Felix Geyer wrote (20 Aug 2015 09:18:59 GMT) : > The deny rules aren't strictly necessary but they silence those (harmless) > denials.
Thanks for the clarification. I don't think that silencing harmless denials qualifies for a stable pu. > I'm not quite sure why virt-aa-helper opens the devices in the first place. > We need to look into how to push this upstream. > Through modifying the helper or the profile. I've been pushing Stefan Bader to upstream Ubuntu's improvements to the libvirt profiles for ~1 year. Patches were sent upstream, but last time I checked the package FTBFS'ed once they were applies (some autoconf issue IIRC). Cheers, -- intrigeri