[Pkg-libvirt-commits] [libvirt] 01/02: Add a patch to make virt-aa-helper allow reading the new location of OVMF firmware
Guido Guenther
agx at moszumanska.debian.org
Fri Jan 22 13:15:44 UTC 2016
This is an automated email from the git hooks/post-receive script.
agx pushed a commit to annotated tag debian/1.3.1-1
in repository libvirt.
commit a0b3e592da700104a3e6ed69ba9e21bf5bfd1a78
Author: Simon McVittie <smcv at debian.org>
Date: Fri Jan 22 13:34:14 2016 +0100
Add a patch to make virt-aa-helper allow reading the new location of OVMF firmware
Closes: #812069
---
debian/patches/series | 1 +
...-helper-apparmor-allow-usr-share-OVMF-too.patch | 56 ++++++++++++++++++++++
2 files changed, 57 insertions(+)
diff --git a/debian/patches/series b/debian/patches/series
index a1b31c3..df877c3 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -13,3 +13,4 @@ debian/Use-upstreams-polkit-rule.patch
Allow-access-to-libnl-3-config-files.patch
debian/apparmor_profiles_local_include.patch
debian/libsystemd.patch
+virt-aa-helper-apparmor-allow-usr-share-OVMF-too.patch
diff --git a/debian/patches/virt-aa-helper-apparmor-allow-usr-share-OVMF-too.patch b/debian/patches/virt-aa-helper-apparmor-allow-usr-share-OVMF-too.patch
new file mode 100644
index 0000000..41ee4a1
--- /dev/null
+++ b/debian/patches/virt-aa-helper-apparmor-allow-usr-share-OVMF-too.patch
@@ -0,0 +1,56 @@
+From: Simon McVittie <smcv at debian.org>
+Date: Tue, 19 Jan 2016 21:27:57 +0000
+Subject: virt-aa-helper, apparmor: allow /usr/share/OVMF/ too
+
+The split firmware and variables files introduced by
+https://bugs.debian.org/764918 are in a different directory for
+some reason. Let the virtual machine read both.
+---
+ examples/apparmor/libvirt-qemu | 1 +
+ src/security/virt-aa-helper.c | 1 +
+ tests/virt-aa-helper-test | 7 ++++++-
+ 3 files changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu
+index efb4873..9f996ab 100644
+--- a/examples/apparmor/libvirt-qemu
++++ b/examples/apparmor/libvirt-qemu
+@@ -67,6 +67,7 @@
+ /usr/share/vgabios/** r,
+ /usr/share/seabios/** r,
+ /usr/share/ovmf/** r,
++ /usr/share/OVMF/** r,
+
+ # access PKI infrastructure
+ /etc/pki/libvirt-vnc/** r,
+diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
+index 5de56e5..1a8f53e 100644
+--- a/src/security/virt-aa-helper.c
++++ b/src/security/virt-aa-helper.c
+@@ -570,6 +570,7 @@ valid_path(const char *path, const bool readonly)
+ "/vmlinuz",
+ "/initrd",
+ "/initrd.img",
++ "/usr/share/OVMF/", /* for OVMF images */
+ "/usr/share/ovmf/" /* for OVMF images */
+ };
+ /* override the above with these */
+diff --git a/tests/virt-aa-helper-test b/tests/virt-aa-helper-test
+index 1d03f5f..7e7a032 100755
+--- a/tests/virt-aa-helper-test
++++ b/tests/virt-aa-helper-test
+@@ -296,8 +296,13 @@ if [ -f /usr/share/ovmf/OVMF.fd ]; then
+ -e "s,###DISK###,$disk1,g" \
+ -e "s,</os>,<loader readonly='yes' type='pflash'>/usr/share/ovmf/OVMF.fd</loader></os>,g" "$template_xml" > "$test_xml"
+ testme "0" "ovmf" "-r -u $valid_uuid" "$test_xml"
++elif [ -f /usr/share/OVMF/OVMF.fd ]; then
++ sed -e "s,###UUID###,$uuid,g" \
++ -e "s,###DISK###,$disk1,g" \
++ -e "s,</os>,<loader readonly='yes' type='pflash'>/usr/share/OVMF/OVMF.fd</loader></os>,g" "$template_xml" > "$test_xml"
++ testme "0" "ovmf" "-r -u $valid_uuid" "$test_xml"
+ else
+- echo "Skipping OVMF test. Could not find /usr/share/ovmf/OVMF.fd"
++ echo "Skipping OVMF test. Could not find /usr/share/ovmf/OVMF.fd or /usr/share/OVMF/OVMF.fd"
+ fi
+
+ sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,</os>,<initrd>$tmpdir/initrd</initrd></os>,g" "$template_xml" > "$test_xml"
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-libvirt/libvirt.git
More information about the Pkg-libvirt-commits
mailing list