openkylin
/
libvirt
mirror of https://gitee.com/openkylin/libvirt.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

apparmor: ceph config file names 

If running multiple [1] clusters (uncommon) the ceph config file will be
derived from the cluster name. Therefore the rule to allow to read ceph
config files need to be opened up slightly to allow for that condition.

[1]: https://docs.ceph.com/en/mimic/rados/configuration/common/#running-multiple-clusters

Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1588576

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
This commit is contained in:
Christian Ehrhardt 2021-10-07 13:27:35 +02:00
parent 5ee4f3e1d4
commit e3c5a8ec73
No known key found for this signature in database
GPG Key ID: BA3E29338280B242
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/security/apparmor/libvirt-qemu
View File

@ -199,7 +199,7 @@
/sys/class/ r,
# for rbd
/etc/ceph/ceph.conf r,
/etc/ceph/*.conf r,
# Various functions will need to enumerate /tmp (e.g. ceph), allow the base
# dir and a few known functions like samba support.