Jamie Strandboge:
> On Tue, 2017-12-19 at 16:03 +0100, Christian Ehrhardt wrote:
>> + # Alow access to ecryptfs files (LP: #591769)
>> + @{HOME}/.Private/** mrwlk,
>> + @{HOMEDIRS}/.ecryptfs/*/.Private/** mrwlk,
> Hrmm, these rules were never meant to last as long as they have. That
> said, they are already a part of the AppArmor base abstraction (using
> owner match though) and virt-aa-helper uses '#include
> <abstractions/base>'. Are these rules still needed considering the base
> abstraction? I imagine at worst virt-aa-helper would only need 'r' for
> some of these...
I concur with Jamie: I'd rather can avoid spreading copies of these
rules around if we can.
Cheers,
--
intrigeri
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
