commit: be9b86298e8627bd14928f0b61ef0b32148d90a8 Author: Michal Privoznik <michal.privoznik <AT> gmail <DOT> com> AuthorDate: Sun Jul 7 05:40:13 2024 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Sun Jul 7 07:38:30 2024 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=be9b8629
app-emulation/libvirt: Backport AppArmor fix When AppArmor is enabled and sys-firmware/edk2-ovmf-bin is installed then starting a guest under libvirt fails, because libvirt assumed different paths for UEFI. A fix was merged upstream so backport it. Resolves: https://bugs.gentoo.org/911786 Signed-off-by: Michal Privoznik <michal.privoznik <AT> gmail.com> Signed-off-by: Sam James <sam <AT> gentoo.org> ...per-Allow-RO-access-to-usr-share-edk2-ovm.patch | 33 ++++++++++++++++++++++ ...t-10.0.0-r2.ebuild => libvirt-10.0.0-r3.ebuild} | 1 + ...t-10.1.0-r1.ebuild => libvirt-10.1.0-r2.ebuild} | 1 + ...virt-10.2.0.ebuild => libvirt-10.2.0-r1.ebuild} | 1 + ...t-10.3.0-r1.ebuild => libvirt-10.3.0-r2.ebuild} | 1 + ...irt-9.8.0-r2.ebuild => libvirt-9.8.0-r3.ebuild} | 1 + ...irt-9.9.0-r2.ebuild => libvirt-9.9.0-r3.ebuild} | 1 + 7 files changed, 39 insertions(+) diff --git a/app-emulation/libvirt/files/libvirt-10.5.0-virt-aa-helper-Allow-RO-access-to-usr-share-edk2-ovm.patch b/app-emulation/libvirt/files/libvirt-10.5.0-virt-aa-helper-Allow-RO-access-to-usr-share-edk2-ovm.patch new file mode 100644 index 000000000000..ed41fccddbe6 --- /dev/null +++ b/app-emulation/libvirt/files/libvirt-10.5.0-virt-aa-helper-Allow-RO-access-to-usr-share-edk2-ovm.patch @@ -0,0 +1,33 @@ +From 893800be49d2d58f78c96e4f06d9f24188cb8946 Mon Sep 17 00:00:00 2001 +Message-ID: <893800be49d2d58f78c96e4f06d9f24188cb8946.1720330325.git.mpriv...@redhat.com> +From: Michal Privoznik <[email protected]> +Date: Thu, 4 Jul 2024 13:07:47 +0200 +Subject: [PATCH] virt-aa-helper: Allow RO access to /usr/share/edk2-ovmf + +When binary version of edk2 is distributed, the files reside +under /usr/share/edk2-ovmf as can be seen from Gentoo's ebuild +[1]. Allow virt-aa-helper to generate paths under that dir. + +1: https://gitweb.gentoo.org/repo/gentoo.git/tree/sys-firmware/edk2-ovmf-bin/edk2-ovmf-bin-202202.ebuild +Resolves: https://bugs.gentoo.org/911786 +Signed-off-by: Michal Privoznik <[email protected]> +Reviewed-by: Andrea Bolognani <[email protected]> +--- + src/security/virt-aa-helper.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c +index 402cbd9602..a3f85d26b0 100644 +--- a/src/security/virt-aa-helper.c ++++ b/src/security/virt-aa-helper.c +@@ -475,6 +475,7 @@ valid_path(const char *path, const bool readonly) + "/initrd", + "/initrd.img", + "/usr/share/edk2/", ++ "/usr/share/edk2-ovmf/", /* for OVMF images */ + "/usr/share/OVMF/", /* for OVMF images */ + "/usr/share/ovmf/", /* for OVMF images */ + "/usr/share/AAVMF/", /* for AAVMF images */ +-- +2.44.2 + diff --git a/app-emulation/libvirt/libvirt-10.0.0-r2.ebuild b/app-emulation/libvirt/libvirt-10.0.0-r3.ebuild similarity index 99% rename from app-emulation/libvirt/libvirt-10.0.0-r2.ebuild rename to app-emulation/libvirt/libvirt-10.0.0-r3.ebuild index 6ef0ed221ed8..311baf701f72 100644 --- a/app-emulation/libvirt/libvirt-10.0.0-r2.ebuild +++ b/app-emulation/libvirt/libvirt-10.0.0-r3.ebuild @@ -154,6 +154,7 @@ PATCHES=( "${FILESDIR}"/${PN}-9.6.0-fix-paths-for-apparmor.patch "${FILESDIR}"/${PN}-10.1.0-Fix-off-by-one-error-in-udevListInterfacesByStatus.patch "${FILESDIR}"/${PN}-10.2.0-remote-check-for-negative-array-lengths-before-alloc.patch + "${FILESDIR}"/${PN}-10.5.0-virt-aa-helper-Allow-RO-access-to-usr-share-edk2-ovm.patch ) python_check_deps() { diff --git a/app-emulation/libvirt/libvirt-10.1.0-r1.ebuild b/app-emulation/libvirt/libvirt-10.1.0-r2.ebuild similarity index 99% rename from app-emulation/libvirt/libvirt-10.1.0-r1.ebuild rename to app-emulation/libvirt/libvirt-10.1.0-r2.ebuild index f3cc8929a599..01f7155ea228 100644 --- a/app-emulation/libvirt/libvirt-10.1.0-r1.ebuild +++ b/app-emulation/libvirt/libvirt-10.1.0-r2.ebuild @@ -153,6 +153,7 @@ PATCHES=( "${FILESDIR}"/${PN}-9.9.0-do-not-use-sysconfig.patch "${FILESDIR}"/${PN}-9.6.0-fix-paths-for-apparmor.patch "${FILESDIR}"/${PN}-10.2.0-remote-check-for-negative-array-lengths-before-alloc.patch + "${FILESDIR}"/${PN}-10.5.0-virt-aa-helper-Allow-RO-access-to-usr-share-edk2-ovm.patch ) python_check_deps() { diff --git a/app-emulation/libvirt/libvirt-10.2.0.ebuild b/app-emulation/libvirt/libvirt-10.2.0-r1.ebuild similarity index 99% rename from app-emulation/libvirt/libvirt-10.2.0.ebuild rename to app-emulation/libvirt/libvirt-10.2.0-r1.ebuild index b02aa7c5b956..50ade39e29f4 100644 --- a/app-emulation/libvirt/libvirt-10.2.0.ebuild +++ b/app-emulation/libvirt/libvirt-10.2.0-r1.ebuild @@ -152,6 +152,7 @@ PATCHES=( "${FILESDIR}"/${PN}-9.4.0-fix_paths_in_libvirt-guests_sh.patch "${FILESDIR}"/${PN}-9.9.0-do-not-use-sysconfig.patch "${FILESDIR}"/${PN}-9.6.0-fix-paths-for-apparmor.patch + "${FILESDIR}"/${PN}-10.5.0-virt-aa-helper-Allow-RO-access-to-usr-share-edk2-ovm.patch ) python_check_deps() { diff --git a/app-emulation/libvirt/libvirt-10.3.0-r1.ebuild b/app-emulation/libvirt/libvirt-10.3.0-r2.ebuild similarity index 99% rename from app-emulation/libvirt/libvirt-10.3.0-r1.ebuild rename to app-emulation/libvirt/libvirt-10.3.0-r2.ebuild index d632f3bc2d3e..5ece4b388fa7 100644 --- a/app-emulation/libvirt/libvirt-10.3.0-r1.ebuild +++ b/app-emulation/libvirt/libvirt-10.3.0-r2.ebuild @@ -153,6 +153,7 @@ PATCHES=( "${FILESDIR}"/${PN}-9.9.0-do-not-use-sysconfig.patch "${FILESDIR}"/${PN}-9.6.0-fix-paths-for-apparmor.patch "${FILESDIR}"/${PN}-10.3.0-vsh-Don-t-init-history-in-cmdComplete.patch + "${FILESDIR}"/${PN}-10.5.0-virt-aa-helper-Allow-RO-access-to-usr-share-edk2-ovm.patch ) python_check_deps() { diff --git a/app-emulation/libvirt/libvirt-9.8.0-r2.ebuild b/app-emulation/libvirt/libvirt-9.8.0-r3.ebuild similarity index 99% rename from app-emulation/libvirt/libvirt-9.8.0-r2.ebuild rename to app-emulation/libvirt/libvirt-9.8.0-r3.ebuild index 500ab7f572ad..768b73c23918 100644 --- a/app-emulation/libvirt/libvirt-9.8.0-r2.ebuild +++ b/app-emulation/libvirt/libvirt-9.8.0-r3.ebuild @@ -149,6 +149,7 @@ PATCHES=( "${FILESDIR}"/${PN}-9.10.0-virxml-include-libxml-xmlsave.h-for-xmlIndentTreeOut.patch "${FILESDIR}"/${PN}-10.1.0-Fix-off-by-one-error-in-udevListInterfacesByStatus.patch "${FILESDIR}"/${PN}-10.2.0-remote-check-for-negative-array-lengths-before-alloc.patch + "${FILESDIR}"/${PN}-10.5.0-virt-aa-helper-Allow-RO-access-to-usr-share-edk2-ovm.patch ) pkg_setup() { diff --git a/app-emulation/libvirt/libvirt-9.9.0-r2.ebuild b/app-emulation/libvirt/libvirt-9.9.0-r3.ebuild similarity index 99% rename from app-emulation/libvirt/libvirt-9.9.0-r2.ebuild rename to app-emulation/libvirt/libvirt-9.9.0-r3.ebuild index 684c0dc7afe2..084fd6e3b72a 100644 --- a/app-emulation/libvirt/libvirt-9.9.0-r2.ebuild +++ b/app-emulation/libvirt/libvirt-9.9.0-r3.ebuild @@ -150,6 +150,7 @@ PATCHES=( "${FILESDIR}"/${PN}-9.10.0-virxml-include-libxml-xmlsave.h-for-xmlIndentTreeOut.patch "${FILESDIR}"/${PN}-10.1.0-Fix-off-by-one-error-in-udevListInterfacesByStatus.patch "${FILESDIR}"/${PN}-10.2.0-remote-check-for-negative-array-lengths-before-alloc.patch + "${FILESDIR}"/${PN}-10.5.0-virt-aa-helper-Allow-RO-access-to-usr-share-edk2-ovm.patch ) pkg_setup() {
