From nobody Thu Apr 25 11:27:13 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.129.124 as permitted sender) client-ip=170.10.129.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=none dis=none)  header.from=canonical.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com
	with SMTPS id 1633607648100995.2543009944463;
 Thu, 7 Oct 2021 04:54:08 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-47--GLaZ4POP1OpSG8zQMrq5g-1; Thu, 07 Oct 2021 07:54:04 -0400
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id F1A25100D680;
	Thu,  7 Oct 2021 11:53:58 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id A5342100164A;
	Thu,  7 Oct 2021 11:53:58 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 3EB144EA2A;
	Thu,  7 Oct 2021 11:53:58 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com
	[10.11.54.6])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 197Bcjkm003394 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 7 Oct 2021 07:38:45 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 7D44A2157F20; Thu,  7 Oct 2021 11:38:45 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast04.extmail.prod.ext.rdu2.redhat.com [10.11.55.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 604492157F35
	for <libvir-list@redhat.com>; Thu,  7 Oct 2021 11:37:58 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com
 [205.139.110.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 22E07100B8DC
	for <libvir-list@redhat.com>; Thu,  7 Oct 2021 11:37:58 +0000 (UTC)
Received: from smtp-relay-internal-1.canonical.com
	(smtp-relay-internal-1.canonical.com [185.125.188.123]) (Using TLS) by
	relay.mimecast.com with ESMTP id us-mta-408-4OeLURtPMpGprqtNFoH6Ig-1;
	Thu, 07 Oct 2021 07:37:55 -0400
Received: from mail-lf1-f70.google.com (mail-lf1-f70.google.com
	[209.85.167.70])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
	SHA256) (No client certificate requested)
	by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id
	D1AEF3FFD9
	for <libvir-list@redhat.com>; Thu,  7 Oct 2021 11:32:47 +0000 (UTC)
Received: by mail-lf1-f70.google.com with SMTP id
	c42-20020a05651223aa00b003fd328cfeccso4307484lfv.4
	for <libvir-list@redhat.com>; Thu, 07 Oct 2021 04:32:47 -0700 (PDT)
Received: from localhost.localdomain ([2001:67c:1560:8007::aac:c4ad])
	by smtp.gmail.com with ESMTPSA id
	n12sm1979796lfe.145.2021.10.07.04.32.45
	(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
	Thu, 07 Oct 2021 04:32:46 -0700 (PDT)
X-MC-Unique: -GLaZ4POP1OpSG8zQMrq5g-1
X-MC-Unique: 4OeLURtPMpGprqtNFoH6Ig-1
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20210112;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
	:content-transfer-encoding;
	bh=k5T1E4BC9UZQtx6tamHXX+ujE8XIqKQIrYOHaVMiQ28=;
	b=AosVO0+d7fZ5MLqzqbMVvBF9XJsCTlH+PbzsezNB5XbFRrlXgQGgMqs91aZSuR+dHi
	lmmLbgCZ42heSuyo9IKO2hgXaEMgWgEWc3XNOY/kICRryn8tSIUaPq8QAxBBZl5LUzG6
	33aox4aGH/cvjNQp0fZjGQUVwEHgr2AHSLklYAWhVKSsgkKZkYU+6aT/+qoaGr/clAYQ
	ZtzLjWQLdCG1TtWXiLQqnr9GcJk2sH13JsuRzEXOyh3/L7wFRY7WR+MxI9X7UvLcd56s
	iePMYPJszZN+LBow+9vZzeblNinBsgYquq55jdoCJa79L/KLfb2psV+ERurxLXUMehnO
	P1xQ==
X-Gm-Message-State: AOAM5329qYK9Hvapsv1OhC7bM8G7iq333bGzoVplmVfQGp7iP8dW4dtm
	6XjcjCFWdqjnKei/URMqHp8xjQycA8pSfbsV11l7FKgQYD9mRGpLvZM018kHZ/reruKLsLgBnlo
	zkweEQBNDFVwLU0YMmTnbr+1CFORgNU0gNQ==
X-Received: by 2002:ac2:5c51:: with SMTP id s17mr3764955lfp.32.1633606366852;
	Thu, 07 Oct 2021 04:32:46 -0700 (PDT)
X-Google-Smtp-Source: 
 ABdhPJxSifOFsyS5szUEML/NQcDBJtUUgUkmYduhCjekBIYAM6Wsg9NgAs4tdxpc32ZBWOmddFFBrw==
X-Received: by 2002:ac2:5c51:: with SMTP id s17mr3764928lfp.32.1633606366616;
	Thu, 07 Oct 2021 04:32:46 -0700 (PDT)
From: christian.ehrhardt@canonical.com
To: libvir-list@redhat.com
Subject: [PATCH] apparmor: ceph config file names
Date: Thu,  7 Oct 2021 13:32:42 +0200
Message-Id: <20211007113242.625136-1-christian.ehrhardt@canonical.com>
MIME-Version: 1.0
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6
X-MIME-Autoconverted: from quoted-printable to 8bit by
	lists01.pubmisc.prod.ext.phx2.redhat.com id 197Bcjkm003394
X-loop: libvir-list@redhat.com
Cc: Christian Ehrhardt <christian.ehrhardt@canonical.com>,
 jamie@strandboge.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZM-MESSAGEID: 1633607648801100001
Content-Type: text/plain; charset="utf-8"

From: Christian Ehrhardt <christian.ehrhardt@canonical.com>

If running multiple [1] clusters (uncommon) the ceph config file will be
derived from the cluster name. Therefore the rule to allow to read ceph
config files need to be opened up slightly to allow for that condition.

[1]: https://docs.ceph.com/en/mimic/rados/configuration/common/#running-mul=
tiple-clusters

Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1588576

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/security/apparmor/libvirt-qemu | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/security/apparmor/libvirt-qemu b/src/security/apparmor/lib=
virt-qemu
index 4156428163..8cd76d48ec 100644
--- a/src/security/apparmor/libvirt-qemu
+++ b/src/security/apparmor/libvirt-qemu
@@ -199,7 +199,7 @@
   /sys/class/ r,
=20
   # for rbd
-  /etc/ceph/ceph.conf r,
+  /etc/ceph/*.conf r,
=20
   # Various functions will need to enumerate /tmp (e.g. ceph), allow the b=
ase
   # dir and a few known functions like samba support.
--=20
2.33.0