Hi,
I don't even remember which number of submissions that is #5 maybe?
Anyway - I'm hereby continuing to bring Debian and Ubuntu apparmor
Delta into upstream libvirt.

I have kept out all patches that are either Distro-specific or we ran
into trouble/discussions in the past. But there are enough left for a
new submission.

I have kept the most-original (read the earliest - as some patches
appeared in Ubuntu and later with a different Author in Debian) patch
author that I could find intact and git-send-email should auto-cc them.

I added some more bug links and descriptions so one can understand the
case a commit tries to fix without knowing too much context.

Update since v1:
- drop a few commits that in discussion turned out to be not/no-more needed
- fixed a few typos
- added the ack's that I received by Jamie Strandboge

Christian Ehrhardt (1):
  apparmor: let qemu load old shared objects after upgrades

Jamie Strandboge (1):
  apparmor: read only access to overcommit_memory

Sam Hartman (1):
  apparmor: allow default pki path

Stefan Bader (2):
  apparmor: allow libvirtd to call pygrub
  apparmor: qemu access to @{PROC}/*/auxv for hw_cap

 src/security/apparmor/libvirt-qemu         | 10 ++++++++++
 src/security/apparmor/usr.sbin.libvirtd.in |  1 +
 2 files changed, 11 insertions(+)

-- 
2.27.0

On Tue, 2020-08-04 at 17:32 +0200, Christian Ehrhardt wrote:
> Hi,
> I don't even remember which number of submissions that is #5 maybe?
> Anyway - I'm hereby continuing to bring Debian and Ubuntu apparmor
> Delta into upstream libvirt.

Thanks, I really appreciate the effort :)

> I have kept out all patches that are either Distro-specific or we ran
> into trouble/discussions in the past. But there are enough left for a
> new submission.

Fair enough - let's get the uncontroversial stuff merged first, then
worry about the more complicated case separately.

Anyway, I'm absolutely not an AppArmor expert but the pointers you
provide along with the various changes and the discussion around v1,
along with the fact that these patches have been shipped in Debian
and Ubuntu for so long, are convincing enough in my book, so

  Reviewed-by: Andrea Bolognani <abologna@redhat.com>

-- 
Andrea Bolognani / Red Hat / Virtualization

On Tue, 2020-08-04 at 23:56 +0200, Andrea Bolognani wrote:
> Anyway, I'm absolutely not an AppArmor expert but the pointers you
> provide along with the various changes and the discussion around v1,
> along with the fact that these patches have been shipped in Debian
> and Ubuntu for so long, are convincing enough in my book, so
> 
>   Reviewed-by: Andrea Bolognani <abologna@redhat.com>

You don't seem to have pushed these yet. I can do that for you if you
want, but since you are in the GitLab group with "Developer" role you
should be able to do that on your own.

-- 
Andrea Bolognani / Red Hat / Virtualization

On Fri, Aug 7, 2020 at 2:59 PM Andrea Bolognani <abologna@redhat.com> wrote:

> On Tue, 2020-08-04 at 23:56 +0200, Andrea Bolognani wrote:
> > Anyway, I'm absolutely not an AppArmor expert but the pointers you
> > provide along with the various changes and the discussion around v1,
> > along with the fact that these patches have been shipped in Debian
> > and Ubuntu for so long, are convincing enough in my book, so
> >
> >   Reviewed-by: Andrea Bolognani <abologna@redhat.com>
>
> You don't seem to have pushed these yet. I can do that for you if you
> want, but since you are in the GitLab group with "Developer" role you
> should be able to do that on your own.
>

Thanks for the offer, I planned to push these today giving people who would
look more likely to review on the weekend a chance as well.
Now pushed with all the review/ack tags I got on these changes.

-- 
> Andrea Bolognani / Red Hat / Virtualization
>
>

-- 
Christian Ehrhardt
Staff Engineer, Ubuntu Server
Canonical Ltd