Re: [PATCH] apparmor: Don't check for existence of templates upfront

On Mon, Sep 16, 2024 at 04:04:40PM GMT, Daniel P. Berrangé wrote: > On Mon, Sep 16, 2024 at 04:55:55PM +0200, Andrea Bolognani wrote: > > static virSecurityDriverStatus > > AppArmorSecurityManagerProbe(const char *virtDriver G_GNUC_UNUSED) > > We're passing the virt driver name ("QEMU" or "LXC") in here and not using > it..... > > ...rather than delete these, pick the right check to perform based > on 'virtDriver' value. > > eg approximately like this > > g_autofree char *template_name = g_strdup(virtDriver); > for (i = 0; template_name[i]; i++) > template_name[i] = tolower(template_name[i]) > template = g_strdup_printf("%s/TEMPLATE.%s", APPARMOR_DIR "/libvirt", template_name) I can give it a shot, but it still seems pointless to check whether the files are available ahead of time when virt-aa-helper will do that at the time when they're actually going to be used. What do we gain by doing that?