On 10/15/24 03:57, Andrea Bolognani wrote:
In Debian 12, the qemu-system-i386 binary in /usr/bin is a wrapper
script, with the actual executable living in /usr/libexec instead.
This makes it impossible to run i686 VMs when AppArmor is enabled.
Allow running the actual binary.
https://bugs.debian.org/1030926
Signed-off-by: Andrea Bolognani <abologna@xxxxxxxxxx>
---
src/security/apparmor/libvirt-qemu.in | 3 +++
1 file changed, 3 insertions(+)
Reviewed-by: Jim Fehlig <jfehlig@xxxxxxxx>
Regards,
Jim
diff --git a/src/security/apparmor/libvirt-qemu.in b/src/security/apparmor/libvirt-qemu.in
index 8f17256554..694da26dea 100644
--- a/src/security/apparmor/libvirt-qemu.in
+++ b/src/security/apparmor/libvirt-qemu.in
@@ -172,6 +172,9 @@
/usr/bin/qemu-system-xtensaeb rmix,
/usr/bin/qemu-unicore32 rmix,
/usr/bin/qemu-x86_64 rmix,
+ # Debian 12 has a wrapper script in /usr/bin while the actual
+ # binary lives in /usr/libexec (Debian: #1030926)
+ /usr/libexec/qemu-system-i386 rmix,
# for Debian/Ubuntu qemu-block-extra / RPMs qemu-block-* (LP: #1554761)
/usr/{lib,lib64}/qemu/*.so mr,
/usr/lib/@{multiarch}/qemu/*.so mr,
