Hi, On Fri, Aug 21, 2015 at 09:08:46AM +0200, intrigeri wrote: > Felix Geyer wrote (20 Aug 2015 09:18:59 GMT) : > > The deny rules aren't strictly necessary but they silence those (harmless) > > denials. > > Thanks for the clarification. I don't think that silencing harmless denials > qualifies for a stable pu.
Great. Can one of you add this to #796088 - I did but it might make sense if somebody with more apparmor skills does. > > > I'm not quite sure why virt-aa-helper opens the devices in the first place. > > We need to look into how to push this upstream. > > Through modifying the helper or the profile. > > I've been pushing Stefan Bader to upstream Ubuntu's improvements to > the libvirt profiles for ~1 year. Patches were sent upstream, but > last time I checked the package FTBFS'ed once they were applies (some > autoconf issue IIRC). It'd be happy to have a look, ideally if we can feed it in small pieces with knowing what it fixes. Currently looking at the OVMF fix. Cheers, -- Guido