1. Patchew
  2. Libvirt
  3. View series

[PATCH] apparmor: Allow running i686 VMs on Debian 12

Andrea Bolognani posted 1 patch 6 months, 1 week ago 
src/security/apparmor/libvirt-qemu.in | 3 +++
1 file changed, 3 insertions(+)
[PATCH] apparmor: Allow running i686 VMs on Debian 12
Posted by Andrea Bolognani 6 months, 1 week ago 
In Debian 12, the qemu-system-i386 binary in /usr/bin is a wrapper
script, with the actual executable living in /usr/libexec instead.
This makes it impossible to run i686 VMs when AppArmor is enabled.

Allow running the actual binary.

https://bugs.debian.org/1030926

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
---
 src/security/apparmor/libvirt-qemu.in | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/security/apparmor/libvirt-qemu.in b/src/security/apparmor/libvirt-qemu.in
index 8f17256554..694da26dea 100644
--- a/src/security/apparmor/libvirt-qemu.in
+++ b/src/security/apparmor/libvirt-qemu.in
@@ -172,6 +172,9 @@
   /usr/bin/qemu-system-xtensaeb rmix,
   /usr/bin/qemu-unicore32 rmix,
   /usr/bin/qemu-x86_64 rmix,
+  # Debian 12 has a wrapper script in /usr/bin while the actual
+  # binary lives in /usr/libexec (Debian: #1030926)
+  /usr/libexec/qemu-system-i386 rmix,
   # for Debian/Ubuntu qemu-block-extra / RPMs qemu-block-* (LP: #1554761)
   /usr/{lib,lib64}/qemu/*.so mr,
   /usr/lib/@{multiarch}/qemu/*.so mr,
-- 
2.46.2
Re: [PATCH] apparmor: Allow running i686 VMs on Debian 12
Posted by Jim Fehlig via Devel 6 months, 1 week ago 
On 10/15/24 03:57, Andrea Bolognani wrote:
> In Debian 12, the qemu-system-i386 binary in /usr/bin is a wrapper
> script, with the actual executable living in /usr/libexec instead.
> This makes it impossible to run i686 VMs when AppArmor is enabled.
> 
> Allow running the actual binary.
> 
> https://bugs.debian.org/1030926
> 
> Signed-off-by: Andrea Bolognani <abologna@redhat.com>
> ---
>   src/security/apparmor/libvirt-qemu.in | 3 +++
>   1 file changed, 3 insertions(+)

Reviewed-by: Jim Fehlig <jfehlig@suse.com>

Regards,
Jim

> 
> diff --git a/src/security/apparmor/libvirt-qemu.in b/src/security/apparmor/libvirt-qemu.in
> index 8f17256554..694da26dea 100644
> --- a/src/security/apparmor/libvirt-qemu.in
> +++ b/src/security/apparmor/libvirt-qemu.in
> @@ -172,6 +172,9 @@
>     /usr/bin/qemu-system-xtensaeb rmix,
>     /usr/bin/qemu-unicore32 rmix,
>     /usr/bin/qemu-x86_64 rmix,
> +  # Debian 12 has a wrapper script in /usr/bin while the actual
> +  # binary lives in /usr/libexec (Debian: #1030926)
> +  /usr/libexec/qemu-system-i386 rmix,
>     # for Debian/Ubuntu qemu-block-extra / RPMs qemu-block-* (LP: #1554761)
>     /usr/{lib,lib64}/qemu/*.so mr,
>     /usr/lib/@{multiarch}/qemu/*.so mr,

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.