Re: [libvirt] [PATCH] virt-aa-helper: handle more disk images

Hi, Cedric Bosdonnat: Thanks! This will allow us to remove half of apparmor_profiles_local_include.patch we carry in Debian. Now, two follow-up questions: 1. Doing the same for usr.sbin.libvirtd? The apparmor_profiles_local_include.patch Debian patch does the same for usr.sbin.libvirtd: diff --git a/examples/apparmor/usr.sbin.libvirtd b/examples/apparmor/usr.sbin.libvirtd index fa4ebb3..5505bf6 100644 --- a/examples/apparmor/usr.sbin.libvirtd +++ b/examples/apparmor/usr.sbin.libvirtd @@ -90,4 +90,7 @@ /usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper rmix, } + + # Site-specific additions and overrides. See local/README for details. + #include <local/usr.sbin.libvirtd> } Cédric and others, what about upstreaming this as well? 2. Impact on packaging for distros that were already managing this local file themselves & differently … i.e. I guess mostly Debian and derivatives, that use dh_apparmor. If I got the build system changes right, local/usr.lib.libvirt.virt-aa-helper will be created at installation time so in practice it'll be shipped by distro packages. I *think* it's not a problem with dh_apparmor because the generated postinst scripts only manage that file if it does not exist yet (so it should be a no-op if dpkg has already installed it), and similarly the code for purging in postrm should work just fine if dpkg has already deleted it. But local/usr.lib.libvirt.virt-aa-helper becomes a conffile, which previously it was not managed by dpkg. I don't know how this is handled by dpkg. I suspect it might be easier to comment out: INSTALL_DATA_LOCAL += install-apparmor-local UNINSTALL_LOCAL += uninstall-apparmor-local … and keep the current behaviour, for consistency with how all other local/* override files are handled in Debian/Ubuntu. Guido, Ubuntu packagers, what do you think? Cheers, -- intrigeri