... [15:28] <cpaelzer> so adding a deny (btw I can only add to places users can't modify) they can't allow it later right? [15:28] <jjohansen> cpaelzer: correct [15:28] <cpaelzer> so how could I silence access to a given path [15:28] <cpaelzer> but have the chance for user to later allow it? ... [15:31] <jjohansen> unfortunately deny is the only way currently to control quieting atm [15:31] <cpaelzer> ok, so for now I have to choose between a) the denial is slightly annoying now, but users can allow it later AND b) silencing it now but the few users that want to allow it will be unable to do so [15:31] <cpaelzer> is that summary correct? [15:31] <jjohansen> yes [15:31] <cpaelzer> thanks
Due to the above I think I could make virt-aa-helper: - if a </pmem> is present add allowing the paths - if no </pmem> is present add a deny rule to silence the denials The only case left open would be systems that start without any pmem and want to hot-add it later. Those should be pretty rare one would think (even rarer than nvdimms on its own already are). Next steps: - get a full assortment of possible paths (I hope Adam or Jeff can help) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1871354 Title: apparmor denies related to nvdimms/nfit To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1871354/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
