Ubuntu
libvirt package

Merge ~paelzer/ubuntu/+source/libvirt:lp-1989078-AAVMF-locking-JAMMY into ubuntu/+source/libvirt:ubuntu/jammy-devel

  1. Git
  2. lp:~paelzer/ubuntu/+source/libvirt
  3. lp-1989078-AAVMF-locking-JAMMY
  4. Merge into ubuntu/jammy-devel
Proposed by Christian Ehrhardt 
Status: Merged
Approved by: git-ubuntu bot
Approved revision: not available
Merged at revision: 387513b19e515904620b35dcdb82cd6fdac0df1e
Proposed branch: ~paelzer/ubuntu/+source/libvirt:lp-1989078-AAVMF-locking-JAMMY
Merge into: ubuntu/+source/libvirt:ubuntu/jammy-devel
Diff against target: 65 lines (+43/-0)
3 files modified
debian/changelog (+7/-0)
debian/patches/series (+1/-0)
debian/patches/ubuntu/lp-1989078-apparmor-Allow-locking-AAVMF-firmware.patch (+35/-0)
Reviewer Review Type Date Requested Status
git-ubuntu bot Approve
Paride Legovini (community) Approve
Canonical Server Reporter Pending
Review via email: mp+429630@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

PPA: https://launchpad.net/~paelzer/+archive/ubuntu/lp-1989078-aavmf-locking

Revision history for this message
Paride Legovini (paride) wrote :

Patch OK (clean upstream cherry-pick of what we already have in Kinetic), dep-3 headers OK, d/changelog entry OK. The patch fully complies with the SRU plan for LP: #1989078.

+1 modulo PPA build, which didn't finish yet.

review: Approve
Revision history for this message
git-ubuntu bot (git-ubuntu-bot) wrote :

Approvers: paelzer, paride
Uploaders: paelzer, paride
MP auto-approved

review: Approve
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Build is happy as well.

Test on canonistack as well.

Uploading ...

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/changelog b/debian/changelog
index b568750..a06a29b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
1libvirt (8.0.0-1ubuntu7.2) jammy; urgency=medium
2
3 * d/p/u/lp-1989078-apparmor-Allow-locking-AAVMF-firmware.patch: allow arm64
4 to lock its OVMF resources (LP: #1989078)
5
6 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 08 Sep 2022 12:00:39 +0200
7
1libvirt (8.0.0-1ubuntu7.1) jammy; urgency=medium8libvirt (8.0.0-1ubuntu7.1) jammy; urgency=medium
29
3 * d/p/u/lp-1972075-Allow-VM-to-read-sysfs-PCI-config-revision-files.patch:10 * d/p/u/lp-1972075-Allow-VM-to-read-sysfs-PCI-config-revision-files.patch:
diff --git a/debian/patches/series b/debian/patches/series
index 722d026..36f7453 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -33,3 +33,4 @@ ubuntu-aa/lp-1815910-allow-vhost-hotplug.patch
33ubuntu/swtpm-by-swtpm-user.patch33ubuntu/swtpm-by-swtpm-user.patch
34ubuntu-aa/0035-apparmor-separate-swtpm-rules.patch34ubuntu-aa/0035-apparmor-separate-swtpm-rules.patch
35ubuntu/lp-1972075-Allow-VM-to-read-sysfs-PCI-config-revision-files.patch35ubuntu/lp-1972075-Allow-VM-to-read-sysfs-PCI-config-revision-files.patch
36ubuntu/lp-1989078-apparmor-Allow-locking-AAVMF-firmware.patch
diff --git a/debian/patches/ubuntu/lp-1989078-apparmor-Allow-locking-AAVMF-firmware.patch b/debian/patches/ubuntu/lp-1989078-apparmor-Allow-locking-AAVMF-firmware.patch
36new file mode 10064437new file mode 100644
index 0000000..b5da0cb
--- /dev/null
+++ b/debian/patches/ubuntu/lp-1989078-apparmor-Allow-locking-AAVMF-firmware.patch
@@ -0,0 +1,35 @@
1From 2b98d5d91d95087d8a96d6450fa96414ed05ba5c Mon Sep 17 00:00:00 2001
2From: Andrea Bolognani <abologna@redhat.com>
3Date: Mon, 23 May 2022 10:31:02 +0200
4Subject: [PATCH] apparmor: Allow locking AAVMF firmware
5
6We already allow this for OVMF.
7
8Closes: https://gitlab.com/libvirt/libvirt/-/issues/312
9Signed-off-by: Andrea Bolognani <abologna@redhat.com>
10Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
11
12Origin: upstream, https://gitlab.com/libvirt/libvirt/-/commit/2b98d5d91
13Bug-Ubuntu: https://bugs.launchpad.net/bugs/1989078
14Last-Update: 2022-09-08
15
16---
17 src/security/apparmor/libvirt-qemu | 2 +-
18 1 file changed, 1 insertion(+), 1 deletion(-)
19
20diff --git a/src/security/apparmor/libvirt-qemu b/src/security/apparmor/libvirt-qemu
21index c29168da27..02ee273e7e 100644
22--- a/src/security/apparmor/libvirt-qemu
23+++ b/src/security/apparmor/libvirt-qemu
24@@ -78,7 +78,7 @@
25 /var/lib/dbus/machine-id r,
26
27 # access to firmware's etc
28- /usr/share/AAVMF/** r,
29+ /usr/share/AAVMF/** rk,
30 /usr/share/bochs/** r,
31 /usr/share/edk2-ovmf/** rk,
32 /usr/share/kvm/** r,
33--
342.37.3
35

Subscribers

People subscribed via source and target branches