apparmor: Allow running i686 VMs on Debian 12

In Debian 12, the qemu-system-i386 binary in /usr/bin is a wrapper script, with the actual executable living in /usr/libexec instead. This makes it impossible to run i686 VMs when AppArmor is enabled. Allow running the actual binary. https://bugs.debian.org/1030926 Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Jim Fehlig <jfehlig@suse.com>
2025-02-22 11:22:23 +00:00 · 2024-10-15 11:50:36 +02:00 · 2024-10-15 11:50:36 +02:00 · 81493d8eb6
commit 81493d8eb6
parent e996536a3b
1 changed files with 3 additions and 0 deletions
--- a/src/security/apparmor/libvirt-qemu.in
+++ b/src/security/apparmor/libvirt-qemu.in
@ -172,6 +172,9 @@
  /usr/bin/qemu-system-xtensaeb rmix,
  /usr/bin/qemu-unicore32 rmix,
  /usr/bin/qemu-x86_64 rmix,
+  # Debian 12 has a wrapper script in /usr/bin while the actual
+  # binary lives in /usr/libexec (Debian: #1030926)
+  /usr/libexec/qemu-system-i386 rmix,
  # for Debian/Ubuntu qemu-block-extra / RPMs qemu-block-* (LP: #1554761)
  /usr/{lib,lib64}/qemu/*.so mr,
  /usr/lib/@{multiarch}/qemu/*.so mr,