This is already at its third iteration.
Discussions are on IRC in #ubuntu-hardened with jdstrand and jjohansen.
The TL;DR for now is:
- we don't want the profile reload from dh_apparmor as we are an abstraction
- dh_apparmor can't work with subdirs like abstractions/libvirt-qemu
- We only need a postinst snippet to ensure an empty include file is placed
If exist includes would make this even safer (no fail if the include
doesn't exist), but what isn't in apparmor yet can't be used :-/
** Changed in: libvirt (Ubuntu)
Status: New => Triaged
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1786019
Title:
Local apparmor include to tweak libvirt-qemu
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1786019/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
