Comment 2 for bug 1655111

Hi,
thank you so much for reporting and helping to make Ubuntu better.
It is the right place to report it.

I checked on last and current version, as well as the Debian counterpart.
It is true that the rule is not matching, but it kind of never did.

Zesty:
qemu-system-common: /usr/lib/qemu/qemu-bridge-helper
/etc/apparmor.d/usr.sbin.libvirtd:99: /usr/{lib,libexec}/qemu-bridge-helper rmix,

Yakkety:
qemu-system-common: /usr/lib/qemu/qemu-bridge-helper
/etc/apparmor.d/abstractions/libvirt-qemu:224: /usr/{lib,libexec}/qemu-bridge-helper rmix,

Debian:
qemu-system-common: /usr/lib/qemu/qemu-bridge-helper
/etc/apparmor.d/usr.sbin.libvirtd:86: /usr/{lib,libexec}/qemu-bridge-helper rmix,

Could you please describe the effect that you see due to that - is is an execution error of some sort. Because I'd like to use that when suggesting to upstream or Debian since they suffer of the same.

I think the upstream rule might not be broken in the upstream point of view. It is part of the .deb packaging that makes it end up in /usr/lib/qemu instead of /usr/lib/.
Maybe the right place to fix that is upstream, but in debian/pactches (instead of debian/patches/debian), but that is where I'd like to hear the Debian opinion as well.

If you would be open to go the extra mile, please feel free to report it to Debian with that extra info I added and you will provide on the actual effect. If not I can do that for you - eventually I want to link up the bugs and add the same solution, so if you do mention the Deb-bug number here.

So, TL;DR:
1. the rule never match the path of the tool
2. the path was always wrong
3. we followed upstream, I guess due to that now this actually is having an effect
4. caused by .deb packaging placing it in a subdir to /usr/lib
5. please share some more details on the effect