Honestly, I would only modify package maintained files from a charm as the very
last resort.
Using those paths is not only something strange in the charm. Anyone using ceph
rbd would use those paths.
IMO, the question is, should a properly confined qemu allow rbd or not?
This has btw precedence.
/etc/apparmor.d/abstractions/libvirt-qemu
# allow access to charm-specific ceph config and silence spurious
# denials (LP: #1403648).
/var/lib/charm/*/ceph.conf r,
deny /tmp/{,**} r,
deny /var/tmp/{,**} r,
This was even more charm specific.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1779674
Title:
AppArmor does not permit access to rbd admin socket hardcoded in
OpenStack charms
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1779674/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
