]> git.ipfire.org Git - thirdparty/libvirt.git/commitdiff
projects / thirdparty / libvirt.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4d95f55)
security: apparmor: Allow RO /usr/share/edk2/
authorCole Robinson <crobinso@redhat.com>
Wed, 9 Oct 2019 18:21:24 +0000 (14:21 -0400)
committerCole Robinson <crobinso@redhat.com>
Fri, 11 Oct 2019 14:52:54 +0000 (10:52 -0400)
On Fedora, already whitelisted paths to AAVMF and OVMF binaries
are symlinks to binaries under /usr/share/edk2/. Add that directory
to the RO whitelist so virt-aa-helper-test passes

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
src/security/virt-aa-helper.c patch | blob | blame | history

diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index d9f6b5638bd0448a941ce502224ab4f615ed4448..509187ac3650cf9152e9a963186bbbc7e9ecf6d0 100644 (file)
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -505,6 +505,7 @@ valid_path(const char *path, const bool readonly)
         "/vmlinuz",
         "/initrd",
         "/initrd.img",
+        "/usr/share/edk2/",
         "/usr/share/OVMF/",              /* for OVMF images */
         "/usr/share/ovmf/",              /* for OVMF images */
         "/usr/share/AAVMF/",             /* for AAVMF images */
Mirror of https://github.com/libvirt/libvirt.git