Quoting Cédric Bosdonnat (cbosdonnat@xxxxxxxx): > --- > src/security/virt-aa-helper.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) Hi, I'm acking this anyway bc I think you're right, but I'm trying to think of a case where this would still be useful. What if we want to allow only a certain container to have access to its cgroups, for instance, for nesting containers. Would virt-aa-helper and the .files be a way this would be done? I suppose we coudl always re-introduce this in that case... Acked-by: Serge E. Hallyn <serge.hallyn@xxxxxxxxxx> > > diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c > index b5f66f3..d563b98 100644 > --- a/src/security/virt-aa-helper.c > +++ b/src/security/virt-aa-helper.c > @@ -1342,7 +1342,8 @@ main(int argc, char **argv) > vah_info(include_file); > vah_info(included_files); > rc = 0; > - } else if ((rc = update_include_file(include_file, > + } else if (ctl->def->virtType != VIR_DOMAIN_VIRT_LXC && > + (rc = update_include_file(include_file, > included_files, > ctl->append)) != 0) > goto cleanup; > -- > 1.8.4.5 > > -- > libvir-list mailing list > libvir-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/libvir-list -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list