Apparmor profiles were limiting queens deployments of neutron-gateway
when aa-profile-mode was set to enforce. It led to failed instance
deployments due to neutron agents failing to execute their necessary
functions.
This change updates the profiles to be Queens ready.
Closes-Bug: #1761536
Change-Id: I2e08a2de9e4ae8139ab8e4be131631883652d029
Add support for application of apparmor profiles to
neutron and nova daemons that run on neutron-gateway
units.
By default this is disabled but may be enabled by setting
the aa-profile-mode option to ether 'complain' or 'enforce'.
Note that the apparmor profiles do not try to reproduce the
permissions required for all operations that may be undertaken
using oslo.rootwrap; daemons are granted permission to run
'sudo' without any apparmor based restrictions.
Change-Id: Ibe568a46ee4c1f1148c162f0f0b2907153770efe
