External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-02-22 03:12:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

apparmor: allow default pki path

Browse Source 
/etc/pki/qemu is a pki path recommended by qemu tls docs [1]
and one that can cause issues with spice connections when missing.

Add the path to the allowed list of pki paths to fix the issue.

Note: this is active in Debian/Ubuntu [1] for quite a while already.

[1]: https://www.qemu.org/docs/master/system/tls.html
[2]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930100

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Acked-by: Jamie Strandboge <jamie@canonical.com>
This commit is contained in:
Sam Hartman 2020-08-03 12:08:41 +02:00 committed by Christian Ehrhardt
parent b94cde18ff
commit 155d4fe3fa
No known key found for this signature in database
GPG Key ID: BA3E29338280B242
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/security/apparmor/libvirt-qemu
View File

@ -94,6 +94,8 @@
/etc/pki/CA/* r,
/etc/pki/libvirt{,-spice,-vnc}/ r,
/etc/pki/libvirt{,-spice,-vnc}/** r,
/etc/pki/qemu/ r,
/etc/pki/qemu/** r,
# the various binaries
/usr/bin/kvm rmix,