We should not allow access to /tmp and /var/tmp as that breaks application isolation. As for /var/lib/charm/ceph/ceph.conf, this sounds like something virt-aa-helper should be adding. Can you attach the domain xml for the affected VM?
We should not allow access to /tmp and /var/tmp as that breaks application isolation. As for /var/lib/ charm/ceph/ ceph.conf, this sounds like something virt-aa-helper should be adding. Can you attach the domain xml for the affected VM?