Thanks for your clarifications Simon. I found where it is managed today. While it is not upstream it comes in in various ways.
This all is abit complex as smb started a task to rely on upstream profiles, to one day drop much of the delta. But since it is WIP it is currently in a complex states. So atm we get the profiles as this: 1. take upstream profiles 2. Apply Debian delta to upstream profiles 3. moved modified upstream profiles to .in files 4. initial add Ubuntu delta to .in 5. later fixes onto Ubuntu delta to .in Finally that is generated - the reasons to this is in the different apparmor features per versions between Debian and Ubuntu. SMB and I plan to discuss and agree on a plan of action when we meet in a few weeks. Until this is sorted out and synced, we continue to fix at stage #5 for now. The way e.g. dm-* isn't an issue today is by: 1. Added by Debian Allow-access-to-libnl-3-config-files.patch (Step #2) 2. Moved by Ubuntu ubuntu/0001-apparmor-add-feature-parsing.patch (Step #3) 3. slightly modified in ubuntu/0002-apparmor-apply-ubuntu-delta.patch (Step #5) Some of the History on this is in: - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786650 - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796088 This covers the lost IRC discussion I asked about before. Until the mentioned cleanup/sync happened the way for now is to add more to Step #5. That would be: - bring back /dev/vd* (was in Debian) - add /dev/zd[0-9]* - add /dev/nvme* I wonder if there would be a an abstraction for disk devices that covers that and doesn't need an update every time a new disk device occurs. ** Bug watch added: Debian Bug tracker #786650 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786650 ** Bug watch added: Debian Bug tracker #796088 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796088 ** Changed in: libvirt (Ubuntu) Status: Confirmed => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1641618 Title: Apparmor denials caused by virt-aa-helper trying to read zvol devices (/dev/zdX) should be silenced To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1641618/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
