Re: [libvirt] [PATCH] virt-aa-helper: grant locking permission on -f

Hot-adding disks does not parse the full XML to generate apparmor rules. Instead it uses -f <PATH> to append a generic rule for that file path. 580cdaa7: "virt-aa-helper: locking disk files for qemu 2.10" implemented the qemu 2.10 requirement to allow locking on disks images that are part of the domain xml. But on attach-device a user will still trigger an apparmor deny by going through virt-aa-helper -f, to fix that add the lock "k" permission to the append file case of virt-aa-helper. Signed-off-by: Christian Ehrhardt <christian.ehrhardt(a)canonical.com&gt; --- src/security/virt-aa-helper.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)