Allow read access to firmware information
Update the apparmor profile for nova-compute to allow it to read the firmware configuration information for qemu. This is necessary in order to launch instances using UEFI when apparmor enforcement is enabled. Closes-Bug: #1958686 Change-Id: I7d9152dcc684923600c40ff0227c3c3eaafa7574
This commit is contained in:
parent
330086cb71
commit
f4eeb0650a
@ -50,6 +50,7 @@
|
||||
/etc/multipath/bindings wrk,
|
||||
/etc/multipath/wwids wrk,
|
||||
/etc/nova/** r,
|
||||
/etc/qemu/firmware/{,**} r,
|
||||
/etc/ssh/ssh_config r,
|
||||
/etc/ssl/openssl.cnf r,
|
||||
/etc/sudoers r,
|
||||
@ -126,6 +127,7 @@
|
||||
/usr/lib{,32,64}/** mrw,
|
||||
/usr/lib{,32,64}/python{2,3}.[34567]/**.{pyc,so} mrw,
|
||||
/var/lib/contrail/ports/* rw,
|
||||
/usr/share/qemu/firmware/{,**} r,
|
||||
/var/lib/nova/ r,
|
||||
/var/lib/nova/** rwk,
|
||||
{% if virt_type == 'lxd' %}
|
||||
|
Loading…
Reference in New Issue
Block a user