On Thu, Jan 30, 2014 at 08:26:29PM +0100, Felix Geyer wrote: > On 22.01.2014 07:27, Guido Günther wrote: > >> > The postinst, postrm and cron.daily parts of my original patch are also > >> > desirable. > >> > For example without the postinst changes the profiles are only loaded > >> > after a reboot. > > The whole setup currently has the problem that it doesn't allow for a > > read only /etc and that it removes files out of /etc/ which can confuse > > users. The generated profiles shouldn't life in /etc but in > > /var/cache/libvirt/apparmor. Once this is moved we can clean the up. Can > > you fix that up (e.g. by a symlink). > > virsh also removes the VM definition file from /etc/libvirt/qemu/ so I don't > see > how this is different.
Virsh does this on user _request_ - just like fiering up an editor. > > libvirt generates 2 AppArmor profile files: > - libvirt-<UUID>: auto-generated once, then user-modifiable > - libvirt-<UUID>.files: auto-generated, automatically regenerated > > The first one should actually live in /etc, the second one could be moved to > /var/cache. > I'm not a huge fan of having both files in different directories though. > Jamie, what do you think about this? Yeah. That's fine. the first one looks more like it should be handled like a conf file then so it's fine for /etc/. Cheers, -- Guido -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
