[libvirt PATCH] apparmor: Enable locking AAVMF firmware

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

We already allow this for OVMF.

Closes: https://gitlab.com/libvirt/libvirt/-/issues/312
Signed-off-by: Andrea Bolognani <abologna@xxxxxxxxxx>
---
 src/security/apparmor/libvirt-qemu | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/security/apparmor/libvirt-qemu b/src/security/apparmor/libvirt-qemu
index c29168da27..02ee273e7e 100644
--- a/src/security/apparmor/libvirt-qemu
+++ b/src/security/apparmor/libvirt-qemu
@@ -78,7 +78,7 @@
   /var/lib/dbus/machine-id r,
 
   # access to firmware's etc
-  /usr/share/AAVMF/** r,
+  /usr/share/AAVMF/** rk,
   /usr/share/bochs/** r,
   /usr/share/edk2-ovmf/** rk,
   /usr/share/kvm/** r,
-- 
2.35.3
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux