apparmor deny to use a partition as osd

[ivoruetsche]

Hi

...I just jumped to the next blocker...

While this is working fine with the whole disk:

microceph disk add /dev/vdi --wipe --encrypt

I can't use a partition of a disk:

microceph disk add /dev/vdi2 --wipe --encrypt
Error: Failed adding new disk: Failed to wipe the device: Failed to run: dd if=/dev/zero of=/dev/disk/by-path/virtio-pci-0000:0c:00.0-part2 bs=4M count=10 status=none: exit status 1 (dd: failed to open '/dev/disk/by-path/virtio-pci-0000:0c:00.0-part2': Permission denied)

It looks, that apparmor blocks it:

# journalctl | grep microceph

Aug 03 15:48:26 testmc01 audit[1929]: AVC apparmor="DENIED" operation="capable" profile="snap.microceph.daemon" pid=1929 comm="microcephd" capability=3  capname="fowner"
Aug 03 15:48:26 testmc01 kernel: audit: type=1400 audit(1691077706.327:114): apparmor="DENIED" operation="capable" profile="snap.microceph.daemon" pid=1929 comm="microcephd" capability=3  capname="fowner"

Also without --encrypt and/or --wipe, apparmor deny the access to the partition.

I can't find out how I can complain the profile for a snap profile...

Any idea?

thanks for help

Ivo