1. Patchew
  2. Libvirt
  3. View series

[PATCH] apparmor: Allow running loongarch64 VMs on Debian 12

Xianglai Li posted 1 patch 1 year, 1 month ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20241217122918.3113739-2-lixianglai@loongson.cn
src/security/apparmor/libvirt-qemu.in | 1 +
src/security/virt-aa-helper.c         | 1 +
2 files changed, 2 insertions(+)
[PATCH] apparmor: Allow running loongarch64 VMs on Debian 12
Posted by Xianglai Li 1 year, 1 month ago 
Allows to load firmware in the qemu-efi-loongarch64 directory
Allows the binary qemu-system-loongarch64 to be run

This makes it impossible to run loongarch64 VMs when AppArmor is enabled

Signed-off-by: Xianglai Li <lixianglai@loongson.cn>
---
 src/security/apparmor/libvirt-qemu.in | 1 +
 src/security/virt-aa-helper.c         | 1 +
 2 files changed, 2 insertions(+)

diff --git a/src/security/apparmor/libvirt-qemu.in b/src/security/apparmor/libvirt-qemu.in
index 694da26dea..c63077574e 100644
--- a/src/security/apparmor/libvirt-qemu.in
+++ b/src/security/apparmor/libvirt-qemu.in
@@ -144,6 +144,7 @@
   /usr/bin/qemu-system-hppa rmix,
   /usr/bin/qemu-system-i386 rmix,
   /usr/bin/qemu-system-lm32 rmix,
+  /usr/bin/qemu-system-loongarch64 rmix,
   /usr/bin/qemu-system-m68k rmix,
   /usr/bin/qemu-system-microblaze rmix,
   /usr/bin/qemu-system-microblazeel rmix,
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 1cf9d7ad3d..94a28bf331 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -481,6 +481,7 @@ valid_path(const char *path, const bool readonly)
         "/usr/share/AAVMF/",
         "/usr/share/qemu-efi/",              /* for AAVMF images */
         "/usr/share/qemu-efi-aarch64/",
+        "/usr/share/qemu-efi-loongarch64/",
         "/usr/share/qemu-efi-riscv64/",
         "/usr/share/qemu/",                  /* SUSE path for OVMF and AAVMF images */
         "/usr/lib/u-boot/",
-- 
2.39.1
Re: [PATCH] apparmor: Allow running loongarch64 VMs on Debian 12
Posted by lixianglai 1 year, 1 month ago 
ping

> Allows to load firmware in the qemu-efi-loongarch64 directory
> Allows the binary qemu-system-loongarch64 to be run
>
> This makes it impossible to run loongarch64 VMs when AppArmor is enabled
>
> Signed-off-by: Xianglai Li <lixianglai@loongson.cn>
> ---
>   src/security/apparmor/libvirt-qemu.in | 1 +
>   src/security/virt-aa-helper.c         | 1 +
>   2 files changed, 2 insertions(+)
>
> diff --git a/src/security/apparmor/libvirt-qemu.in b/src/security/apparmor/libvirt-qemu.in
> index 694da26dea..c63077574e 100644
> --- a/src/security/apparmor/libvirt-qemu.in
> +++ b/src/security/apparmor/libvirt-qemu.in
> @@ -144,6 +144,7 @@
>     /usr/bin/qemu-system-hppa rmix,
>     /usr/bin/qemu-system-i386 rmix,
>     /usr/bin/qemu-system-lm32 rmix,
> +  /usr/bin/qemu-system-loongarch64 rmix,
>     /usr/bin/qemu-system-m68k rmix,
>     /usr/bin/qemu-system-microblaze rmix,
>     /usr/bin/qemu-system-microblazeel rmix,
> diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
> index 1cf9d7ad3d..94a28bf331 100644
> --- a/src/security/virt-aa-helper.c
> +++ b/src/security/virt-aa-helper.c
> @@ -481,6 +481,7 @@ valid_path(const char *path, const bool readonly)
>           "/usr/share/AAVMF/",
>           "/usr/share/qemu-efi/",              /* for AAVMF images */
>           "/usr/share/qemu-efi-aarch64/",
> +        "/usr/share/qemu-efi-loongarch64/",
>           "/usr/share/qemu-efi-riscv64/",
>           "/usr/share/qemu/",                  /* SUSE path for OVMF and AAVMF images */
>           "/usr/lib/u-boot/",

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.