Commit Graph

5 Commits

Author SHA1 Message Date
wangfaxin
4dee9b0976 Fix misspell word
Change-Id: Id9fbb9e3daf32e7b575c16fc0793b495c6b05227
2020-03-24 11:59:32 +01:00
David Ames
a59b4d606f Apparmor profiles for Queens
Apparmor profiles were limiting queens deployments of neutron-gateway
when aa-profile-mode was set to enforce. It led to failed instance
deployments due to neutron agents failing to execute their necessary
functions.

This change updates the profiles to be Queens ready.

Closes-Bug: #1761536

Change-Id: I2e08a2de9e4ae8139ab8e4be131631883652d029
2018-04-25 21:37:52 +00:00
Martin Hellström
4e4597e591 adds missing entries in the apparmor profiles
Change-Id: I030ccdd267f67844ff2cea328ae1d3d0275c949b
2017-07-17 23:49:59 +02:00
David Ames
c9488cff61 Newton apparmor fixes
In newton neutron-lbaas-agent has been renamed neutron-lbaasv2-agent.
The apparmor profile and resource map requires updates to handle this.

Change-Id: Ia8ac50e5e7fa32139528b90d82dfdd1489a2173a
Depends-On: I69b4e3c38b7b24c4ef93010e5612faf377d7a67a
2016-10-12 16:45:51 -07:00
David Ames
83d0ad0238 Add apparmor template for neutron services
Add support for application of apparmor profiles to
neutron and nova daemons that run on neutron-gateway
units.

By default this is disabled but may be enabled by setting
the aa-profile-mode option to ether 'complain' or 'enforce'.

Note that the apparmor profiles do not try to reproduce the
permissions required for all operations that may be undertaken
using oslo.rootwrap; daemons are granted permission to run
'sudo' without any apparmor based restrictions.

Change-Id: Ibe568a46ee4c1f1148c162f0f0b2907153770efe
2016-09-28 23:06:50 +00:00