Comment 4 for bug 1641618

Thanks for your clarifications Simon.

I found where it is managed today. While it is not upstream it comes in in various ways.

This all is abit complex as smb started a task to rely on upstream profiles, to one day drop much of the delta. But since it is WIP it is currently in a complex states.

So atm we get the profiles as this:
1. take upstream profiles
2. Apply Debian delta to upstream profiles
3. moved modified upstream profiles to .in files
4. initial add Ubuntu delta to .in
5. later fixes onto Ubuntu delta to .in
Finally that is generated - the reasons to this is in the different apparmor features per versions between Debian and Ubuntu. SMB and I plan to discuss and agree on a plan of action when we meet in a few weeks.

Until this is sorted out and synced, we continue to fix at stage #5 for now.

The way e.g. dm-* isn't an issue today is by:
1. Added by Debian Allow-access-to-libnl-3-config-files.patch (Step #2)
2. Moved by Ubuntu ubuntu/0001-apparmor-add-feature-parsing.patch (Step #3)
3. slightly modified in ubuntu/0002-apparmor-apply-ubuntu-delta.patch (Step #5)

Some of the History on this is in:
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786650
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796088
This covers the lost IRC discussion I asked about before.

Until the mentioned cleanup/sync happened the way for now is to add more to Step #5.
That would be:
- bring back /dev/vd* (was in Debian)
- add /dev/zd[0-9]*
- add /dev/nvme*

I wonder if there would be a an abstraction for disk devices that covers that and doesn't need an update every time a new disk device occurs.