In iSCSI usecases including cinder-lvm, os-brick requires lock files
such as:
- /run/lock/nova/os-brick-connect_volume
- /run/lock/nova/os-brick-connect_to_iscsi_portal-192.168.0.1
and lsscsi requires following access to compose a rescan command such as
"/sys/bus/scsi/drivers/sd/2:0:0:0/rescan":
- /dev/
- /sys/bus/scsi/devices/
Reviewed: https:/ /review. opendev. org/c/openstack /charm- nova-compute/ +/848055 /opendev. org/openstack/ charm-nova- compute/ commit/ c16a9aedab7eed0 699f3d677eab033 74d348e6a8
Committed: https:/
Submitter: "Zuul (22348)"
Branch: stable/xena
commit c16a9aedab7eed0 699f3d677eab033 74d348e6a8
Author: Nobuto Murata <email address hidden>
Date: Fri Jun 24 23:22:54 2022 +0900
AppArmor policy update for os-brick and iSCSI
In iSCSI usecases including cinder-lvm, os-brick requires lock files nova/os- brick-connect_ volume nova/os- brick-connect_ to_iscsi_ portal- 192.168. 0.1
such as:
- /run/lock/
- /run/lock/
and lsscsi requires following access to compose a rescan command such as bus/scsi/ drivers/ sd/2:0: 0:0/rescan" : scsi/devices/
"/sys/
- /dev/
- /sys/bus/
Closes-Bug: #1979812 7bda006f1bbc544 2038f7070f1 e752c6010964efe 2aca10ef89)
Related-Bug: #1939390
Change-Id: Id2db3a70b8d128
(cherry picked from commit cf0f464391df509