[PATCH v2] AppArmor: add rules needed with additional mediation features Changes since v1: - remove unneeded "network unix" rules added by v1: they were only needed due to a bug in apparmor_parser, that was fixed in AppArmor 2.11.1 since then; - move the "network netlink raw" rule to honor previous sorting. Note that the "mount" rule is very broad. It could be replaced with a set of more specific rules in the future. A draft is available on https://bugzilla.opensuse.org/show_bug.cgi?id=1065123, that should be tested on various distros and configurations before it is submitted upstream. But let's not block on this and focus first on avoiding breakage when distros ship Linux 4.14: this is not a regression given so far we had no mount mediation at all (except in Ubuntu that carries out-of-tree patches). -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
