On Tue, Apr 01, 2025 at 10:55:28AM +0200, Alessandro wrote:
We attempted multiple ways to clean up dynamic files; however, we must preserve user overrides, which requires keeping the file /etc/apparmor.d/libvirt/libvirt-uuid
This commit proposes to move user overrides into /etc/apparmor.d/libvirt/libvirt-uuid.local and include it, if present, unconditionally. When we stop the domain, we remove libvirt.uuid and libvirt-uuid.files, whereas we preserve libvirt-uuid.local if present.
The way you describe things, it sounds like the AppArmor driver already expects local overrides to exist. Is that documented anywhere? If so, an update is probably needed. And either way, this file you're introducing and its purpose will have to be documented. -- Andrea Bolognani / Red Hat / Virtualization