Comment 4 for bug 1930276

Well, I had spawned instance on master only, and policy has been applied without service restart:

(openstackclient) root@aio1:~# openstack server list

(openstackclient) root@aio1:~# openstack server list --all-projects
Policy doesn't allow os_compute_api:servers:detail:get_all_tenants to be performed. (HTTP 403) (Request-ID: req-4f41008e-566c-4be2-be3d-5a56a2d551f7)
(openstackclient) root@aio1:~# stat /var/lib/lxc/aio1_nova_api_container-a32981bc/rootfs/etc/nova/policy.yaml
stat: cannot stat '/var/lib/lxc/aio1_nova_api_container-a32981bc/rootfs/etc/nova/policy.yaml': No such file or directory
(openstackclient) root@aio1:~# echo '"os_compute_api:servers:detail:get_all_tenants": "rule:system_reader_api or rule:project_member_api"' > /var/lib/lxc/aio1_nova_api_container-a32981bc/rootfs/etc/nova/policy.yaml
(openstackclient) root@aio1:~# openstack server list --all-projects
+--------------------------------------+------+--------+-----------------------+--------+--------+
| ID | Name | Status | Networks | Image | Flavor |
+--------------------------------------+------+--------+-----------------------+--------+--------+
| 03167f5d-0ef1-47bf-8a04-80672ca437e1 | test | ACTIVE | private=192.168.74.10 | cirros | test |
+--------------------------------------+------+--------+-----------------------+--------+--------+
(openstackclient) root@aio1:~#

Will spawn 22.1.2 and see how things are there.