All false are reloads to restore former content (that is ok): src/security/security_apparmor.c:706: return reload_profile(mgr, def, NULL, false); src/security/security_apparmor.c:750: return reload_profile(mgr, def, NULL, false); src/security/security_apparmor.c:795: return reload_profile(mgr, def, NULL, false); src/security/security_apparmor.c:1017: return reload_profile(mgr, def, NULL, false); src/security/security_apparmor.c:1088: return reload_profile(mgr, def, NULL, false); src/security/security_apparmor.c:1125: return reload_profile(mgr, def, NULL, false);
All additions of paths are append=true which will cause it to use -F: src/security/security_apparmor.c:320: return reload_profile(ptr->mgr, def, file, true); src/security/security_apparmor.c:501: return reload_profile(mgr, def, stdin_path, true); src/security/security_apparmor.c:733: return reload_profile(mgr, def, mem->nvdimmPath, true); src/security/security_apparmor.c:776: return reload_profile(mgr, def, input->source.evdev, true); src/security/security_apparmor.c:1039: ret = reload_profile(mgr, def, dev_source->data.file.path, true); src/security/security_apparmor.c:1047: if (reload_profile(mgr, def, in, true) < 0) src/security/security_apparmor.c:1051: if (reload_profile(mgr, def, out, true) < 0) src/security/security_apparmor.c:1054: ret = reload_profile(mgr, def, dev_source->data.file.path, true); src/security/security_apparmor.c:1096: return reload_profile(mgr, def, savefile, true); src/security/security_apparmor.c:1111: rc = reload_profile(mgr, def, full_path, true); src/security/security_apparmor.c:1114: rc = reload_profile(mgr, def, path, true); src/security/security_apparmor.c:1152: return reload_profile(mgr, def, fd_path, true); The only outlier to this rule is: src/security/security_apparmor.c:466: if (load_profile(mgr, secdef->label, def, NULL, false) < 0) { Which is what we hit in the call chain of this use-case that fails here. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1845506 Title: Libvirt snapshot doesn't update apparmor profile To manage notifications about this bug go to: https://bugs.launchpad.net/libvirt/+bug/1845506/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs