On 19.05.2017 09:46, Guido Günther wrote: > Hi Stefan, > On Thu, May 18, 2017 at 10:53:40AM +0200, Stefan Bader wrote: >> From: Simon McVittie <smcv@xxxxxxxxxx> >> >> The split firmware and variables files introduced by >> https://bugs.debian.org/764918 are in a different directory for some reason. >> Let the virtual machine read both. >> >> Extended by Christian Ehrhardt to generalize FW test (simplifies >> additional testing on firmware files in future). > > If you want to credit this separately I suggest to split the ode that > itroduces testfw into one commit (attributed to Christian) and the code > that adds read access to OVMF into another one (attributed to Simon). Though Simon already added some testing (just limited to the one addition made then). I guess I could re-submit Simon's patch as it was and create one additionally which only changes the testing (for future use). Which then the next (3/8) uses. > > Cheers, > -- Guido > >> >> Signed-off-by: Christian Ehrhardt <christian.ehrhardt@xxxxxxxxxxxxx> >> Signed-off-by: Stefan Bader <stefan.bader@xxxxxxxxxxxxx> >> Acked-by: Guido Günther <agx@xxxxxxxxxxx> >> --- >> examples/apparmor/libvirt-qemu | 1 + >> src/security/virt-aa-helper.c | 1 + >> tests/virt-aa-helper-test | 24 ++++++++++++++++-------- >> 3 files changed, 18 insertions(+), 8 deletions(-) >> >> diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu >> index a9020aa..e0988bb 100644 >> --- a/examples/apparmor/libvirt-qemu >> +++ b/examples/apparmor/libvirt-qemu >> @@ -70,6 +70,7 @@ >> /usr/share/vgabios/** r, >> /usr/share/seabios/** r, >> /usr/share/ovmf/** r, >> + /usr/share/OVMF/** r, >> >> # access PKI infrastructure >> /etc/pki/libvirt-vnc/** r, >> diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c >> index d976a00..dd166c2 100644 >> --- a/src/security/virt-aa-helper.c >> +++ b/src/security/virt-aa-helper.c >> @@ -512,6 +512,7 @@ valid_path(const char *path, const bool readonly) >> "/vmlinuz", >> "/initrd", >> "/initrd.img", >> + "/usr/share/OVMF/", /* for OVMF images */ >> "/usr/share/ovmf/" /* for OVMF images */ >> }; >> /* override the above with these */ >> diff --git a/tests/virt-aa-helper-test b/tests/virt-aa-helper-test >> index 68e9399..73f3080 100755 >> --- a/tests/virt-aa-helper-test >> +++ b/tests/virt-aa-helper-test >> @@ -145,6 +145,20 @@ testme() { >> fi >> } >> >> +testfw() { >> + title="$1" >> + fwpath="$2" >> + >> + if [ -f "$fwpath" ]; then >> + sed -e "s,###UUID###,$uuid,g" \ >> + -e "s,###DISK###,$disk1,g" \ >> + -e "s,</os>,<loader readonly='yes' type='pflash'>$fwpath</loader></os>,g" "$template_xml" > "$test_xml" >> + testme "0" "$title" "-r -u $valid_uuid" "$test_xml" >> + else >> + echo "Skipping FW $title test. Could not find $fwpath" >> + fi >> +} >> + >> # Expected failures >> echo "Expected failures:" >$output >> testme "1" "invalid arg" "-z" >> @@ -291,14 +305,8 @@ sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</os>,<kernel>$tm >> touch "$tmpdir/kernel" >> testme "0" "kernel" "-r -u $valid_uuid" "$test_xml" >> >> -if [ -f /usr/share/ovmf/OVMF.fd ]; then >> - sed -e "s,###UUID###,$uuid,g" \ >> - -e "s,###DISK###,$disk1,g" \ >> - -e "s,</os>,<loader readonly='yes' type='pflash'>/usr/share/ovmf/OVMF.fd</loader></os>,g" "$template_xml" > "$test_xml" >> - testme "0" "ovmf" "-r -u $valid_uuid" "$test_xml" >> -else >> - echo "Skipping OVMF test. Could not find /usr/share/ovmf/OVMF.fd" >> -fi >> +testfw "ovmf (old path)" "/usr/share/ovmf/OVMF.fd" >> +testfw "OVMF (new path)" "/usr/share/OVMF/OVMF_CODE.fd" >> >> sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</os>,<initrd>$tmpdir/initrd</initrd></os>,g" "$template_xml" > "$test_xml" >> touch "$tmpdir/initrd" >> -- >> 2.7.4 >> >> -- >> libvir-list mailing list >> libvir-list@xxxxxxxxxx >> https://www.redhat.com/mailman/listinfo/libvir-list > > -- > libvir-list mailing list > libvir-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/libvir-list >
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
