On Mon, 03 Aug 2020, Christian Ehrhardt wrote:
> From: Sam Hartman
>
> /etc/pki/qemu is a pki path recommended by qemu tls docs [1]
> and one that can cause issues with spice connections when missing.
>
> Add the path to the allowed list of pki paths to fix the issue.
>
> Note: this is active in Debian/Ubuntu [1] for quite a while already.
>
> [1]: https://www.qemu.org/docs/master/system/tls.html
> [2]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930100
>
> Signed-off-by: Christian Ehrhardt
> ---
> src/security/apparmor/libvirt-qemu | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/src/security/apparmor/libvirt-qemu
> b/src/security/apparmor/libvirt-qemu
> index 1a4b226612..2d08d6f7ad 100644
> --- a/src/security/apparmor/libvirt-qemu
> +++ b/src/security/apparmor/libvirt-qemu
> @@ -94,6 +94,8 @@
>/etc/pki/CA/* r,
>/etc/pki/libvirt{,-spice,-vnc}/ r,
>/etc/pki/libvirt{,-spice,-vnc}/** r,
> + /etc/pki/qemu/ r,
> + /etc/pki/qemu/** r,
+1 to apply
--
Jamie Strandboge | http://www.canonical.com