Comment 14 for bug 545426

Well, to be correct we should read the domain configuration as well as the storage pool definitions to correctly set up apparmor rules (just open them as required and by demand, not by foresight).

Additionally what if someone decides to have an iscsi mounted filesystem on /opt or using some NFS storage on /net? Even /var/local or some complete custom paths are possible. So opening read access to all those things just vanishes the benefit of using apparmor.

Call me paranoid but I think such a quick hack is not appropriate here, also it is for an LTS release that gets used on servers where security is of top level priority.