On 22.01.2014 07:27, Guido Günther wrote: >> > The postinst, postrm and cron.daily parts of my original patch are also >> > desirable. >> > For example without the postinst changes the profiles are only loaded >> > after a reboot. > The whole setup currently has the problem that it doesn't allow for a > read only /etc and that it removes files out of /etc/ which can confuse > users. The generated profiles shouldn't life in /etc but in > /var/cache/libvirt/apparmor. Once this is moved we can clean the up. Can > you fix that up (e.g. by a symlink).
virsh also removes the VM definition file from /etc/libvirt/qemu/ so I don't see how this is different. libvirt generates 2 AppArmor profile files: - libvirt-<UUID>: auto-generated once, then user-modifiable - libvirt-<UUID>.files: auto-generated, automatically regenerated The first one should actually live in /etc, the second one could be moved to /var/cache. I'm not a huge fan of having both files in different directories though. Jamie, what do you think about this? > The postinst part is fine but we should move tha aa-status call out of > the loop. No need to do it several times: > > if aa-status --enabled 2>/dev/null; then > .... > fi Ok, will fix that. Regards, Felix -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
