Re: [libvirt] [PATCH] virt-aa-helper: handle more disk images
Hi,
Cédric Bosdonnat:
This commit helps users allowing access to their images by adding
their
own rules in apparmor.d/local/usr.lib.libvirt.virt-aa-helper.
[…]
profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
#include <abstractions/base>
+ #include <local/usr.lib.libvirt.virt-aa-helper>
The packaging helper we use in Debian adds exactly the same line at
the *end* of the profile (and actually, at the end of almost every
AppArmor profile included in Debian and derivatives); I don't know why
it's added at the end and not at the beginning. I suspect Jamie will
know better.
If there's no strong reason to add this line in the beginning of the
profile, I suggest we add it at the end instead, so we avoid changing
behaviour subtly once this gets merged upstream and we drop the
Debian-specific line.
Other than this, ACK from me on the proposed profile modifications.
I am not well placed to comment on the build system changes though.
Cheers!