This bug was fixed in the package libvirt - 6.6.0-1ubuntu2
---
libvirt (6.6.0-1ubuntu2) groovy; urgency=medium
* d/p/u/lp-1892826-Revert-m4-virt-xdr-rewrite-XDR-check.patch: avoid clashes
between libtripc and glibc that break libvirt-lxc (LP: #1892826)
*
** Merge proposal unlinked:
https://code.launchpad.net/~paelzer/ubuntu/+source/libvirt/+git/libvirt/+merge/389531
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1745114
Title:
Please add guest
** Merge proposal linked:
https://code.launchpad.net/~paelzer/ubuntu/+source/libvirt/+git/libvirt/+merge/389531
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1745114
Title:
Please add guest
Turns out this isn't as complex as I thought.
It was meant to work anyway but broken inadvertently in 2017 by eba2225b.
That will allow per UUID overrides and is what one would want IMHO.
I started to upstream the given change and will include it in 6.6 if
things work out.
--
You received this
I got these:
$ echo includetest
/f {
# target doesn't need to exist to test if this rule can be compiled
include if exists
}
$ apparmor_parser -QT ./includetest
AppArmor parser error for ./include.test in ./include.test at line 3: Could not
open 'if'
$
OR (if supported)
$
I might have asked at a bad time of day, document it here
@jjohansen/jdstrand (now subscribed to the bug):
[13:50] does the 2.13.2-9ubuntu7 have the "include if exists" code that we once
discussed for https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1745114 ?
[13:50] if so, is there a way
FYI - until we can make this work, please do realize that at least the
global abstraction libvirt-qemu got a local override in Cosmic that can
be used to extend rules for all guests without having to bother with
conffile prompts later on.
--
You received this bug notification because you are a
I summarized it in another bug nicely (I think), quoting it here to be
on the main bug as well:
This had two phases with both having had their own issues:
Phase I: ~2013-2016: the libvirt- stayed around and could be used for
such overrides, but they cluttered the file system and overview was
As I assumed the old (cron) and new (virt-aa-helper call) cleanup code makes
the libvirt- files unusable.
Also all old approaches wanted to avoid cluttering /etc/apparmor.d/libvirt/* to
not loose overview.
Best (not fastest, but best) solution would really the "include if avail" once
available
Actually I'm stupid, the base file being /etc/apparmor.d/libvirt/libvirt-
is providing exactly that already.
I need to check if that would survive a lifecycle of destroy/undefine/define
and such (I think recent versions remove it), but we should check before adding
another.
--
You received
Split bug 1786019 for the non "if exists" code
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1745114
Title:
Please add guest uuid and guest-generic local include files
To manage notifications
The code is not in Cosmic, so not considering this this cycle yet
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1745114
Title:
Please add guest uuid and guest-generic local include files
To manage
Check if we could use this tech to also provide something like a conf.d
directory for virt-aa-helper.
E.g. tools that use other image paths could drop conf files - need to check
wildcard support on the include thou if that is possible.
--
You received this bug notification because you are a
** Tags added: libvirt-18.10
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1745114
Title:
Please add guest uuid and guest-generic local include files
To manage notifications about this bug go to:
** Tags added: libvirt-apparmor-dev
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1745114
Title:
Please add guest uuid and guest-generic local include files
To manage notifications about this bug
Just now possible:
- Needs apparmor 2.12.1, 2.11.2, and 2.10.4
- So libvirt needs hard dependency on that
- New syntax is like:
include if exists (<...>|"...")
so just like regular includes with "if exists" between the include and the
path
Next steps: wait until new apparmor is ready and
16 matches
Mail list logo
