]> git.ipfire.org Git - thirdparty/libvirt.git/commitdiff
projects / thirdparty / libvirt.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 78769b8)
apparmor, libvirt-qemu: Allow access to certificates used by libvirt-vnc
authorSerge Hallyn <serge.hallyn@ubuntu.com>
Tue, 23 May 2017 16:22:48 +0000 (18:22 +0200)
committerGuido Günther <agx@sigxcpu.org>
Fri, 16 Jun 2017 08:38:52 +0000 (10:38 +0200)
When setting up VncTLS according to the official Libvirt documentation,
only one certificate for libvirt/libvirt-vnc is used. The document
indicates to use the following directories :

 /etc/pki/CA
 /etc/pki/libvirt
 /etc/pki/libvirt/private

in order to manage the certificates used by libvirt-vnc.

Bug-Ubuntu: https://bugs.launchpad.net/bugs/901272

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
examples/apparmor/libvirt-qemu patch | blob | blame | history

diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu
index fddc93ab3ecdb781a6ae6f9dcd6c8c41bb6b14fa..f462d7428ca2ad08a09b19791d3da9b01f4f1636 100644 (file)
--- a/examples/apparmor/libvirt-qemu
+++ b/examples/apparmor/libvirt-qemu
@@ -142,6 +142,12 @@
   /usr/{lib,lib64}/qemu/block-curl.so mr,
   /usr/{lib,lib64}/qemu/block-rbd.so mr,
 
+  # for use by libvirt-vnc (LP: #901272)
+  /etc/pki/CA/ r,
+  /etc/pki/CA/* r,
+  /etc/pki/libvirt/ r,
+  /etc/pki/libvirt/** r,
+
   # for save and resume
   /{usr/,}bin/dash rmix,
   /{usr/,}bin/dd rmix,
Mirror of https://github.com/libvirt/libvirt.git