security: apparmor: Allow RO /usr/share/edk2/

On Fedora, already whitelisted paths to AAVMF and OVMF binaries are symlinks to binaries under /usr/share/edk2/. Add that directory to the RO whitelist so virt-aa-helper-test passes Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Cole Robinson <crobinso@redhat.com>
2024-07-31 05:57:16 +00:00 · 2019-10-09 14:21:24 -04:00 · 2019-10-09 14:21:24 -04:00 · 4dfc4d525e
commit 4dfc4d525e
parent 4d95f557d6
1 changed files with 1 additions and 0 deletions
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@ -505,6 +505,7 @@ valid_path(const char *path, const bool readonly)
        "/vmlinuz",
        "/initrd",
        "/initrd.img",
+        "/usr/share/edk2/",
        "/usr/share/OVMF/",              /* for OVMF images */
        "/usr/share/ovmf/",              /* for OVMF images */
        "/usr/share/AAVMF/",             /* for AAVMF images */