After discussion, the right way to do this would be to submit a patch
specifying the monitor location in the domain xml file. Have libvirt
respect that both when creating and using the monitor, and when creating
the security rules (for both apparmor and selinux).
** Changed in: libvirt (Ubuntu)
Indeed, these lines are added explicitly by code in libvirt/security
/virt-aa-helper.c.
Converting these to be added through a template may be a nice feature.
** Changed in: libvirt (Ubuntu)
Status: New => Confirmed
** Changed in: libvirt (Ubuntu)
Importance: Undecided => Low
--
You