On Mon, Sep 16, 2024 at 04:15:58PM GMT, Daniel P. Berrangé wrote: > A difference is that this Probe check will presumably report the error > during daemon startup, while the virt-aa-helper check will delay the > report until a VM is started. A failure to start the daemon is arguably > more likely to be noticed & fixed at time of host deployment.
The problem is that you won't get a daemon startup failure: libvirtd will happily come up, just with AppArmor containment disabled. QEMU domains will also start up just fine, except they'll be uncontained. -- Andrea Bolognani / Red Hat / Virtualization
