Re: [libvirt] [PATCH 01/10] virt-aa-helper, apparmor: allow /usr/share/OVMF/ too

2017-06-16 Thread Guido Günther 
On Fri, Jun 02, 2017 at 08:46:26PM +0200, Guido Günther wrote:
> On Tue, May 23, 2017 at 06:22:39PM +0200, Stefan Bader wrote:
> > From: Simon McVittie 
> > 
> > The split firmware and variables files introduced by
> > https://bugs.debian.org/764918 are in a different directory for
> > some reason. Let the virtual machine read both.
> > 
> > Signed-off-by: Christian Ehrhardt 
> > Signed-off-by: Stefan Bader 
> > ---
> >  examples/apparmor/libvirt-qemu | 1 +
> >  src/security/virt-aa-helper.c  | 1 +
> >  tests/virt-aa-helper-test  | 7 ++-
> >  3 files changed, 8 insertions(+), 1 deletion(-)
> > 
> > diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu
> > index a9020aa..e0988bb 100644
> > --- a/examples/apparmor/libvirt-qemu
> > +++ b/examples/apparmor/libvirt-qemu
> > @@ -70,6 +70,7 @@
> >/usr/share/vgabios/** r,
> >/usr/share/seabios/** r,
> >/usr/share/ovmf/** r,
> > +  /usr/share/OVMF/** r,
> >  
> ># access PKI infrastructure
> >/etc/pki/libvirt-vnc/** r,
> > diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
> > index 5f5d1cd..6c5fc28 100644
> > --- a/src/security/virt-aa-helper.c
> > +++ b/src/security/virt-aa-helper.c
> > @@ -512,6 +512,7 @@ valid_path(const char *path, const bool readonly)
> >  "/vmlinuz",
> >  "/initrd",
> >  "/initrd.img",
> > +"/usr/share/OVMF/",  /* for OVMF images */
> >  "/usr/share/ovmf/"   /* for OVMF images */
> >  };
> >  /* override the above with these */
> > diff --git a/tests/virt-aa-helper-test b/tests/virt-aa-helper-test
> > index 68e9399..c05afc1 100755
> > --- a/tests/virt-aa-helper-test
> > +++ b/tests/virt-aa-helper-test
> > @@ -296,8 +296,13 @@ if [ -f /usr/share/ovmf/OVMF.fd ]; then
> >  -e "s,###DISK###,$disk1,g" \
> >  -e "s,, > type='pflash'>/usr/share/ovmf/OVMF.fd,g" "$template_xml" > 
> > "$test_xml"
> >  testme "0" "ovmf" "-r -u $valid_uuid" "$test_xml"
> > +elif [ -f /usr/share/OVMF/OVMF.fd ]; then
> > +sed -e "s,###UUID###,$uuid,g"  \
> > +-e "s,###DISK###,$disk1,g" \
> > +-e "s,, > type='pflash'>/usr/share/OVMF/OVMF.fd,g" "$template_xml" > 
> > "$test_xml"
> > +testme "0" "ovmf" "-r -u $valid_uuid" "$test_xml"
> >  else
> > -echo "Skipping OVMF test. Could not find /usr/share/ovmf/OVMF.fd"
> > +echo "Skipping OVMF test. Could not find /usr/share/ovmf/OVMF.fd or 
> > /usr/share/OVMF/OVMF.fd"
> >  fi
> >  
> >  sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e 
> > "s,,$tmpdir/initrd,g" "$template_xml" > 
> > "$test_xml"
> > -- 
> > 2.7.4
> > 
> > --
> > libvir-list mailing list
> > libvir-list@redhat.com
> > https://www.redhat.com/mailman/listinfo/libvir-list
> > 
> ACK

Pushed. Thanks
 -- Guido
.
>  -- Guido
> 
> --
> libvir-list mailing list
> libvir-list@redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list
> 

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 01/10] virt-aa-helper, apparmor: allow /usr/share/OVMF/ too

2017-06-02 Thread Guido Günther 
On Tue, May 23, 2017 at 06:22:39PM +0200, Stefan Bader wrote:
> From: Simon McVittie 
> 
> The split firmware and variables files introduced by
> https://bugs.debian.org/764918 are in a different directory for
> some reason. Let the virtual machine read both.
> 
> Signed-off-by: Christian Ehrhardt 
> Signed-off-by: Stefan Bader 
> ---
>  examples/apparmor/libvirt-qemu | 1 +
>  src/security/virt-aa-helper.c  | 1 +
>  tests/virt-aa-helper-test  | 7 ++-
>  3 files changed, 8 insertions(+), 1 deletion(-)
> 
> diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu
> index a9020aa..e0988bb 100644
> --- a/examples/apparmor/libvirt-qemu
> +++ b/examples/apparmor/libvirt-qemu
> @@ -70,6 +70,7 @@
>/usr/share/vgabios/** r,
>/usr/share/seabios/** r,
>/usr/share/ovmf/** r,
> +  /usr/share/OVMF/** r,
>  
># access PKI infrastructure
>/etc/pki/libvirt-vnc/** r,
> diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
> index 5f5d1cd..6c5fc28 100644
> --- a/src/security/virt-aa-helper.c
> +++ b/src/security/virt-aa-helper.c
> @@ -512,6 +512,7 @@ valid_path(const char *path, const bool readonly)
>  "/vmlinuz",
>  "/initrd",
>  "/initrd.img",
> +"/usr/share/OVMF/",  /* for OVMF images */
>  "/usr/share/ovmf/"   /* for OVMF images */
>  };
>  /* override the above with these */
> diff --git a/tests/virt-aa-helper-test b/tests/virt-aa-helper-test
> index 68e9399..c05afc1 100755
> --- a/tests/virt-aa-helper-test
> +++ b/tests/virt-aa-helper-test
> @@ -296,8 +296,13 @@ if [ -f /usr/share/ovmf/OVMF.fd ]; then
>  -e "s,###DISK###,$disk1,g" \
>  -e "s,, type='pflash'>/usr/share/ovmf/OVMF.fd,g" "$template_xml" > 
> "$test_xml"
>  testme "0" "ovmf" "-r -u $valid_uuid" "$test_xml"
> +elif [ -f /usr/share/OVMF/OVMF.fd ]; then
> +sed -e "s,###UUID###,$uuid,g"  \
> +-e "s,###DISK###,$disk1,g" \
> +-e "s,, type='pflash'>/usr/share/OVMF/OVMF.fd,g" "$template_xml" > 
> "$test_xml"
> +testme "0" "ovmf" "-r -u $valid_uuid" "$test_xml"
>  else
> -echo "Skipping OVMF test. Could not find /usr/share/ovmf/OVMF.fd"
> +echo "Skipping OVMF test. Could not find /usr/share/ovmf/OVMF.fd or 
> /usr/share/OVMF/OVMF.fd"
>  fi
>  
>  sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e 
> "s,,$tmpdir/initrd,g" "$template_xml" > "$test_xml"
> -- 
> 2.7.4
> 
> --
> libvir-list mailing list
> libvir-list@redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list
> 
ACK.
 -- Guido

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH 01/10] virt-aa-helper, apparmor: allow /usr/share/OVMF/ too

2017-05-23 Thread Stefan Bader 
From: Simon McVittie 

The split firmware and variables files introduced by
https://bugs.debian.org/764918 are in a different directory for
some reason. Let the virtual machine read both.

Signed-off-by: Christian Ehrhardt 
Signed-off-by: Stefan Bader 
---
 examples/apparmor/libvirt-qemu | 1 +
 src/security/virt-aa-helper.c  | 1 +
 tests/virt-aa-helper-test  | 7 ++-
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu
index a9020aa..e0988bb 100644
--- a/examples/apparmor/libvirt-qemu
+++ b/examples/apparmor/libvirt-qemu
@@ -70,6 +70,7 @@
   /usr/share/vgabios/** r,
   /usr/share/seabios/** r,
   /usr/share/ovmf/** r,
+  /usr/share/OVMF/** r,
 
   # access PKI infrastructure
   /etc/pki/libvirt-vnc/** r,
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 5f5d1cd..6c5fc28 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -512,6 +512,7 @@ valid_path(const char *path, const bool readonly)
 "/vmlinuz",
 "/initrd",
 "/initrd.img",
+"/usr/share/OVMF/",  /* for OVMF images */
 "/usr/share/ovmf/"   /* for OVMF images */
 };
 /* override the above with these */
diff --git a/tests/virt-aa-helper-test b/tests/virt-aa-helper-test
index 68e9399..c05afc1 100755
--- a/tests/virt-aa-helper-test
+++ b/tests/virt-aa-helper-test
@@ -296,8 +296,13 @@ if [ -f /usr/share/ovmf/OVMF.fd ]; then
 -e "s,###DISK###,$disk1,g" \
 -e "s,,/usr/share/ovmf/OVMF.fd,g" "$template_xml" > 
"$test_xml"
 testme "0" "ovmf" "-r -u $valid_uuid" "$test_xml"
+elif [ -f /usr/share/OVMF/OVMF.fd ]; then
+sed -e "s,###UUID###,$uuid,g"  \
+-e "s,###DISK###,$disk1,g" \
+-e "s,,/usr/share/OVMF/OVMF.fd,g" "$template_xml" > 
"$test_xml"
+testme "0" "ovmf" "-r -u $valid_uuid" "$test_xml"
 else
-echo "Skipping OVMF test. Could not find /usr/share/ovmf/OVMF.fd"
+echo "Skipping OVMF test. Could not find /usr/share/ovmf/OVMF.fd or 
/usr/share/OVMF/OVMF.fd"
 fi
 
 sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e 
"s,,$tmpdir/initrd,g" "$template_xml" > "$test_xml"
-- 
2.7.4

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list