http://bugzilla.opensuse.org/show_bug.cgi?id=1065123 http://bugzilla.opensuse.org/show_bug.cgi?id=1065123#c7 --- Comment #7 from James Fehlig <jfehlig@suse.com> --- (In reply to Christian Boltz from comment #6)
Ah, that explains peer=unconfined - intrigeri already wondered why it's needed, so please add this detail when upstreaming this rule.
I don't think I'll be upstreaming the rule since security_default_confined defaults to 1 upstream. The upstream rules are sufficient for the default upstream configuration. Recall all the libvirt apparmor profiles are located under the 'examples' directory. Downstreams are free to tweak those as they desire. WRT SUSE's default of 'security_default_confined = 0', I made confinement of VMs opt-in from the beginning. To date, no one has complained about that, or filed a fate request to change it. -- You are receiving this mail because: You are on the CC list for the bug.