From 57eb57419df43cab9b0c44bd8093a9529ce186ab Mon Sep 17 00:00:00 2001 From: Bjoern Teipel Date: Tue, 29 May 2018 13:44:44 -0500 Subject: [PATCH] Adding rpc_pipefs for lxc-openstack aa profile The RPC pipefs is needed for NFS kernel/userspace interaction and need to be added to the LXC profile. This is important for containers like glance-api who can mount NFS onto `/var/lib/glance/images`. Change-Id: Ib1a697ad9a63dd1f7be66321291882ffab82255a Closes-Bug: #1774037 --- templates/lxc-openstack.apparmor.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/lxc-openstack.apparmor.j2 b/templates/lxc-openstack.apparmor.j2 index 62b6ec78..4356a996 100644 --- a/templates/lxc-openstack.apparmor.j2 +++ b/templates/lxc-openstack.apparmor.j2 @@ -16,6 +16,7 @@ profile lxc-openstack flags=(attach_disconnected,mediate_deleted) { mount fstype=fuseblk -> /**, mount fstype=nbd* -> /**, mount fstype=nfs* -> /**, + mount fstype=rpc_pipefs, mount fstype=devpts, # allow System access.