[libvirt] [PATCH] virt-aa-helper: handle more disk images
intrigeri
intrigeri+libvirt at boum.org
Tue Dec 12 14:01:02 UTC 2017
Hi,
Cédric Bosdonnat:
> This commit helps users allowing access to their images by adding their
> own rules in apparmor.d/local/usr.lib.libvirt.virt-aa-helper.
> […]
> profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
> #include <abstractions/base>
> + #include <local/usr.lib.libvirt.virt-aa-helper>
The packaging helper we use in Debian adds exactly the same line at
the *end* of the profile (and actually, at the end of almost every
AppArmor profile included in Debian and derivatives); I don't know why
it's added at the end and not at the beginning. I suspect Jamie will
know better.
If there's no strong reason to add this line in the beginning of the
profile, I suggest we add it at the end instead, so we avoid changing
behaviour subtly once this gets merged upstream and we drop the
Debian-specific line.
Other than this, ACK from me on the proposed profile modifications.
I am not well placed to comment on the build system changes though.
Cheers!
More information about the libvir-list
mailing list