In iSCSI usecases including cinder-lvm, os-brick requires lock files
such as:
- /run/lock/nova/os-brick-connect_volume
- /run/lock/nova/os-brick-connect_to_iscsi_portal-192.168.0.1
and lsscsi requires following access to compose a rescan command such as
"/sys/bus/scsi/drivers/sd/2:0:0:0/rescan":
- /dev/
- /sys/bus/scsi/devices/
Reviewed: https:/ /review. opendev. org/c/openstack /charm- nova-compute/ +/848057 /opendev. org/openstack/ charm-nova- compute/ commit/ b5e658d04571a7c 3019b5c5b711aca 632989248c
Committed: https:/
Submitter: "Zuul (22348)"
Branch: stable/victoria
commit b5e658d04571a7c 3019b5c5b711aca 632989248c
Author: Nobuto Murata <email address hidden>
Date: Fri Jun 24 23:22:54 2022 +0900
AppArmor policy update for os-brick and iSCSI
In iSCSI usecases including cinder-lvm, os-brick requires lock files nova/os- brick-connect_ volume nova/os- brick-connect_ to_iscsi_ portal- 192.168. 0.1
such as:
- /run/lock/
- /run/lock/
and lsscsi requires following access to compose a rescan command such as bus/scsi/ drivers/ sd/2:0: 0:0/rescan" : scsi/devices/
"/sys/
- /dev/
- /sys/bus/
Closes-Bug: #1979812 7bda006f1bbc544 2038f7070f1 e752c6010964efe 2aca10ef89)
Related-Bug: #1939390
Change-Id: Id2db3a70b8d128
(cherry picked from commit cf0f464391df509