From nobody Mon Feb  9 14:54:09 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates
 8.43.85.245 as permitted sender) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1734439988257109.02671876069314;
 Tue, 17 Dec 2024 04:53:08 -0800 (PST)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 431B61560; Tue, 17 Dec 2024 07:53:07 -0500 (EST)
Received: from lists.libvirt.org (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id D95E4158D;
	Tue, 17 Dec 2024 07:52:51 -0500 (EST)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 537D51565; Tue, 17 Dec 2024 07:52:48 -0500 (EST)
Received: from mail.loongson.cn (mail.loongson.cn [114.242.206.163])
	by lists.libvirt.org (Postfix) with ESMTP id 74416155C
	for <devel@lists.libvirt.org>; Tue, 17 Dec 2024 07:52:45 -0500 (EST)
Received: from loongson.cn (unknown [10.2.5.185])
	by gateway (Coremail) with SMTP id _____8CxSOEGc2FnrMZXAA--.39984S3;
	Tue, 17 Dec 2024 20:48:06 +0800 (CST)
Received: from localhost.localdomain (unknown [10.2.5.185])
	by front1 (Coremail) with SMTP id qMiowMDxfccEc2Fn5zUAAA--.1624S3;
	Tue, 17 Dec 2024 20:48:05 +0800 (CST)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: 
X-Spam-Status: No,
 score=-0.7 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,RCVD_IN_VALIDITY_RPBL_BLOCKED,
	RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable
	autolearn_force=no version=3.4.4
X-Greylist: delayed 179 seconds by postgrey-1.37 at lists.libvirt.org;
 Tue, 17 Dec 2024 07:52:45 EST
From: Xianglai Li <lixianglai@loongson.cn>
To: devel@lists.libvirt.org
Subject: [PATCH] apparmor: Allow running loongarch64 VMs on Debian 12
Date: Tue, 17 Dec 2024 20:29:18 +0800
Message-Id: <20241217122918.3113739-2-lixianglai@loongson.cn>
X-Mailer: git-send-email 2.39.1
In-Reply-To: <20241217122918.3113739-1-lixianglai@loongson.cn>
References: <20241217122918.3113739-1-lixianglai@loongson.cn>
MIME-Version: 1.0
X-CM-TRANSID: qMiowMDxfccEc2Fn5zUAAA--.1624S3
X-CM-SenderInfo: 5ol0xt5qjotxo6or00hjvr0hdfq/
X-Coremail-Antispam: 1Uk129KBjDUn29KB7ZKAUJUUUUU529EdanIXcx71UUUUU7KY7
	ZEXasCq-sGcSsGvfJ3UbIjqfuFe4nvWSU5nxnvy29KBjDU0xBIdaVrnUUvcSsGvfC2Kfnx
	nUUI43ZEXa7xR_UUUUUUUUU==
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: WNS4TGQSLMK6HRKTUPBZ233WWDMQP22F
X-Message-ID-Hash: WNS4TGQSLMK6HRKTUPBZ233WWDMQP22F
X-MailFrom: lixianglai@loongson.cn
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/WNS4TGQSLMK6HRKTUPBZ233WWDMQP22F/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
X-ZM-MESSAGEID: 1734439989173116600
Content-Type: text/plain; charset="utf-8"

Allows to load firmware in the qemu-efi-loongarch64 directory
Allows the binary qemu-system-loongarch64 to be run

This makes it impossible to run loongarch64 VMs when AppArmor is enabled

Signed-off-by: Xianglai Li <lixianglai@loongson.cn>
---
 src/security/apparmor/libvirt-qemu.in | 1 +
 src/security/virt-aa-helper.c         | 1 +
 2 files changed, 2 insertions(+)

diff --git a/src/security/apparmor/libvirt-qemu.in b/src/security/apparmor/=
libvirt-qemu.in
index 694da26dea..c63077574e 100644
--- a/src/security/apparmor/libvirt-qemu.in
+++ b/src/security/apparmor/libvirt-qemu.in
@@ -144,6 +144,7 @@
   /usr/bin/qemu-system-hppa rmix,
   /usr/bin/qemu-system-i386 rmix,
   /usr/bin/qemu-system-lm32 rmix,
+  /usr/bin/qemu-system-loongarch64 rmix,
   /usr/bin/qemu-system-m68k rmix,
   /usr/bin/qemu-system-microblaze rmix,
   /usr/bin/qemu-system-microblazeel rmix,
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 1cf9d7ad3d..94a28bf331 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -481,6 +481,7 @@ valid_path(const char *path, const bool readonly)
         "/usr/share/AAVMF/",
         "/usr/share/qemu-efi/",              /* for AAVMF images */
         "/usr/share/qemu-efi-aarch64/",
+        "/usr/share/qemu-efi-loongarch64/",
         "/usr/share/qemu-efi-riscv64/",
         "/usr/share/qemu/",                  /* SUSE path for OVMF and AAV=
MF images */
         "/usr/lib/u-boot/",
--=20
2.39.1