On Tue, 12 Nov 2024 13:08:00 +0000 "Richard W.M. Jones" <rjo...@redhat.com> wrote:
> Do you know where the apparmor profile is shipped right now? Could it > be in libvirt (src/security/apparmor)? Yes, but that's the one for libvirt components themselves, and used on Debian without changes from upstream. I don't think that that AppArmor profile should cover libguestfs as well, correct? Note that, as far as I know, this issue only happens with libguestfs using "direct" mode (even though it's not explicitly set anywhere, so I'm not sure I got this right). > We don't ship any SELinux or apparmor profiles upstream in libguestfs > or the tools, so assigning the bug upstream to us won't result in any > useful outcome. Right... I noticed as I wanted to submit an upstream patch for libguestfs to fix this and I realised that there are no AppArmor profiles there. By "reassigning to guestfs-tools or libguestfs" I actually meant the downstream packages. -- Stefano
