From 29878c72f782f44f9ca4aacd6971c7c70258d128 Mon Sep 17 00:00:00 2001 From: Peter Sabaini Date: Thu, 12 Oct 2023 09:11:56 +0200 Subject: [PATCH] i/b/microceph: allow more access for microceph-support (#13150) * i/b/microceph: fix microceph support Allow more types of block devices to be added as an OSD (bcache, indiv. partitions) Allow access to the rbd sysfs controls for managing rbd-backed block devices (cf. https://docs.kernel.org/admin-guide/abi-testing.html#abi-file-testing-sysfs-bus-rbd) * Add NVMe partition support Signed-off-by: Peter Sabaini * Allow for higher number of SCSI and virtio devices Signed-off-by: Peter Sabaini --------- Signed-off-by: Peter Sabaini --- interfaces/builtin/microceph.go | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/interfaces/builtin/microceph.go b/interfaces/builtin/microceph.go index 4063ac8a094..f840164bb13 100644 --- a/interfaces/builtin/microceph.go +++ b/interfaces/builtin/microceph.go @@ -32,6 +32,21 @@ const microcephConnectedPlugAppArmor = ` # Description: allow access to the MicroCeph control socket. /var/snap/microceph/common/state/control.socket rw, + +# Allow bcache devices to be accessed since DM devices may be set up on top of those. +/dev/bcache[0-9]{,[0-9],[0-9][0-9]} rwk, # bcache (up to 1000 devices) +# Access to individual partitions +/dev/hd[a-t][0-9]{,[0-9],[0-9][0-9]} rwk, # IDE, MFM, RLL +/dev/sd{,[a-z]}[a-z][0-9]{,[0-9],[0-9][0-9]} rwk, # SCSI +/dev/vd{,[a-z]}[a-z][0-9]{,[0-9],[0-9][0-9]} rwk, # virtio +/dev/nvme{[0-9],[1-9][0-9]}n{[1-9],[1-5][0-9],6[0-3]}p[0-9]{,[0-9],[0-9][0-9]} rwk, # NVMe +# Allow managing of rbd-backed block devices +/sys/bus/rbd/add rwk, # add block dev +/sys/bus/rbd/remove rwk, # remove block dev +/sys/bus/rbd/add_single_major rwk, # add single major dev +/sys/bus/rbd/remove_single_major rwk, # remove single major dev +/sys/bus/rbd/supported_features r, # display enabled features +/sys/bus/rbd/devices/** rwk, # manage individual block devs ` const microcephConnectedPlugSecComp = `