On Tue, 2017-12-12 at 15:01 +0100, intrigeri wrote:
> Hi,
>
> Cédric Bosdonnat:
> > This commit helps users allowing access to their images by adding their
> > own rules in apparmor.d/local/usr.lib.libvirt.virt-aa-helper.
> > […]
> > profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
> > #include <abstractions/base>
> > + #include <local/usr.lib.libvirt.virt-aa-helper>
>
> The packaging helper we use in Debian adds exactly the same line at
> the *end* of the profile (and actually, at the end of almost every
> AppArmor profile included in Debian and derivatives); I don't know why
> it's added at the end and not at the beginning. I suspect Jamie will
> know better.
>
> If there's no strong reason to add this line in the beginning of the
> profile, I suggest we add it at the end instead, so we avoid changing
> behaviour subtly once this gets merged upstream and we drop the
> Debian-specific line.
>
> Other than this, ACK from me on the proposed profile modifications.
>
> I am not well placed to comment on the build system changes though.
I'm perfectly fine in having that include at the end of the profile. I'll
push with that change.
--
Cedric
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
