On Wed, 2017-12-20 at 12:41 +0100, Christian Ehrhardt wrote: > Adding the PKI path that is used as default suggestion in > src/qemu/qemu.conf > If people use non-default paths they should use local overrides but > the > suggested defaults we should open up. > > This is the default path as referenced by src/qemu/qemu.conf in > libvirt. > > While doing so merge the several places we have to cover PKI access > into > one. > > Bug-Ubuntu: https://bugs.launchpad.net/bugs/1690140 > > Signed-off-by: Christian Ehrhardt <christian.ehrhardt@xxxxxxxxxxxxx> > --- > examples/apparmor/libvirt-qemu | 13 +++++-------- > 1 file changed, 5 insertions(+), 8 deletions(-) > > diff --git a/examples/apparmor/libvirt-qemu > b/examples/apparmor/libvirt-qemu > index fa2b753..f206f6c 100644 > --- a/examples/apparmor/libvirt-qemu > +++ b/examples/apparmor/libvirt-qemu > @@ -88,8 +88,11 @@ > /usr/share/qemu-efi/** r, > /usr/share/slof/** r, > > - # access PKI infrastructure > - /etc/pki/libvirt-vnc/** r, > + # pki for libvirt-vnc and libvirt-spice (LP: #901272, #1690140) > + /etc/pki/CA/ r, > + /etc/pki/CA/* r, > + /etc/pki/libvirt{,-spice,-vnc}/ r, > + /etc/pki/libvirt{,-spice,-vnc}/** r, > > # the various binaries > /usr/bin/kvm rmix, > @@ -156,12 +159,6 @@ > /usr/{lib,lib64}/qemu/*.so mr, > /usr/lib/@{multiarch}/qemu/*.so mr, > > - # for use by libvirt-vnc (LP: #901272) > - /etc/pki/CA/ r, > - /etc/pki/CA/* r, > - /etc/pki/libvirt/ r, > - /etc/pki/libvirt/** r, > - > # for save and resume > /{usr/,}bin/dash rmix, > /{usr/,}bin/dd rmix, +1 to apply. Thanks for the patch and intrigeri for the feedback. -- Jamie Strandboge | http://www.canonical.com
Attachment:
signature.asc
Description: This is a digitally signed message part
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
