File: Include-etc-pki-qemu-in-apparmor.patch

package info (click to toggle)
libvirt 5.0.0-4%2Bdeb10u1
  • links: PTS, VCS
  • area: main
  • in suites: buster
  • size: 251,264 kB
  • sloc: ansic: 573,843; xml: 168,347; sh: 9,976; python: 4,883; perl: 3,953; makefile: 3,323; ml: 465
file content (26 lines) | stat: -rw-r--r-- 814 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
From: Sam Hartman <hartmans@debian.org>
Date: Tue, 18 Jun 2019 09:02:09 -0400
Subject: Include /etc/pki/qemu in apparmor

We already permit /etc/pki/libvirt-{spice,vnc} to be read in the
apparmor profile.  However the default tls directory in qemu.conf that
we ship is /etc/pki/qemu.  So permit that as well.

Closes: #930100
---
 src/security/apparmor/libvirt-qemu | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/security/apparmor/libvirt-qemu b/src/security/apparmor/libvirt-qemu
index eaa5167..0659cda 100644
--- a/src/security/apparmor/libvirt-qemu
+++ b/src/security/apparmor/libvirt-qemu
@@ -93,6 +93,8 @@
   /etc/pki/CA/* r,
   /etc/pki/libvirt{,-spice,-vnc}/ r,
   /etc/pki/libvirt{,-spice,-vnc}/** r,
+  /etc/pki/qemu/ r,
+  /etc/pki/qemu/** r,
 
   # the various binaries
   /usr/bin/kvm rmix,