<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Jan 30, 2020 at 8:05 AM Michal Privoznik <<a href="mailto:mprivozn@redhat.com">mprivozn@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">There are two more paths that we are missing in the default<br>
domain profile: /usr/share/edk2-ovmf/ and /usr/share/sgabios/.<br>
These exist on my Gentoo box and contain UEFI and BIOS images<br>
respectively.<br>
<br>
Signed-off-by: Michal Privoznik <<a href="mailto:mprivozn@redhat.com" target="_blank">mprivozn@redhat.com</a>><br></blockquote><div><br></div>Acked-by: Christian Ehrhardt <<a href="mailto:christian.ehrhardt@canonical.com">christian.ehrhardt@canonical.com</a>><br><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
---<br>
 src/security/apparmor/libvirt-qemu | 2 ++<br>
 1 file changed, 2 insertions(+)<br>
<br>
diff --git a/src/security/apparmor/libvirt-qemu b/src/security/apparmor/libvirt-qemu<br>
index 2291829270..6942b83969 100644<br>
--- a/src/security/apparmor/libvirt-qemu<br>
+++ b/src/security/apparmor/libvirt-qemu<br>
@@ -75,6 +75,7 @@<br>
   # access to firmware's etc<br>
   /usr/share/AAVMF/** r,<br>
   /usr/share/bochs/** r,<br>
+  /usr/share/edk2-ovmf/** r,<br>
   /usr/share/kvm/** r,<br>
   /usr/share/misc/sgabios.bin r,<br>
   /usr/share/openbios/** r,<br>
@@ -86,6 +87,7 @@<br>
   /usr/share/qemu-kvm/** r,<br>
   /usr/share/qemu/** r,<br>
   /usr/share/seabios/** r,<br>
+  /usr/share/sgabios/** r,<br>
   /usr/share/slof/** r,<br>
   /usr/share/vgabios/** r,<br>
<br>
-- <br>
2.24.1<br>
<br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature">Christian Ehrhardt<br>Staff Engineer, Ubuntu Server<br>Canonical Ltd</div></div>