[Pkg-libvirt-maintainers] Bug#725144: Bug#725144: libvirt-bin: Please build with apparmor support.
Felix Geyer
fgeyer at debian.org
Thu Jan 30 19:26:29 UTC 2014
On 22.01.2014 07:27, Guido Günther wrote:
>> > The postinst, postrm and cron.daily parts of my original patch are also desirable.
>> > For example without the postinst changes the profiles are only loaded after a reboot.
> The whole setup currently has the problem that it doesn't allow for a
> read only /etc and that it removes files out of /etc/ which can confuse
> users. The generated profiles shouldn't life in /etc but in
> /var/cache/libvirt/apparmor. Once this is moved we can clean the up. Can
> you fix that up (e.g. by a symlink).
virsh also removes the VM definition file from /etc/libvirt/qemu/ so I don't see
how this is different.
libvirt generates 2 AppArmor profile files:
- libvirt-<UUID>: auto-generated once, then user-modifiable
- libvirt-<UUID>.files: auto-generated, automatically regenerated
The first one should actually live in /etc, the second one could be moved to /var/cache.
I'm not a huge fan of having both files in different directories though.
Jamie, what do you think about this?
> The postinst part is fine but we should move tha aa-status call out of
> the loop. No need to do it several times:
>
> if aa-status --enabled 2>/dev/null; then
> ....
> fi
Ok, will fix that.
Regards,
Felix
More information about the Pkg-libvirt-maintainers
mailing list