On Mon, Nov 16, 2020 at 3:28 PM Michal Privoznik <mpriv...@redhat.com> wrote: > > On 11/16/20 1:26 PM, Christian Ehrhardt wrote: > > 'kvm-spice' is a binary name used to call 'kvm' which actually is a wrapper > > around qemu-system-x86_64 enabling kvm acceleration. This isn't in use > > for quite a while anymore, but required to work for compatibility e.g. > > when migrating in old guests. > > > > For years this was a symlink kvm-spice->kvm and therefore covered > > apparmor-wise by the existing entry: > > /usr/bin/kvm rmix, > > But due to a recent change [1] in qemu packaging this now is no symlink, > > but a wrapper on its own and therefore needs an own entry that allows it > > to be executed. > > > > [1]: https://salsa.debian.org/qemu-team/qemu/-/commit/9944836d3 > > > > Signed-off-by: Christian Ehrhardt <christian.ehrha...@canonical.com> > > --- > > src/security/apparmor/libvirt-qemu | 1 + > > 1 file changed, 1 insertion(+) > > > > Reviewed-by: Michal Privoznik <mpriv...@redhat.com>
Thank you Michal, it also passed fine through my tests (as backport to 6.8 and 6.9). We are not in any freeze, review has happened, tests LGTM - pushed to git. > Michal > -- Christian Ehrhardt Staff Engineer, Ubuntu Server Canonical Ltd
