[PATCH] apparmor: allow kvm-spice compat wrapper
Michal Privoznik
mprivozn at redhat.com
Mon Nov 16 14:28:39 UTC 2020
On 11/16/20 1:26 PM, Christian Ehrhardt wrote:
> 'kvm-spice' is a binary name used to call 'kvm' which actually is a wrapper
> around qemu-system-x86_64 enabling kvm acceleration. This isn't in use
> for quite a while anymore, but required to work for compatibility e.g.
> when migrating in old guests.
>
> For years this was a symlink kvm-spice->kvm and therefore covered
> apparmor-wise by the existing entry:
> /usr/bin/kvm rmix,
> But due to a recent change [1] in qemu packaging this now is no symlink,
> but a wrapper on its own and therefore needs an own entry that allows it
> to be executed.
>
> [1]: https://salsa.debian.org/qemu-team/qemu/-/commit/9944836d3
>
> Signed-off-by: Christian Ehrhardt <christian.ehrhardt at canonical.com>
> ---
> src/security/apparmor/libvirt-qemu | 1 +
> 1 file changed, 1 insertion(+)
>
Reviewed-by: Michal Privoznik <mprivozn at redhat.com>
Michal
More information about the libvir-list
mailing list