Comment 12 for bug 696318

The approach in comment #9 is not acceptable, as it allows all VM guests to access all other VM guests's data. It also would not suffice. For instance the example in the Description uses /tmp rather than /var/lib/libvirt/images, and would not be fixed.

What we need is for virt-aa-helper to be extended to calculate the files to which access is needed.

If someone is familier with the best way for libvirt code to determine the full chain of backing stores for a particular file, then the patch should be quite simple.