From 56c8b59192adab4c56d2cd863e34ebe0004ef539 Mon Sep 17 00:00:00 2001
From: Olivier Dufour-Cuvillier <olivier.dufour@canonical.com>
Date: Tue, 28 Nov 2023 16:16:14 +0900
Subject: [PATCH] Update apparmor profile for nova-compute

Nova-compute uses ssh and scp commands extensively and this
patch allows the process to read the configuration too in
/etc/ssh/ssh_config.d/ directory.

Closes-Bug: #2044983
Change-Id: I336ce64d493c549096d0b8706996e0f17a2728fb
(cherry picked from commit 4d6f4c07c9b634e22d5445a702be3d3ee9730ab3)
---
 templates/usr.bin.nova-compute | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/templates/usr.bin.nova-compute b/templates/usr.bin.nova-compute
index 00fa39ed..807c1bb4 100644
--- a/templates/usr.bin.nova-compute
+++ b/templates/usr.bin.nova-compute
@@ -53,6 +53,8 @@
   /etc/nova/** r,
   /etc/qemu/firmware/{,**} r,
   /etc/ssh/ssh_config r,
+  /etc/ssh/ssh_config.d/ r,
+  /etc/ssh/ssh_config.d/* r,
   /etc/ssl/openssl.cnf r,
   /etc/sudo.conf r,
   /etc/sudoers r,