From: Christian Ehrhardt <christian.ehrhardt@xxxxxxxxxxxxx> If running multiple [1] clusters (uncommon) the ceph config file will be derived from the cluster name. Therefore the rule to allow to read ceph config files need to be opened up slightly to allow for that condition. [1]: https://docs.ceph.com/en/mimic/rados/configuration/common/#running-multiple-clusters Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1588576 Signed-off-by: Christian Ehrhardt <christian.ehrhardt@xxxxxxxxxxxxx> --- src/security/apparmor/libvirt-qemu | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/security/apparmor/libvirt-qemu b/src/security/apparmor/libvirt-qemu index 4156428163..8cd76d48ec 100644 --- a/src/security/apparmor/libvirt-qemu +++ b/src/security/apparmor/libvirt-qemu @@ -199,7 +199,7 @@ /sys/class/ r, # for rbd - /etc/ceph/ceph.conf r, + /etc/ceph/*.conf r, # Various functions will need to enumerate /tmp (e.g. ceph), allow the base # dir and a few known functions like samba support. -- 2.33.0
