Re: [PATCH] apparmor: Don't check for existence of templates upfront
On Mon, Sep 16, 2024 at 04:15:58PM GMT, Daniel P. Berrangé wrote:
A difference is that this Probe check will presumably report the
error
during daemon startup, while the virt-aa-helper check will delay the
report until a VM is started. A failure to start the daemon is arguably
more likely to be noticed & fixed at time of host deployment.
The problem is that you won't get a daemon startup failure: libvirtd
will happily come up, just with AppArmor containment disabled. QEMU
domains will also start up just fine, except they'll be uncontained.
--
Andrea Bolognani / Red Hat / Virtualization