Quoting Cédric Bosdonnat (cbosdonnat@suse.com):
--- src/security/virt-aa-helper.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
Hi, I'm acking this anyway bc I think you're right, but I'm trying to think of a case where this would still be useful. What if we want to allow only a certain container to have access to its cgroups, for instance, for nesting containers. Would virt-aa-helper and the .files be a way this would be done? I suppose we coudl always re-introduce this in that case... Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index b5f66f3..d563b98 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -1342,7 +1342,8 @@ main(int argc, char **argv) vah_info(include_file); vah_info(included_files); rc = 0; - } else if ((rc = update_include_file(include_file, + } else if (ctl->def->virtType != VIR_DOMAIN_VIRT_LXC && + (rc = update_include_file(include_file, included_files, ctl->append)) != 0) goto cleanup; -- 1.8.4.5
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list