On 7/5/24 10:46, Andrea Bolognani wrote: > On Thu, Jul 04, 2024 at 01:13:36PM GMT, Michal Privoznik wrote: >> When binary version of edk2 is distributed, the files reside >> under /usr/share/edk2-ovmf as can be seen from Gentoo's ebuild >> [1]. Allow virt-aa-helper to generate paths under that dir. >> >> 1: https://gitweb.gentoo.org/repo/gentoo.git/tree/sys-firmware/edk2-ovmf-bin/edk2-ovmf-bin-202202.ebuild >> Resolves: https://bugs.gentoo.org/911786 >> Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx> >> --- >> src/security/virt-aa-helper.c | 1 + >> 1 file changed, 1 insertion(+) >> >> diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c >> index 402cbd9602..076b98a1d7 100644 >> --- a/src/security/virt-aa-helper.c >> +++ b/src/security/virt-aa-helper.c >> @@ -475,6 +475,7 @@ valid_path(const char *path, const bool readonly) >> "/initrd", >> "/initrd.img", >> "/usr/share/edk2/", >> + "/usr/share/edk2-ovmf/", >> "/usr/share/OVMF/", /* for OVMF images */ >> "/usr/share/ovmf/", /* for OVMF images */ >> "/usr/share/AAVMF/", /* for AAVMF images */ > > For consistency with existing entries, you could add a > > /* for OVMF images */ I thought that "-ovmf" suffix gave the clue, but apparently we don't trust developers in other entries too. /usr/share/OVMF is for OVMF images? /usr/share/AAVMF is for AAVMF images? Wow! I'll post a patch to fix this soon. > > comment to the right. Either way, > > Reviewed-by: Andrea Bolognani <abologna@xxxxxxxxxx> > Thanks. Michal
