From b562ec0c339a7d6f51f4b9e7e71e0b1ce3e50d95 Mon Sep 17 00:00:00 2001 From: Markos Chandras Date: Tue, 25 Jul 2017 17:07:55 +0100 Subject: [PATCH] tasks: lxc_install_zypper: Add missing files to the dnsmasq apparmor profile Commit d77bbf6d0ab6 ("tasks: lxc_install_zypper: Relax apparmor restrictions for dnsmasq") added some neutron directories to the dnsmasq apparmor profile in order to allow dnsmasq to work on a neutron environment. However, it missed /var/lib/neutron so apparmor still prevents dnsmasq from running. Moreover, we fix the regexp to allow access to files even on neutron subdirectories just to be sure. Fixes: d77bbf6d0ab6 ("tasks: lxc_install_zypper: Relax apparmor restrictions for dnsmasq") Change-Id: I2f839e473267a25c8fd51a0389510485f126fc7c --- tasks/lxc_install_zypper.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tasks/lxc_install_zypper.yml b/tasks/lxc_install_zypper.yml index ac562ba9..a4e85e81 100644 --- a/tasks/lxc_install_zypper.yml +++ b/tasks/lxc_install_zypper.yml @@ -30,8 +30,9 @@ blockinfile: path: "/etc/apparmor.d/local/usr.sbin.dnsmasq" block: |- - /etc/neutron/* r, - /var/log/neutron/* rw, + /etc/neutron/** r, + /var/log/neutron/** rw, + /var/lib/neutron/** rw, marker: "# {mark} ANSIBLE MANAGED BLOCK" notify: - Start apparmor