When binary version of edk2 is distributed, the files reside
under /usr/share/edk2-ovmf as can be seen from Gentoo's ebuild
[1]. Allow virt-aa-helper to generate paths under that dir.
1: https://gitweb.gentoo.org/repo/gentoo.git/tree/sys-firmware/edk2-ovmf-bin/edk2-ovmf-bin-202202.ebuild
Resolves: https://bugs.gentoo.org/911786
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
src/security/virt-aa-helper.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 402cbd9602..076b98a1d7 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -475,6 +475,7 @@ valid_path(const char *path, const bool readonly)
"/initrd",
"/initrd.img",
"/usr/share/edk2/",
+ "/usr/share/edk2-ovmf/",
"/usr/share/OVMF/", /* for OVMF images */
"/usr/share/ovmf/", /* for OVMF images */
"/usr/share/AAVMF/", /* for AAVMF images */
--
2.44.2On Thu, Jul 04, 2024 at 01:13:36PM GMT, Michal Privoznik wrote: > When binary version of edk2 is distributed, the files reside > under /usr/share/edk2-ovmf as can be seen from Gentoo's ebuild > [1]. Allow virt-aa-helper to generate paths under that dir. > > 1: https://gitweb.gentoo.org/repo/gentoo.git/tree/sys-firmware/edk2-ovmf-bin/edk2-ovmf-bin-202202.ebuild > Resolves: https://bugs.gentoo.org/911786 > Signed-off-by: Michal Privoznik <mprivozn@redhat.com> > --- > src/security/virt-aa-helper.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c > index 402cbd9602..076b98a1d7 100644 > --- a/src/security/virt-aa-helper.c > +++ b/src/security/virt-aa-helper.c > @@ -475,6 +475,7 @@ valid_path(const char *path, const bool readonly) > "/initrd", > "/initrd.img", > "/usr/share/edk2/", > + "/usr/share/edk2-ovmf/", > "/usr/share/OVMF/", /* for OVMF images */ > "/usr/share/ovmf/", /* for OVMF images */ > "/usr/share/AAVMF/", /* for AAVMF images */ For consistency with existing entries, you could add a /* for OVMF images */ comment to the right. Either way, Reviewed-by: Andrea Bolognani <abologna@redhat.com> -- Andrea Bolognani / Red Hat / Virtualization
On 7/5/24 10:46, Andrea Bolognani wrote: > On Thu, Jul 04, 2024 at 01:13:36PM GMT, Michal Privoznik wrote: >> When binary version of edk2 is distributed, the files reside >> under /usr/share/edk2-ovmf as can be seen from Gentoo's ebuild >> [1]. Allow virt-aa-helper to generate paths under that dir. >> >> 1: https://gitweb.gentoo.org/repo/gentoo.git/tree/sys-firmware/edk2-ovmf-bin/edk2-ovmf-bin-202202.ebuild >> Resolves: https://bugs.gentoo.org/911786 >> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> >> --- >> src/security/virt-aa-helper.c | 1 + >> 1 file changed, 1 insertion(+) >> >> diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c >> index 402cbd9602..076b98a1d7 100644 >> --- a/src/security/virt-aa-helper.c >> +++ b/src/security/virt-aa-helper.c >> @@ -475,6 +475,7 @@ valid_path(const char *path, const bool readonly) >> "/initrd", >> "/initrd.img", >> "/usr/share/edk2/", >> + "/usr/share/edk2-ovmf/", >> "/usr/share/OVMF/", /* for OVMF images */ >> "/usr/share/ovmf/", /* for OVMF images */ >> "/usr/share/AAVMF/", /* for AAVMF images */ > > For consistency with existing entries, you could add a > > /* for OVMF images */ I thought that "-ovmf" suffix gave the clue, but apparently we don't trust developers in other entries too. /usr/share/OVMF is for OVMF images? /usr/share/AAVMF is for AAVMF images? Wow! I'll post a patch to fix this soon. > > comment to the right. Either way, > > Reviewed-by: Andrea Bolognani <abologna@redhat.com> > Thanks. Michal
© 2016 - 2026 Red Hat, Inc.