openstack/charm-nova-compute
Code Issues Proposed changes

Allow nova-compute rw access to /dev/net/tun

Browse Source 
Contrail Nova VIF plugin relies on Nova (core) code to create a tap
interface before a vrouter interface is plugged. Thus nova-compute needs
to be able to access /dev/net/tun which it cannot with the current
apparmor profile when enforcing mode is enabled.

See LP: #1841111

Change-Id: I31033bc7d95dfce6b677c6e948303f7154395f66
Closes-Bug: #1841111
This commit is contained in:
Dmitrii Shcherbakov 2019-08-22 17:40:58 -04:00
parent 4fb7ff1f7c
commit 4168ffd536
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
templates/usr.bin.nova-compute
View File

@ -134,4 +134,5 @@
{% endif %} {% endif %}
/var/lib/charm/*/ceph.conf r, /var/lib/charm/*/ceph.conf r,
/etc/ceph/* r, /etc/ceph/* r,
/dev/net/tun rw,
} }