Code review comment for lp:~xfactor973/apparmor-profiles/ceph-apparmor-profiles

Yeah no problem!

For the /etc/ceph/* stuff it does write a few things there. The /etc/ceph/ceph.conf and also various cephx key files under different names. I thought /etc/ceph/* would be a safe thing to do because I won't know in advance what all the key names are going to be that it could create. I could probably tighten it up a little bit to something like:

owner /etc/ceph/ceph.conf rw
owner /etc/ceph/ceph.client.* rw
owner /etc/ceph/rbdmap rw

I don't think the charm or ceph writes anything else to that directory. Here's what a current deployment looks like under /etc/ceph/
root@ip-172-31-2-78:/etc/ceph# ls -lh
total 8.0K
-rw------- 1 root root 63 Apr 28 19:03 ceph.client.admin.keyring
lrwxrwxrwx 1 root root 27 Apr 28 19:01 ceph.conf -> /etc/alternatives/ceph.conf
-rw-r--r-- 1 root root 92 Feb 22 21:15 rbdmap