virt-aa-helper: Allow RO access to /usr/share/edk2-ovmf

When binary version of edk2 is distributed, the files reside
under /usr/share/edk2-ovmf as can be seen from Gentoo's ebuild
[1]. Allow virt-aa-helper to generate paths under that dir.

1: https://gitweb.gentoo.org/repo/gentoo.git/tree/sys-firmware/edk2-ovmf-bin/edk2-ovmf-bin-202202.ebuild
Resolves: https://bugs.gentoo.org/911786
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>

diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 402cbd960245258ab218e65f6b1a0bd873414ddc..a3f85d26b08bccc42affe91b86818b377ba351e4 100644 (file)
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -475,6 +475,7 @@ valid_path(const char *path, const bool readonly)
         "/initrd",
         "/initrd.img",
         "/usr/share/edk2/",
+        "/usr/share/edk2-ovmf/",             /* for OVMF images */
         "/usr/share/OVMF/",                  /* for OVMF images */
         "/usr/share/ovmf/",                  /* for OVMF images */
         "/usr/share/AAVMF/",                 /* for AAVMF images */