Quoting Stefan Bader (stefan.bader@xxxxxxxxxxxxx): > > Over the years there have been a bunch of changes to the > > apparmor profiles and/or virt-aa-helper which have been > > carried in Debian/Ubuntu but never made it upstream. > > > > In an attempt to clean this up and generally improve the > > apparmor based environments, we (Christian and I) went > > over the changes, cleaned out cruft as much as possible > > and would be sending out hunks of changes to this list > > for upstream inclusion. > > > > I hope doing multiple but smaller rounds of submissions > > will make it simpler to get those reviewed and hopefully > > accepted. > > For the second version I added acks, merged the patches > related to explicit device denials and local apparmor > profiles, and split the 9p support one (holding back the > part allowing link access for later or to be replaced by > a safer solution). > I also tried to improve the explanation in the description > of patch #1 (virt-aa-helper: Ask for no deny rule for readonly > disk elements). > > Thanks, > Stefan Thanks, Acked-by: Serge Hallyn <serge@xxxxxxxxxx> I don't like the added capabilities in the one patch, but I'm not nacking it on that account. Still a toggle would be comforting. Make people who want 9p consciously sign in to the added privs. -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
