Re: [PATCH] apparmor: Allow running loongarch64 VMs on Debian 12

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



ping

Allows to load firmware in the qemu-efi-loongarch64 directory
Allows the binary qemu-system-loongarch64 to be run

This makes it impossible to run loongarch64 VMs when AppArmor is enabled

Signed-off-by: Xianglai Li <lixianglai@xxxxxxxxxxx>
---
  src/security/apparmor/libvirt-qemu.in | 1 +
  src/security/virt-aa-helper.c         | 1 +
  2 files changed, 2 insertions(+)

diff --git a/src/security/apparmor/libvirt-qemu.in b/src/security/apparmor/libvirt-qemu.in
index 694da26dea..c63077574e 100644
--- a/src/security/apparmor/libvirt-qemu.in
+++ b/src/security/apparmor/libvirt-qemu.in
@@ -144,6 +144,7 @@
    /usr/bin/qemu-system-hppa rmix,
    /usr/bin/qemu-system-i386 rmix,
    /usr/bin/qemu-system-lm32 rmix,
+  /usr/bin/qemu-system-loongarch64 rmix,
    /usr/bin/qemu-system-m68k rmix,
    /usr/bin/qemu-system-microblaze rmix,
    /usr/bin/qemu-system-microblazeel rmix,
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 1cf9d7ad3d..94a28bf331 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -481,6 +481,7 @@ valid_path(const char *path, const bool readonly)
          "/usr/share/AAVMF/",
          "/usr/share/qemu-efi/",              /* for AAVMF images */
          "/usr/share/qemu-efi-aarch64/",
+        "/usr/share/qemu-efi-loongarch64/",
          "/usr/share/qemu-efi-riscv64/",
          "/usr/share/qemu/",                  /* SUSE path for OVMF and AAVMF images */
          "/usr/lib/u-boot/",



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux