libvirt apparmor profile blocks access to ceph config file if cluster name is not "ceph"
Bug #1588576 reported by
youshotwhointhatwhatnow
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libvirt (Ubuntu) |
Fix Released
|
Medium
|
Christian Ehrhardt |
Bug Description
The name of the Ceph config file depends on the name of your Ceph cluster. By default the cluster name is just "ceph" so the config file is named "ceph.conf". If you name your cluster "foobar" your config file will be named "foobar.conf".
The apparmor profile /etc/apparmor.
This is on Xenial server.
CVE References
Changed in libvirt (Ubuntu): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
tags: | added: libvirt-22.04 |
To post a comment you must log in.
Hi I'm clearing out old bugs that were forgotten somewhere/somehow - I beg your pardon for the lack of activity ...
On this one I wonder why this isn't more impactful if that is a common problem.
As of today the rule still is: ceph/ceph. conf r, apparmor/ libvirt- qemu
/etc/
in file
src/security/
For my lack of ceph knowledge I have pinged a few friends who know more.
If your statement is true that the filename changes we should indeed fix that (firsut upstream then, but that is a detail).
Just naively looking into the code I see ceph.conf all around but no variable/ replacement. lib-systemd/ system/ ceph-osd@ .service: 11:Environment= CONFIG= /etc/ceph/ ceph.conf lib-systemd/ system/ ceph-create- keys.service: 7:Environment= CONFIG= /etc/ceph/ ceph.conf
For example the services are static
debian/
debian/
But then I found /docs.ceph. com/en/ mimic/rados/ configuration/ common/ #running- multiple- clusters
https:/
Which clearly confirms:
"When you run multiple clusters, you must name your cluster and save the Ceph configuration file with the name of the cluster. For example, a cluster named openstack will have a Ceph configuration file with the file name openstack.conf in the /etc/ceph default directory."