Re: [PATCH] security: Add support for SUSE edk2 firmware paths

On 3/2/23 07:43, Andrea Bolognani wrote: On Thu, Feb 23, 2023 at 11:13:28AM -0700, Jim Fehlig wrote: +++ b/src/security/apparmor/libvirt-qemu @@ -91,7 +91,7 @@ /usr/share/proll/** r, /usr/share/qemu-efi/** r, /usr/share/qemu-kvm/** r, - /usr/share/qemu/** r, + /usr/share/qemu/**

Re: [PATCH] security: Add support for SUSE edk2 firmware paths

On Thu, Feb 23, 2023 at 11:13:28AM -0700, Jim Fehlig wrote: > +++ b/src/security/apparmor/libvirt-qemu > @@ -91,7 +91,7 @@ >/usr/share/proll/** r, >/usr/share/qemu-efi/** r, >/usr/share/qemu-kvm/** r, > - /usr/share/qemu/** r, > + /usr/share/qemu/** rk, >/usr/share/seabios/** r,

Re: [PATCH] security: Add support for SUSE edk2 firmware paths

On 2/23/23 19:13, Jim Fehlig wrote: > SUSE installs edk2 firmwares for both x86_64 and aarch64 in /usr/share/qemu. > Add support for this path in virt-aa-helper and allow locking files within > the path in the libvirt qemu abstraction. > > Signed-off-by: Jim Fehlig > --- > > FYI, I'm fine

[PATCH] security: Add support for SUSE edk2 firmware paths

SUSE installs edk2 firmwares for both x86_64 and aarch64 in /usr/share/qemu. Add support for this path in virt-aa-helper and allow locking files within the path in the libvirt qemu abstraction. Signed-off-by: Jim Fehlig --- FYI, I'm fine maintaining this patch downstream if such distro-specific