[libvirt PATCH] apparmor: Enable locking AAVMF firmware
Martin Kletzander
mkletzan at redhat.com
Mon May 23 09:31:58 UTC 2022
On Mon, May 23, 2022 at 10:33:39AM +0200, Andrea Bolognani wrote:
>We already allow this for OVMF.
>
>Closes: https://gitlab.com/libvirt/libvirt/-/issues/312
>Signed-off-by: Andrea Bolognani <abologna at redhat.com>
Reviewed-by: Martin Kletzander <mkletzan at redhat.com>
>---
> src/security/apparmor/libvirt-qemu | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/src/security/apparmor/libvirt-qemu b/src/security/apparmor/libvirt-qemu
>index c29168da27..02ee273e7e 100644
>--- a/src/security/apparmor/libvirt-qemu
>+++ b/src/security/apparmor/libvirt-qemu
>@@ -78,7 +78,7 @@
> /var/lib/dbus/machine-id r,
>
> # access to firmware's etc
>- /usr/share/AAVMF/** r,
>+ /usr/share/AAVMF/** rk,
> /usr/share/bochs/** r,
> /usr/share/edk2-ovmf/** rk,
> /usr/share/kvm/** r,
>--
>2.35.3
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20220523/22b019b2/attachment.sig>
More information about the libvir-list
mailing list