control: tags -1 patch here you go. Rebuilt packages and tested on one of our vm servers.
From 76321001651a1c9a3425b38f231373bb6b31b922 Mon Sep 17 00:00:00 2001
From: Sam Hartman <hartm...@debian.org>
Date: Tue, 18 Jun 2019 09:02:09 -0400
Subject: [PATCH] Include /etc/pki/qemu in apparmor
We already permit /etc/pki/libvirt-{spice,vnc} to be read in the
apparmor profile. However the default tls directory in qemu.conf that
we ship is /etc/pki/qemu. So permit that as well.
---
src/security/apparmor/libvirt-qemu | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/security/apparmor/libvirt-qemu b/src/security/apparmor/libvirt-qemu
index eaa5167..0659cda 100644
--- a/src/security/apparmor/libvirt-qemu
+++ b/src/security/apparmor/libvirt-qemu
@@ -93,6 +93,8 @@
/etc/pki/CA/* r,
/etc/pki/libvirt{,-spice,-vnc}/ r,
/etc/pki/libvirt{,-spice,-vnc}/** r,
+ /etc/pki/qemu/ r,
+ /etc/pki/qemu/** r,
# the various binaries
/usr/bin/kvm rmix,
--
2.20.1
signature.asc
Description: PGP signature
