From eba2225bc52624e748cb875e10962bc4c46a0516 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org>
Date: Mon, 18 Sep 2017 21:23:25 +0200
Subject: [PATCH] apparmor: delete profile on VM shutdown

instead of only unloading it. This makes sure old profiles don't pile up
in /etc/apparmor.d/libvirt and we get updates to modified templates on
VM restart.

Reviewed-by: Jim Fehlig <jfehlig@suse.com>
---
 src/security/security_apparmor.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index 5afe0c5c85..1db94c632f 100644
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -220,7 +220,7 @@ remove_profile(const char *profile)
 {
     int rc = -1;
     const char * const argv[] = {
-        VIRT_AA_HELPER, "-R", "-u", profile, NULL
+        VIRT_AA_HELPER, "-D", "-u", profile, NULL
     };
 
     if (virRun(argv, NULL) == 0)
-- 
2.39.5