On 2018年08月04日 11:06, intrigeri wrote:
Control: tag -1 + moreinfo
I had enabled AppArmor on my debian stretch machine.
I found some libvirt's open operations are DENIED by apparmor.
Indeed, the AppArmor policy for libvirt has been improved a lot since
Stretch, where it's far from being perfect.
Would you apply this patch for stretch?
(I'm not the libvirt maintainer but I work on AppArmor in Debian.)
I would happily work on backports for Stretch of fixes to user-visible
issues in the AppArmor policy. I probably won't have time to work on
fixes to issues that have no perceivable user impact apart of noise in
the logs. Could you please extract from your proposed patch the subset
that fits into the first category?
I am searching there are something user inconveniences.
libvirt collects host's resource for unknown reason.
IMO, I think something user inconveniences is there.
Anyway, DENIED log was noisy for me.