apparmor: Allow running i686 VMs on Debian 12

In Debian 12, the qemu-system-i386 binary in /usr/bin is a wrapper
script, with the actual executable living in /usr/libexec instead.
This makes it impossible to run i686 VMs when AppArmor is enabled.

Allow running the actual binary.

https://bugs.debian.org/1030926

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>

diff --git a/src/security/apparmor/libvirt-qemu.in b/src/security/apparmor/libvirt-qemu.in
index 8f1725655410972b6bb04f81f2beefa32845da8a..694da26dea02c9b13ee3174a787444d3b1eba7f6 100644 (file)
--- a/src/security/apparmor/libvirt-qemu.in
+++ b/src/security/apparmor/libvirt-qemu.in
@@ -172,6 +172,9 @@
   /usr/bin/qemu-system-xtensaeb rmix,
   /usr/bin/qemu-unicore32 rmix,
   /usr/bin/qemu-x86_64 rmix,
+  # Debian 12 has a wrapper script in /usr/bin while the actual
+  # binary lives in /usr/libexec (Debian: #1030926)
+  /usr/libexec/qemu-system-i386 rmix,
   # for Debian/Ubuntu qemu-block-extra / RPMs qemu-block-* (LP: #1554761)
   /usr/{lib,lib64}/qemu/*.so mr,
   /usr/lib/@{multiarch}/qemu/*.so mr,