File: microceph_support.go

package info (click to toggle)
snapd 2.72-1
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 80,412 kB
  • sloc: sh: 16,506; ansic: 16,211; python: 11,213; makefile: 1,919; exp: 190; awk: 58; xml: 22
file content (69 lines) | stat: -rw-r--r-- 2,695 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
 
// -*- Mode: Go; indent-tabs-mode: t -*-

/*
 * Copyright (C) 2024 Canonical Ltd
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 3 as
 * published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 *
 */

package builtin

const microcephSupportSummary = `allows operating as the MicroCeph service`

const microcephSupportBaseDeclarationPlugs = `
  microceph-support:
    allow-installation: false
    deny-auto-connection: true
`

const microcephSupportBaseDeclarationSlots = `
  microceph-support:
    allow-installation:
      slot-snap-type:
        - core
    deny-auto-connection: true
`

const microcephSupportConnectedPlugAppArmor = `

# Allow bcache devices to be accessed since DM devices may be set up on top of those.
/dev/bcache[0-9]{,[0-9],[0-9][0-9]} rwk,                   # bcache (up to 1000 devices)
# Access to individual partitions
/dev/hd[a-t][0-9]{,[0-9],[0-9][0-9]} rwk,                  # IDE, MFM, RLL
/dev/sd{,[a-z]}[a-z][0-9]{,[0-9],[0-9][0-9]} rwk,          # SCSI
/dev/vd{,[a-z]}[a-z][0-9]{,[0-9],[0-9][0-9]} rwk,          # virtio
/dev/nvme{[0-9],[1-9][0-9]}n{[1-9],[1-5][0-9],6[0-3]}p[0-9]{,[0-9],[0-9][0-9]} rwk, # NVMe
# Access device mapper blockdevs
/dev/dm-[0-9]{,[0-9],[0-9][0-9]} rwk,                      # device mapper (up to 1000 devices)
# Allow managing of rbd-backed block devices
/sys/bus/rbd/add rwk,                                      # add block dev
/sys/bus/rbd/remove rwk,                                   # remove block dev
/sys/bus/rbd/add_single_major rwk,                         # add single major dev
/sys/bus/rbd/remove_single_major rwk,                      # remove single major dev
/sys/bus/rbd/supported_features r,                         # display enabled features
/sys/bus/rbd/devices/** rwk,                               # manage individual block devs

`

func init() {
	registerIface(&commonInterface{
		name:                  "microceph-support",
		summary:               microcephSupportSummary,
		implicitOnCore:        true,
		implicitOnClassic:     true,
		baseDeclarationSlots:  microcephSupportBaseDeclarationSlots,
		baseDeclarationPlugs:  microcephSupportBaseDeclarationPlugs,
		connectedPlugAppArmor: microcephSupportConnectedPlugAppArmor,
	})
}