lxd/apparmor: Respect LXD_OVMF_PATH

Closes #8722 Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
lxc · May 5, 2021 · 124b510 · 124b510
1 parent 6035cd3
commit 124b510
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/lxd/apparmor/instance.go b/lxd/apparmor/instance.go
@@ -175,6 +175,11 @@ func instanceProfile(state *state.State, inst instance) (string, error) {
 			}
 		}
 
+		ovmfPath := "/usr/share/OVMF"
+		if os.Getenv("LXD_OVMF_PATH") != "" {
+			ovmfPath = os.Getenv("LXD_OVMF_PATH")
+		}
+
 		err = qemuProfileTpl.Execute(sb, map[string]interface{}{
 			"devPaths":    devPaths,
 			"exePath":     util.GetExecPath(),
@@ -185,6 +190,7 @@ func instanceProfile(state *state.State, inst instance) (string, error) {
 			"raw":         rawContent,
 			"rootPath":    rootPath,
 			"snap":        shared.InSnap(),
+			"ovmfPath":    ovmfPath,
 		})
 		if err != nil {
 			return "", err

diff --git a/lxd/apparmor/instance_qemu.go b/lxd/apparmor/instance_qemu.go
@@ -36,7 +36,7 @@ profile "{{ .name }}" flags=(attach_disconnected,mediate_deleted) {
   /sys/devices/**                           r,
   /sys/module/vhost/**                      r,
   /{,usr/}bin/qemu*                         mrix,
-  /usr/share/OVMF/OVMF_CODE.fd              kr,
+  {{ .ovmfPath }}/OVMF_CODE.fd              kr,
   /usr/share/qemu/**                        kr,
   /usr/share/seabios/**                     kr,
   owner @{PROC}/@{pid}/task/@{tid}/comm     rw,