From 552a84925c9c1f7adc810e338a61944b6a53dbd0 Mon Sep 17 00:00:00 2001
From: Olivier Dufour-Cuvillier <olivier.dufour@canonical.com>
Date: Tue, 28 Nov 2023 16:16:14 +0900
Subject: [PATCH] Update apparmor profile for nova-compute

Nova-compute uses ssh and scp commands extensively and this
patch allows the process to read the configuration too in
/etc/ssh/ssh_config.d/ directory.

Closes-Bug: #2044983
Change-Id: I336ce64d493c549096d0b8706996e0f17a2728fb
(cherry picked from commit 4d6f4c07c9b634e22d5445a702be3d3ee9730ab3)
(cherry picked from commit 20c9776e8836abbe13a2eab2efe1d8c9a8cff851)
---
 templates/usr.bin.nova-compute | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/templates/usr.bin.nova-compute b/templates/usr.bin.nova-compute
index 6b0564ac..7b0e0e1a 100644
--- a/templates/usr.bin.nova-compute
+++ b/templates/usr.bin.nova-compute
@@ -53,6 +53,8 @@
   /etc/nova/** r,
   /etc/qemu/firmware/{,**} r,
   /etc/ssh/ssh_config r,
+  /etc/ssh/ssh_config.d/ r,
+  /etc/ssh/ssh_config.d/* r,
   /etc/ssl/openssl.cnf r,
   /etc/sudoers r,
   /etc/sudoers.d/ r,