Comment 11 for bug 579584

This recently came up on the libvirt mailing list:
https://www.redhat.com/archives/libvir-list/2010-September/msg00406.html

It appears that libvirt is aa_change_profile()ing before the DAC security driver can do its business. It seems that the ordering of the stacked security driver is wrong and that DAC driver should (always) go first, then the MAC (eg AppApparmor/SELinux) should come after. Before we push something to Lucid, I'd like to see upstream consensus on the fix (especially since we may want to change Maverick).