From nobody Sun Dec 22 01:42:07 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates
 8.43.85.245 as permitted sender) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1734439811893108.07590286855316;
 Tue, 17 Dec 2024 04:50:11 -0800 (PST)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id BC6A915B5; Tue, 17 Dec 2024 07:50:10 -0500 (EST)
Received: from lists.libvirt.org (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id C40481584;
	Tue, 17 Dec 2024 07:49:51 -0500 (EST)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id EDBF31560; Tue, 17 Dec 2024 07:49:48 -0500 (EST)
Received: from mx1.osci.io (polly.osci.io [8.43.85.229])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id 927F6148B
	for <devel@lists.libvirt.org>; Tue, 17 Dec 2024 07:49:48 -0500 (EST)
Received: by mx1.osci.io (Postfix, from userid 995)
	id 7210B27AAB; Tue, 17 Dec 2024 07:49:48 -0500 (EST)
Received: from mail.loongson.cn (mail.loongson.cn [114.242.206.163])
	by mx1.osci.io (Postfix) with ESMTP id 1BEED27AA9
	for <devel@lists.libvirt.org>; Tue, 17 Dec 2024 07:49:45 -0500 (EST)
Received: from loongson.cn (unknown [10.2.5.185])
	by gateway (Coremail) with SMTP id _____8CxieAFc2Fnq8ZXAA--.39970S3;
	Tue, 17 Dec 2024 20:48:05 +0800 (CST)
Received: from localhost.localdomain (unknown [10.2.5.185])
	by front1 (Coremail) with SMTP id qMiowMDxfccEc2Fn5zUAAA--.1624S2;
	Tue, 17 Dec 2024 20:48:04 +0800 (CST)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: 
X-Spam-Status: No,
 score=-0.7 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,RCVD_IN_VALIDITY_RPBL_BLOCKED,
	RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable
	autolearn_force=no version=3.4.4
X-Greylist: delayed 92 seconds by postgrey-1.37 at polly.osci.io;
 Tue, 17 Dec 2024 07:49:46 EST
From: Xianglai Li <lixianglai@loongson.cn>
To: devel@lists.libvirt.org
Subject: [PATCH] apparmor: Allow running loongarch64 VMs on Debian 12
Date: Tue, 17 Dec 2024 20:29:17 +0800
Message-Id: <20241217122918.3113739-1-lixianglai@loongson.cn>
X-Mailer: git-send-email 2.39.1
MIME-Version: 1.0
X-CM-TRANSID: qMiowMDxfccEc2Fn5zUAAA--.1624S2
X-CM-SenderInfo: 5ol0xt5qjotxo6or00hjvr0hdfq/
X-Coremail-Antispam: 1Uk129KBjDUn29KB7ZKAUJUUUUU529EdanIXcx71UUUUU7KY7
	ZEXasCq-sGcSsGvfJ3UbIjqfuFe4nvWSU5nxnvy29KBjDU0xBIdaVrnUUvcSsGvfC2Kfnx
	nUUI43ZEXa7xR_UUUUUUUUU==
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: IU7KHMVCORZP4E525RQI7A6BZARXN5CB
X-Message-ID-Hash: IU7KHMVCORZP4E525RQI7A6BZARXN5CB
X-MailFrom: SRS0=9t67=TK=loongson.cn=lixianglai@osci.io
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/IU7KHMVCORZP4E525RQI7A6BZARXN5CB/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
X-ZM-MESSAGEID: 1734439812383116600
Content-Type: text/plain; charset="utf-8"

Allows to load firmware in the qemu-efi-loongarch64 directory
Allows the binary qemu-system-loongarch64 to be run

This makes it impossible to run loongarch64 VMs when AppArmor is enabled

Signed-off-by: Xianglai Li <lixianglai@loongson.cn>
---
 src/security/apparmor/libvirt-qemu.in | 1 +
 src/security/virt-aa-helper.c         | 1 +
 2 files changed, 2 insertions(+)

diff --git a/src/security/apparmor/libvirt-qemu.in b/src/security/apparmor/=
libvirt-qemu.in
index 694da26dea..c63077574e 100644
--- a/src/security/apparmor/libvirt-qemu.in
+++ b/src/security/apparmor/libvirt-qemu.in
@@ -144,6 +144,7 @@
   /usr/bin/qemu-system-hppa rmix,
   /usr/bin/qemu-system-i386 rmix,
   /usr/bin/qemu-system-lm32 rmix,
+  /usr/bin/qemu-system-loongarch64 rmix,
   /usr/bin/qemu-system-m68k rmix,
   /usr/bin/qemu-system-microblaze rmix,
   /usr/bin/qemu-system-microblazeel rmix,
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 1cf9d7ad3d..94a28bf331 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -481,6 +481,7 @@ valid_path(const char *path, const bool readonly)
         "/usr/share/AAVMF/",
         "/usr/share/qemu-efi/",              /* for AAVMF images */
         "/usr/share/qemu-efi-aarch64/",
+        "/usr/share/qemu-efi-loongarch64/",
         "/usr/share/qemu-efi-riscv64/",
         "/usr/share/qemu/",                  /* SUSE path for OVMF and AAV=
MF images */
         "/usr/lib/u-boot/",
--=20
2.39.1