[libvirt] Various apparmor related changes (part 1), version 2
Over the years there have been a bunch of changes to the
apparmor profiles and/or virt-aa-helper which have been
carried in Debian/Ubuntu but never made it upstream.
In an attempt to clean this up and generally improve the
apparmor based environments, we (Christian and I) went
over the changes, cleaned out cruft as much as possible
and would be sending out hunks of changes to this list
for upstream inclusion.
I hope doing multiple but smaller rounds of submissions
will make it simpler to get those reviewed and hopefully
accepted.
For the second version I added acks, merged the patches
related to explicit device denials and local apparmor
profiles, and split the 9p support one (holding back the
part allowing link access for later or to be replaced by
a safer solution).
I also tried to improve the explanation in the description
of patch #1 (virt-aa-helper: Ask for no deny rule for readonly
disk elements).
Thanks,
Stefan