Re: [PATCH] virt-aa-helper: delete dynamic files
On Tue, Apr 01, 2025 at 10:55:28AM +0200, Alessandro wrote:
We attempted multiple ways to clean up dynamic files; however, we
must
preserve user overrides, which requires keeping the file
/etc/apparmor.d/libvirt/libvirt-uuid
This commit proposes to move user overrides into
/etc/apparmor.d/libvirt/libvirt-uuid.local and include it, if present,
unconditionally. When we stop the domain, we remove libvirt.uuid and
libvirt-uuid.files, whereas we preserve libvirt-uuid.local if present.
The way you describe things, it sounds like the AppArmor driver
already expects local overrides to exist. Is that documented
anywhere? If so, an update is probably needed. And either way, this
file you're introducing and its purpose will have to be documented.
--
Andrea Bolognani / Red Hat / Virtualization