9:29 p.m.
Allows to load firmware in the qemu-efi-loongarch64 directory
Allows the binary qemu-system-loongarch64 to be run
This makes it impossible to run loongarch64 VMs when AppArmor is enabled
Signed-off-by: Xianglai Li <lixianglai(a)loongson.cn>
---
src/security/apparmor/libvirt-qemu.in | 1 +
src/security/virt-aa-helper.c | 1 +
2 files changed, 2 insertions(+)
diff --git a/src/security/apparmor/libvirt-qemu.in
b/src/security/apparmor/libvirt-qemu.in
index 694da26dea..c63077574e 100644
--- a/src/security/apparmor/libvirt-qemu.in
+++ b/src/security/apparmor/libvirt-qemu.in
@@ -144,6 +144,7 @@
/usr/bin/qemu-system-hppa rmix,
/usr/bin/qemu-system-i386 rmix,
/usr/bin/qemu-system-lm32 rmix,
+ /usr/bin/qemu-system-loongarch64 rmix,
/usr/bin/qemu-system-m68k rmix,
/usr/bin/qemu-system-microblaze rmix,
/usr/bin/qemu-system-microblazeel rmix,
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 1cf9d7ad3d..94a28bf331 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -481,6 +481,7 @@ valid_path(const char *path, const bool readonly)
"/usr/share/AAVMF/",
"/usr/share/qemu-efi/", /* for AAVMF images */
"/usr/share/qemu-efi-aarch64/",
+ "/usr/share/qemu-efi-loongarch64/",
"/usr/share/qemu-efi-riscv64/",
"/usr/share/qemu/", /* SUSE path for OVMF and AAVMF
images */
"/usr/lib/u-boot/",
--
2.39.1
9:29 p.m.
Allows to load firmware in the qemu-efi-loongarch64 directory
Allows the binary qemu-system-loongarch64 to be run
This makes it impossible to run loongarch64 VMs when AppArmor is enabled
Signed-off-by: Xianglai Li <lixianglai(a)loongson.cn>
---
src/security/apparmor/libvirt-qemu.in | 1 +
src/security/virt-aa-helper.c | 1 +
2 files changed, 2 insertions(+)
diff --git a/src/security/apparmor/libvirt-qemu.in
b/src/security/apparmor/libvirt-qemu.in
index 694da26dea..c63077574e 100644
--- a/src/security/apparmor/libvirt-qemu.in
+++ b/src/security/apparmor/libvirt-qemu.in
@@ -144,6 +144,7 @@
/usr/bin/qemu-system-hppa rmix,
/usr/bin/qemu-system-i386 rmix,
/usr/bin/qemu-system-lm32 rmix,
+ /usr/bin/qemu-system-loongarch64 rmix,
/usr/bin/qemu-system-m68k rmix,
/usr/bin/qemu-system-microblaze rmix,
/usr/bin/qemu-system-microblazeel rmix,
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 1cf9d7ad3d..94a28bf331 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -481,6 +481,7 @@ valid_path(const char *path, const bool readonly)
"/usr/share/AAVMF/",
"/usr/share/qemu-efi/", /* for AAVMF images */
"/usr/share/qemu-efi-aarch64/",
+ "/usr/share/qemu-efi-loongarch64/",
"/usr/share/qemu-efi-riscv64/",
"/usr/share/qemu/", /* SUSE path for OVMF and AAVMF
images */
"/usr/lib/u-boot/",
--
2.39.1
9:56 p.m.
On Tue, Dec 17, 2024 at 08:29:17PM +0800, Xianglai Li wrote:
apparmor: Allow running loongarch64 VMs on Debian 12
Nothing about this is specific to Debian 12. In fact, the
qemu-efi-loongarch64 package doesn't exist there at all. I'm also not
planning to backport this change.
s/impossible/possible/
With the commit message tweaked according to the above,
Reviewed-by: Andrea Bolognani <abologna(a)redhat.com>
and pushed.
--
Andrea Bolognani / Red Hat / Virtualization
11:52 a.m.
Hi Andrea Bolognani :
Thank you very much for merging this patch!:-)
Let me explain this qemu-efi-loongarch64 question:
On debian operating systems, loongarch UEFI bios is placed under
the /usr/share/qemu-efi-loongarch64 path.
And the loongarch64 UEFI bios package name is qemu-efi-loongarch64.
You can find it from the link below:
http://ftp.ports.debian.org/debian-ports/pool/main/e/edk2/
Software package naming and UEFI bios placement path are consistent with
other architectures.
Thanks!
Xianglai.
10:57 p.m.
On Mon, Jan 06, 2025 at 10:52:51AM +0800, lixianglai wrote:
I understand all this, and the changes are correct. I wouldn't have
merged the patch otherwise ;)
What I was pointing out is that in Debian *12* specifically there is
no qemu-efi-loongarch64 package yet: it was introduced later. So
claiming that this change will allow running loongarch64 VMs on
Debian *12* is not accurate, which is why I dropped that reference
from the commit message.
--
Andrea Bolognani / Red Hat / Virtualization
92
days inactive
112
days old
5 comments
3 participants
participants (3)
-
Andrea Bolognani -
lixianglai -
Xianglai Li