AppArmor policy update for NVMeoF

When using NVMeoF feature with nova-compute apparmor in enforce mode, nova-compute is denied from running /usr/sbin/nvme and /usr/sbin/blkid, and reading /etc/nvme/hostnqn. Change-Id: Ia23fbf341d5b7ad469337d8a0c65c18ec519a891 Closes-Bug: #2039161 (cherry picked from commit 0f9c730817) (cherry picked from commit 557c47f37b)
2023-10-12 11:50:30 -03:00 · 2023-10-12 11:50:30 -03:00 · c41b443548
parent 2804532c6d
commit c41b443548
1 changed files with 3 additions and 0 deletions
--- a/templates/usr.bin.nova-compute
+++ b/templates/usr.bin.nova-compute
@ -166,4 +166,7 @@
  /etc/magic r,
  /sys/devices/virtual/dmi/** r,
  /usr/sbin/dmidecode rix,
+  /usr/sbin/blkid rix,
+  /usr/sbin/nvme rix,
+  /etc/nvme/hostnqn r,
 }