On Wed, Dec 20, 2017 at 10:50 AM, intrigeri <intrigeri+libvirt@xxxxxxxx> wrote:
> Jamie Strandboge:
>> On Tue, 2017-12-19 at 16:03 +0100, Christian Ehrhardt wrote:
>>> + # Alow access to ecryptfs files (LP: #591769)
>>> + @{HOME}/.Private/** mrwlk,
>>> + @{HOMEDIRS}/.ecryptfs/*/.Private/** mrwlk,
>
>> Hrmm, these rules were never meant to last as long as they have. That
>> said, they are already a part of the AppArmor base abstraction (using
>> owner match though) and virt-aa-helper uses '#include
>> <abstractions/base>'. Are these rules still needed considering the base
>> abstraction? I imagine at worst virt-aa-helper would only need 'r' for
>> some of these...
>
> I concur with Jamie: I'd rather can avoid spreading copies of these
> rules around if we can.
Checked as well - no more needed.
Thanks for the hint I missed that those were moved into the base abstraction.
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
