openstack
/
openstack-ansible-lxc_hosts
Code Issues Proposed changes

tasks: lxc_install_zypper: Add missing files to the dnsmasq apparmor profile 

Commit d77bbf6d0a ("tasks: lxc_install_zypper: Relax apparmor
restrictions for dnsmasq") added some neutron directories to the
dnsmasq apparmor profile in order to allow dnsmasq to work on a
neutron environment. However, it missed /var/lib/neutron so apparmor
still prevents dnsmasq from running. Moreover, we fix the regexp
to allow access to files even on neutron subdirectories just to be
sure.

Fixes: d77bbf6d0a ("tasks: lxc_install_zypper: Relax apparmor restrictions for dnsmasq")
Change-Id: I2f839e473267a25c8fd51a0389510485f126fc7c
This commit is contained in:
Markos Chandras 2017-07-25 17:07:55 +01:00
parent d77bbf6d0a
commit b562ec0c33
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
tasks/lxc_install_zypper.yml
View File

@ -30,8 +30,9 @@
blockinfile:
path: "/etc/apparmor.d/local/usr.sbin.dnsmasq"
block: |-
/etc/neutron/* r,
/var/log/neutron/* rw,
/etc/neutron/** r,
/var/log/neutron/** rw,
/var/lib/neutron/** rw,
marker: "# {mark} ANSIBLE MANAGED BLOCK"
notify:
- Start apparmor