From: Guido Günther <agx@sigxcpu.org>
Date: Mon, 18 Sep 2017 19:23:25 +0000 (+0200)
Subject: apparmor: delete profile on VM shutdown
X-Git-Tag: v3.8.0-rc1~32
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=eba2225bc52624e748cb875e10962bc4c46a0516;p=thirdparty%2Flibvirt.git

apparmor: delete profile on VM shutdown

instead of only unloading it. This makes sure old profiles don't pile up
in /etc/apparmor.d/libvirt and we get updates to modified templates on
VM restart.

Reviewed-by: Jim Fehlig <jfehlig@suse.com>
---

diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index 5afe0c5c85..1db94c632f 100644
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -220,7 +220,7 @@ remove_profile(const char *profile)
 {
     int rc = -1;
     const char * const argv[] = {
-        VIRT_AA_HELPER, "-R", "-u", profile, NULL
+        VIRT_AA_HELPER, "-D", "-u", profile, NULL
     };
 
     if (virRun(argv, NULL) == 0)