[pkg-apparmor] Bug#792426: libvirt-daemon-system: Load AppArmor profiles after installing

Felix Geyer fgeyer at debian.org
Tue Jul 14 17:35:54 UTC 2015


Package: libvirt-daemon-system
Version: 1.2.16-2
Tags: patch

Hi,

libvirt-daemon-system doesn't load the AppArmor profiles after installing the package.
This means that the confinement is only active after reboot or when they are manually loaded
and libvirt restarted.

The dh_apparmor helper provides appropriate snippets for postinst to load the profiles if
AppArmor is installed and enabled.

dh_apparmor also creates /etc/apparmor.d/local/<profile name> files. They are meant to be used
for local overrides to the profiles without having to change the packaged profiles.
This unfortunately means carrying a non-upstremable patch to add those includes to the profiles.
The alternative would be to manually add the required code to postinst.

Attached is a debdiff containg the necessary changes.

Cheers,
Felix
-------------- next part --------------
A non-text attachment was scrubbed...
Name: libvirt_dh_appamor.diff
Type: text/x-diff
Size: 2811 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-apparmor-team/attachments/20150714/df803cfd/attachment.diff>


More information about the pkg-apparmor-team mailing list