On 01/30/2014 01:26 PM, Felix Geyer wrote: > On 22.01.2014 07:27, Guido Günther wrote: >>>> The postinst, postrm and cron.daily parts of my original patch are also >>>> desirable. >>>> For example without the postinst changes the profiles are only loaded >>>> after a reboot. >> The whole setup currently has the problem that it doesn't allow for a >> read only /etc and that it removes files out of /etc/ which can confuse >> users. The generated profiles shouldn't life in /etc but in >> /var/cache/libvirt/apparmor. Once this is moved we can clean the up. Can >> you fix that up (e.g. by a symlink). > > virsh also removes the VM definition file from /etc/libvirt/qemu/ so I don't > see > how this is different. > > libvirt generates 2 AppArmor profile files: > - libvirt-<UUID>: auto-generated once, then user-modifiable > - libvirt-<UUID>.files: auto-generated, automatically regenerated > > The first one should actually live in /etc, the second one could be moved to > /var/cache. > I'm not a huge fan of having both files in different directories though. > Jamie, what do you think about this? >
I agree that it is awkward to have them in different places, which is why it is the way it is now (and has been this way upstream and in Ubuntu for years-- which isn't a point to not fix things, just saying it isn't a new problem). libvirt will fail to function with a readonly /etc for vm definitions and networks at least so it would seem weird to fix this but not everything else. -- Jamie Strandboge http://www.ubuntu.com/
signature.asc
Description: OpenPGP digital signature
