var/}run/ceph/* rwk,
|
||||
/{,var/}tmp/ r,
|
||||
|
||||
/dev/ r,
|
||||
/dev/** rw,
|
||||
/sys/devices/** r,
|
||||
/proc/partitions r,
|
||||
|
||||
/run/blkid/blkid.tab r,
|
||||
|
||||
/bin/dash rix,
|
||||
|
|
Loading…
Reference in New Issue