[Pkg-libvirt-maintainers] Bug#725144: Bug#725144: libvirt-bin: Please build with apparmor support.

[Jamie Strandboge]

On 01/30/2014 01:26 PM, Felix Geyer wrote:
> On 22.01.2014 07:27, Guido Günther wrote:
>>>> The postinst, postrm and cron.daily parts of my original patch are also desirable.
>>>> For example without the postinst changes the profiles are only loaded after a reboot.
>> The whole setup currently has the problem that it doesn't allow for a
>> read only /etc and that it removes files out of /etc/ which can confuse
>> users. The generated profiles shouldn't life in /etc but in
>> /var/cache/libvirt/apparmor. Once this is moved we can clean the up. Can
>> you fix that up (e.g. by a symlink).
> 
> virsh also removes the VM definition file from /etc/libvirt/qemu/ so I don't see
> how this is different.
> 
> libvirt generates 2 AppArmor profile files:
> - libvirt-<UUID>: auto-generated once, then user-modifiable
> - libvirt-<UUID>.files: auto-generated, automatically regenerated
> 
> The first one should actually live in /etc, the second one could be moved to /var/cache.
> I'm not a huge fan of having both files in different directories though.
> Jamie, what do you think about this?
> 

I agree that it is awkward to have them in different places, which is why it is
the way it is now (and has been this way upstream and in Ubuntu for years--
which isn't a point to not fix things, just saying it isn't a new problem).
libvirt will fail to function with a readonly /etc for vm definitions and
networks at least so it would seem weird to fix this but not everything else.

-- 
Jamie Strandboge                 http://www.ubuntu.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-libvirt-maintainers/attachments/20140130/1f761a33/attachment.sig>