[libvirt PATCH] apparmor: Enable locking AAVMF firmware
We already allow this for OVMF.
Closes: https://gitlab.com/libvirt/libvirt/-/issues/312
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
src/security/apparmor/libvirt-qemu | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/security/apparmor/libvirt-qemu b/src/security/apparmor/libvirt-qemu
index c29168da27..02ee273e7e 100644
--- a/src/security/apparmor/libvirt-qemu
+++ b/src/security/apparmor/libvirt-qemu
@@ -78,7 +78,7 @@
/var/lib/dbus/machine-id r,
# access to firmware's etc
- /usr/share/AAVMF/** r,
+ /usr/share/AAVMF/** rk,
/usr/share/bochs/** r,
/usr/share/edk2-ovmf/** rk,
/usr/share/kvm/** r,
--
2.35.3