Merge ~paelzer/ubuntu/+source/libvirt:lp-1989078-AAVMF-locking-JAMMY into ubuntu/+source/libvirt:ubuntu/jammy-devel

Proposed by Christian Ehrhardt 
Status: Merged
Approved by: git-ubuntu bot
Approved revision: not available
Merged at revision: 387513b19e515904620b35dcdb82cd6fdac0df1e
Proposed branch: ~paelzer/ubuntu/+source/libvirt:lp-1989078-AAVMF-locking-JAMMY
Merge into: ubuntu/+source/libvirt:ubuntu/jammy-devel
Diff against target: 65 lines (+43/-0)
3 files modified
debian/changelog (+7/-0)
debian/patches/series (+1/-0)
debian/patches/ubuntu/lp-1989078-apparmor-Allow-locking-AAVMF-firmware.patch (+35/-0)
Reviewer Review Type Date Requested Status
git-ubuntu bot Approve
Paride Legovini (community) Approve
Canonical Server Reporter Pending
Review via email: mp+429630@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :
Revision history for this message
Paride Legovini (paride) wrote :

Patch OK (clean upstream cherry-pick of what we already have in Kinetic), dep-3 headers OK, d/changelog entry OK. The patch fully complies with the SRU plan for LP: #1989078.

+1 modulo PPA build, which didn't finish yet.

review: Approve
Revision history for this message
git-ubuntu bot (git-ubuntu-bot) wrote :

Approvers: paelzer, paride
Uploaders: paelzer, paride
MP auto-approved

review: Approve
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Build is happy as well.

Test on canonistack as well.

Uploading ...

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index b568750..a06a29b 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,10 @@
6+libvirt (8.0.0-1ubuntu7.2) jammy; urgency=medium
7+
8+ * d/p/u/lp-1989078-apparmor-Allow-locking-AAVMF-firmware.patch: allow arm64
9+ to lock its OVMF resources (LP: #1989078)
10+
11+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 08 Sep 2022 12:00:39 +0200
12+
13 libvirt (8.0.0-1ubuntu7.1) jammy; urgency=medium
14
15 * d/p/u/lp-1972075-Allow-VM-to-read-sysfs-PCI-config-revision-files.patch:
16diff --git a/debian/patches/series b/debian/patches/series
17index 722d026..36f7453 100644
18--- a/debian/patches/series
19+++ b/debian/patches/series
20@@ -33,3 +33,4 @@ ubuntu-aa/lp-1815910-allow-vhost-hotplug.patch
21 ubuntu/swtpm-by-swtpm-user.patch
22 ubuntu-aa/0035-apparmor-separate-swtpm-rules.patch
23 ubuntu/lp-1972075-Allow-VM-to-read-sysfs-PCI-config-revision-files.patch
24+ubuntu/lp-1989078-apparmor-Allow-locking-AAVMF-firmware.patch
25diff --git a/debian/patches/ubuntu/lp-1989078-apparmor-Allow-locking-AAVMF-firmware.patch b/debian/patches/ubuntu/lp-1989078-apparmor-Allow-locking-AAVMF-firmware.patch
26new file mode 100644
27index 0000000..b5da0cb
28--- /dev/null
29+++ b/debian/patches/ubuntu/lp-1989078-apparmor-Allow-locking-AAVMF-firmware.patch
30@@ -0,0 +1,35 @@
31+From 2b98d5d91d95087d8a96d6450fa96414ed05ba5c Mon Sep 17 00:00:00 2001
32+From: Andrea Bolognani <abologna@redhat.com>
33+Date: Mon, 23 May 2022 10:31:02 +0200
34+Subject: [PATCH] apparmor: Allow locking AAVMF firmware
35+
36+We already allow this for OVMF.
37+
38+Closes: https://gitlab.com/libvirt/libvirt/-/issues/312
39+Signed-off-by: Andrea Bolognani <abologna@redhat.com>
40+Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
41+
42+Origin: upstream, https://gitlab.com/libvirt/libvirt/-/commit/2b98d5d91
43+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1989078
44+Last-Update: 2022-09-08
45+
46+---
47+ src/security/apparmor/libvirt-qemu | 2 +-
48+ 1 file changed, 1 insertion(+), 1 deletion(-)
49+
50+diff --git a/src/security/apparmor/libvirt-qemu b/src/security/apparmor/libvirt-qemu
51+index c29168da27..02ee273e7e 100644
52+--- a/src/security/apparmor/libvirt-qemu
53++++ b/src/security/apparmor/libvirt-qemu
54+@@ -78,7 +78,7 @@
55+ /var/lib/dbus/machine-id r,
56+
57+ # access to firmware's etc
58+- /usr/share/AAVMF/** r,
59++ /usr/share/AAVMF/** rk,
60+ /usr/share/bochs/** r,
61+ /usr/share/edk2-ovmf/** rk,
62+ /usr/share/kvm/** r,
63+--
64+2.37.3
65+

Subscribers

People subscribed via source and target branches