[Pkg-libvirt-maintainers] Bug#725144: Bug#725144: libvirt-bin: Please build with apparmor support.
Guido Günther
agx at sigxcpu.org
Thu Jan 30 20:40:52 UTC 2014
On Thu, Jan 30, 2014 at 08:26:29PM +0100, Felix Geyer wrote:
> On 22.01.2014 07:27, Guido Günther wrote:
> >> > The postinst, postrm and cron.daily parts of my original patch are also desirable.
> >> > For example without the postinst changes the profiles are only loaded after a reboot.
> > The whole setup currently has the problem that it doesn't allow for a
> > read only /etc and that it removes files out of /etc/ which can confuse
> > users. The generated profiles shouldn't life in /etc but in
> > /var/cache/libvirt/apparmor. Once this is moved we can clean the up. Can
> > you fix that up (e.g. by a symlink).
>
> virsh also removes the VM definition file from /etc/libvirt/qemu/ so I don't see
> how this is different.
Virsh does this on user _request_ - just like fiering up an editor.
>
> libvirt generates 2 AppArmor profile files:
> - libvirt-<UUID>: auto-generated once, then user-modifiable
> - libvirt-<UUID>.files: auto-generated, automatically regenerated
>
> The first one should actually live in /etc, the second one could be moved to /var/cache.
> I'm not a huge fan of having both files in different directories though.
> Jamie, what do you think about this?
Yeah. That's fine. the first one looks more like it should be handled
like a conf file then so it's fine for /etc/.
Cheers,
-- Guido
More information about the Pkg-libvirt-maintainers
mailing list