[Pkg-libvirt-maintainers] Bug#1030926: libvirt-daemon-system: Wrong AppArmor definition for /usr/bin/qemu-system-i386
Andrea Bolognani
eof at kiyuko.org
Wed Oct 16 13:15:37 BST 2024
Control: tags -1 fixed-upstream
On Tue, Oct 08, 2024 at 10:08:13AM -0400, Dietmar May wrote:
> > The obvious solution is to add this binary to "abstractions" and reload
> > apparmor.
>
> Confirmed that adding the following
>
> /usr/libexec/qemu-system-i386 rmix,
>
> to
>
> /etc/apparmor.d/abstractions/libvirt-qemu
>
> in bookworm 12.7 gets past this error. (At or about line 174 looks
> reasonable.)
Fix merged upstream.
commit 81493d8eb6ec5d3f063b0b5770df33ed656d6766
Author: Andrea Bolognani <abologna at redhat.com>
Date: Tue Oct 15 11:50:36 2024 +0200
apparmor: Allow running i686 VMs on Debian 12
In Debian 12, the qemu-system-i386 binary in /usr/bin is a wrapper
script, with the actual executable living in /usr/libexec instead.
This makes it impossible to run i686 VMs when AppArmor is enabled.
Allow running the actual binary.
https://bugs.debian.org/1030926
Signed-off-by: Andrea Bolognani <abologna at redhat.com>
Reviewed-by: Jim Fehlig <jfehlig at suse.com>
https://gitlab.com/libvirt/libvirt/-/commit/81493d8eb6ec5d3f063b0b5770df33ed656d6766
I'll work on ensuring that it's included in the next stable update.
--
Andrea Bolognani <eof at kiyuko.org>
Resistance is futile, you will be garbage collected.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-libvirt-maintainers/attachments/20241016/48879cad/attachment.sig>
More information about the Pkg-libvirt-maintainers
mailing list