[Bug 545426] Re: SDL support broken when using apparmor

[Ancoron Luziferis]

Well, to be correct we should read the domain configuration as well as
the storage pool definitions to correctly set up apparmor rules (just
open them as required and by demand, not by foresight).

Additionally what if someone decides to have an iscsi mounted filesystem
on /opt or using some NFS storage on /net? Even /var/local or some
complete custom paths are possible. So opening read access to all those
things just vanishes the benefit of using apparmor.

Call me paranoid but I think such a quick hack is not appropriate here,
also it is for an LTS release that gets used on servers where security
is of top level priority.

-- 
SDL support broken when using apparmor
https://bugs.launchpad.net/bugs/545426
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in ubuntu.