[libvirt] [PATCH] security: apparmor: Allow RO /usr/share/edk2/
Michal Privoznik
mprivozn at redhat.com
Fri Oct 11 10:32:42 UTC 2019
On 10/9/19 8:24 PM, Cole Robinson wrote:
> On Fedora, already whitelisted paths to AAVMF and OVMF binaries
> are symlinks to binaries under /usr/share/edk2/. Add that directory
> to the RO whitelist so virt-aa-helper-test passes
>
> Signed-off-by: Cole Robinson <crobinso at redhat.com>
> ---
> I don't know if anyone is actually using apparmor on Fedora, but
> I have the libs installed now for testing. I think the better thing
> to do would be to adjust virt-aa-helper-test to not touch host
> state
Oh yeah, definitely. But since majority of libvirt contributors come
from distros that don't use AppArmor, it doesn't get as many attention.
>
> src/security/virt-aa-helper.c | 1 +
> 1 file changed, 1 insertion(+)
Reviewed-by: Michal Privoznik <mprivozn at redhat.com>
Michal
More information about the libvir-list
mailing list