Package: libvirt / 5.6.0-2

Include-etc-pki-qemu-in-apparmor.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
From: Sam Hartman <hartmans@debian.org>
Date: Tue, 18 Jun 2019 09:02:09 -0400
Subject: Include /etc/pki/qemu in apparmor

We already permit /etc/pki/libvirt-{spice,vnc} to be read in the
apparmor profile.  However the default tls directory in qemu.conf that
we ship is /etc/pki/qemu.  So permit that as well.

Closes: #930100
---
 src/security/apparmor/libvirt-qemu | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/security/apparmor/libvirt-qemu b/src/security/apparmor/libvirt-qemu
index d33348a..95e8e98 100644
--- a/src/security/apparmor/libvirt-qemu
+++ b/src/security/apparmor/libvirt-qemu
@@ -94,6 +94,8 @@
   /etc/pki/CA/* r,
   /etc/pki/libvirt{,-spice,-vnc}/ r,
   /etc/pki/libvirt{,-spice,-vnc}/** r,
+  /etc/pki/qemu/ r,
+  /etc/pki/qemu/** r,
 
   # the various binaries
   /usr/bin/kvm rmix,