On Mon, 03 Aug 2020, Christian Ehrhardt wrote: > From: Sam Hartman <hartmans@xxxxxxxxxx> > > /etc/pki/qemu is a pki path recommended by qemu tls docs [1] > and one that can cause issues with spice connections when missing. > > Add the path to the allowed list of pki paths to fix the issue. > > Note: this is active in Debian/Ubuntu [1] for quite a while already. > > [1]: https://www.qemu.org/docs/master/system/tls.html > [2]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930100 > > Signed-off-by: Christian Ehrhardt <christian.ehrhardt@xxxxxxxxxxxxx> > --- > src/security/apparmor/libvirt-qemu | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/src/security/apparmor/libvirt-qemu b/src/security/apparmor/libvirt-qemu > index 1a4b226612..2d08d6f7ad 100644 > --- a/src/security/apparmor/libvirt-qemu > +++ b/src/security/apparmor/libvirt-qemu > @@ -94,6 +94,8 @@ > /etc/pki/CA/* r, > /etc/pki/libvirt{,-spice,-vnc}/ r, > /etc/pki/libvirt{,-spice,-vnc}/** r, > + /etc/pki/qemu/ r, > + /etc/pki/qemu/** r, +1 to apply -- Jamie Strandboge | http://www.canonical.com
