[PATCH] apparmor: allow kvm-spice compat wrapper
Christian Ehrhardt
christian.ehrhardt at canonical.com
Tue Nov 17 14:58:57 UTC 2020
On Mon, Nov 16, 2020 at 3:28 PM Michal Privoznik <mprivozn at redhat.com> wrote:
>
> On 11/16/20 1:26 PM, Christian Ehrhardt wrote:
> > 'kvm-spice' is a binary name used to call 'kvm' which actually is a wrapper
> > around qemu-system-x86_64 enabling kvm acceleration. This isn't in use
> > for quite a while anymore, but required to work for compatibility e.g.
> > when migrating in old guests.
> >
> > For years this was a symlink kvm-spice->kvm and therefore covered
> > apparmor-wise by the existing entry:
> > /usr/bin/kvm rmix,
> > But due to a recent change [1] in qemu packaging this now is no symlink,
> > but a wrapper on its own and therefore needs an own entry that allows it
> > to be executed.
> >
> > [1]: https://salsa.debian.org/qemu-team/qemu/-/commit/9944836d3
> >
> > Signed-off-by: Christian Ehrhardt <christian.ehrhardt at canonical.com>
> > ---
> > src/security/apparmor/libvirt-qemu | 1 +
> > 1 file changed, 1 insertion(+)
> >
>
> Reviewed-by: Michal Privoznik <mprivozn at redhat.com>
Thank you Michal,
it also passed fine through my tests (as backport to 6.8 and 6.9).
We are not in any freeze, review has happened, tests LGTM - pushed to git.
> Michal
>
--
Christian Ehrhardt
Staff Engineer, Ubuntu Server
Canonical Ltd
More information about the libvir-list
mailing list