I think I see what happens. virt-aa-helper works on some intermediate content, and the labelling calls only "append" something. This works if you e.g. hot attach one and later another device. But on this interaction with snapshots of multiple devices they seem to work on "the same" intermediate content. It is like:
start "A" 1. result A+B 2. result A+C (totally ignoring B being added) And eventually we only have the last disk added as apparmor rule. Since the overall action then fails by an apparmor denial the profile is reloaded as it was before. I need to check how/where that interim content is stored. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1845506 Title: Libvirt snapshot doesn't update apparmor profile To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1845506/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
