openstack/charm-nova-compute
Code Issues Proposed changes

Update to aa-profile for online volume resize with multipath iSCSI

Browse Source 
When using PureStorage as an iSCSI backend with the nova-compute charm
in aa-profile-mode=enforce, online volume extend operations fail, as
reading /dev/dm-* paths is prevented by AppArmor with the log like:

apparmor="DENIED" operation="open" profile="/usr/bin/nova-compute"
name="/dev/dm-18" pid=1065379 comm="blockdev" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0

Lack of the permission prevents the updated volume size being applied to
instances.

Closes-Bug: #2116217
Change-Id: Ic584906152b618e9e901b8a76ee1934292dfab8f
Signed-off-by: Satya Jhaveri <satya.jhaveri@canonical.com>
This commit is contained in:
Satya Jhaveri
2025-12-12 12:39:34 +11:00
committed by Nobuto Murata
parent c6b5ffa52e
commit 5a3475fc50
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
templates/usr.bin.nova-compute
+1
View File
@@ -34,6 +34,7 @@
/dev/ r,
/dev/disk/** r,
/dev/disk/by-id/* r,
/dev/dm-* r,
/dev/mapper/control wr,
/dev/nbd* rw,
/dev/tty rw,