Hi, On 11.08.2015 22:32, Jamie Strandboge wrote: > It is missing in both Ubuntu and Debian. src/security/virt-aa-helper.c needs > to > update override[] in valid_path() to have '/usr/share/ovmf/'. I'll comment in > the Ubuntu bug.
Maybe I'm missing something but the blacklist in valid_path() seems overly paranoid. Allowing it to add read-only access to files from /usr/share should be harmless. Especially considering it can allow write access to /home, /root and /dev (yes, I know it has to). Cheers, Felix -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
