Looks like a great start, thanks!
It'd be nice if the /proc/*/.. entries would use /proc/${pid}/.. or
/proc/${pids}/.. -- while there's currently no difference between the two
variables today, we do intend to modify ${pid} to refer to strictly "the
current pid" via a kernel variable eventually.
/srv/ceph/ is probably a fair enough starting point to hardcode but if someone
stores their OSDs elsewhere, it'd be nice if there was an #include
<local/usr.bin.ceph-osd> line near the bottom of the ceph-osd profile, so these
sorts of modifications could be made easily. (See
/etc/apparmor.d/usr.sbin.rsyslogd or /etc/apparmor.d/usr.sbin.ntpd for
examples.)
Thanks
--
https://code.launchpad.net/~xfactor973/apparmor-profiles/ceph-apparmor-profiles/+merge/289844
Your team AppArmor Developers is requested to review the proposed merge of
lp:~xfactor973/apparmor-profiles/ceph-apparmor-profiles into
lp:apparmor-profiles.
--
AppArmor mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
