Package: lxd / 5.0.2+git20231211.1364ae4-9

005-fix-qemu-apparmor.patch Patch series | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
 
From: Mathias Gibbens <gibmat@debian.org>
Description: Fix apparmor profile generation for QEMU instances (copied from Incus)
Forwarded: no (this patch is licensed as Apache-2.0 and I haven't signed Canonical's CLA)
diff --git a/lxd/apparmor/instance_qemu.go b/lxd/apparmor/instance_qemu.go
index 8f483a0b8..a52986e67 100644
--- a/lxd/apparmor/instance_qemu.go
+++ b/lxd/apparmor/instance_qemu.go
@@ -37,8 +37,7 @@ profile "{{ .name }}" flags=(attach_disconnected,mediate_deleted) {
   /sys/devices/**                           r,
   /sys/module/vhost/**                      r,
   /{,usr/}bin/qemu*                         mrix,
-  {{ .ovmfPath }}/OVMF_CODE.fd              kr,
-  {{ .ovmfPath }}/OVMF_CODE.*.fd            kr,
+  {{ .ovmfPath }}/**                        kr,
   /usr/share/qemu/**                        kr,
   /usr/share/seabios/**                     kr,
   owner @{PROC}/@{pid}/cpuset               r,