We already allow this for OVMF.

Closes: https://gitlab.com/libvirt/libvirt/-/issues/312
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
---
 src/security/apparmor/libvirt-qemu | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/security/apparmor/libvirt-qemu b/src/security/apparmor/libvirt-qemu
index c29168da27..02ee273e7e 100644
--- a/src/security/apparmor/libvirt-qemu
+++ b/src/security/apparmor/libvirt-qemu
@@ -78,7 +78,7 @@
   /var/lib/dbus/machine-id r,
 
   # access to firmware's etc
-  /usr/share/AAVMF/** r,
+  /usr/share/AAVMF/** rk,
   /usr/share/bochs/** r,
   /usr/share/edk2-ovmf/** rk,
   /usr/share/kvm/** r,
-- 
2.35.3

On Mon, May 23, 2022 at 10:33:39AM +0200, Andrea Bolognani wrote:
>We already allow this for OVMF.
>
>Closes: https://gitlab.com/libvirt/libvirt/-/issues/312
>Signed-off-by: Andrea Bolognani <abologna@redhat.com>

Reviewed-by: Martin Kletzander <mkletzan@redhat.com>

>---
> src/security/apparmor/libvirt-qemu | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/src/security/apparmor/libvirt-qemu b/src/security/apparmor/libvirt-qemu
>index c29168da27..02ee273e7e 100644
>--- a/src/security/apparmor/libvirt-qemu
>+++ b/src/security/apparmor/libvirt-qemu
>@@ -78,7 +78,7 @@
>   /var/lib/dbus/machine-id r,
>
>   # access to firmware's etc
>-  /usr/share/AAVMF/** r,
>+  /usr/share/AAVMF/** rk,
>   /usr/share/bochs/** r,
>   /usr/share/edk2-ovmf/** rk,
>   /usr/share/kvm/** r,
>-- 
>2.35.3
>