24797203 OpenStack RBAC profiles allow reading too many files
24797238 keystone RBAC and SMF should point at Apache log files
24797256 cinder RBAC and SMF should point at Apache log files
24830959 horizon RBAC and SMF should point at Apache log files
OpenStack Compute Management:RO::\
Manage OpenStack Nova:\
auths=solaris.admin.edit/etc/nova/*.conf,\
solaris.admin.edit/etc/nova/*.ini,\
solaris.admin.edit/etc/nova/*.json,\
solaris.smf.manage.nova,\
solaris.smf.value.nova;\
defaultpriv={file_dac_read}\:/var/svc/log/application-openstack-nova-*
OpenStack Management:RO:::profiles=OpenStack Compute Management
nova-compute:RO::\
Do not assign to users. \
Commands required for application/openstack/nova/nova-compute:\
auths=solaris.smf.manage.nova,solaris.smf.modify,solaris.smf.value.nova;\
profiles=OVS Administration,\
Unified Archive Administration,\
Zone Management,\
Zone Migration,\
Zone Security