Well, to be correct we should read the domain configuration as well as the storage pool definitions to correctly set up apparmor rules (just open them as required and by demand, not by foresight).
Additionally what if someone decides to have an iscsi mounted filesystem on /opt or using some NFS storage on /net? Even /var/local or some complete custom paths are possible. So opening read access to all those things just vanishes the benefit of using apparmor. Call me paranoid but I think such a quick hack is not appropriate here, also it is for an LTS release that gets used on servers where security is of top level priority. -- SDL support broken when using apparmor https://bugs.launchpad.net/bugs/545426 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs