apparmor prevents libvirt-vnc certificate from being read
Bug #484562 reported by
Bryan McLellan
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libvirt (Ubuntu) |
Fix Released
|
Medium
|
Jamie Strandboge | ||
Karmic |
Won't Fix
|
Medium
|
Unassigned | ||
Lucid |
Fix Released
|
Medium
|
Jamie Strandboge |
Bug Description
libvirt + kvm need to be able to read the certificates when using TLS to connect to VNC.
Nov 17 17:08:09 lasvirt01 kernel: [69476.008895] type=1503 audit(125850648
libvirt 0.7.0-1ubuntu13.1
kvm 1:84+dfsg-
apparmor 2.3.1+1403-
Add "/etc/pki/
Related branches
tags: | added: apparmor |
Changed in libvirt (Ubuntu): | |
assignee: | nobody → Jamie Strandboge (jdstrand) |
importance: | Undecided → Low |
milestone: | none → karmic-updates |
status: | New → Triaged |
Changed in libvirt (Ubuntu Karmic): | |
assignee: | nobody → Jamie Strandboge (jdstrand) |
importance: | Undecided → Medium |
milestone: | none → karmic-updates |
status: | New → Triaged |
Changed in libvirt (Ubuntu Lucid): | |
milestone: | karmic-updates → none |
importance: | Low → Medium |
Changed in libvirt (Ubuntu Lucid): | |
status: | Triaged → In Progress |
To post a comment you must log in.
This bug was fixed in the package libvirt - 0.7.2-4ubuntu1
---------------
libvirt (0.7.2-4ubuntu1) lucid; urgency=low
* Merge from debian testing. Remaining changes: libvirt- bin.postrm: rename the libvirt group to libvirtd CHECK_TARGET := check patches/ 900[0-7] : updated/refreshed for new paths in 0.7.2 patches/ series: don't apply 0002-qemu- disable- network. diff.patch libvirt- bin.dirs: add /etc/apparmor. d/abstractions,
/etc/apparmor. d/force- complain, /etc/apparmor. d/libvirt,
/etc/cron. daily and /usr/share/ apport/ package- hooks libvirt- bin.cron. daily (LP: #438165) libvirt- bin.apport libvirt- bin.install: install apparmor profiles, abstractions libvirt- bin.postrm: remove apparmor symlinks on purge libvirt- bin.preinst: added to force complain on certain README. Debian: add AppArmor section based on the upstream
documentation logfile- fd-after- spawning- qemu.patch nonfile- labels. patch autoreconf. patch apparmor/ usr.sbin. libvirtd: allow libvirtd access to usr/lib/ libvirt/ * (LP: #480478) apparmor/ libvirt- qemu: allow guests access to etc/pki/ libvirt- vnc/** (LP: #484562) libvirt- bin.postinst: 0.7.2 moved /usr/bin/ virt-aa- helper to usr/lib/ libvirt, so the profile changed from usr.bin. virt-aa- helper libvirt. virt-aa- helper and needs to be migrated. If the user libvirt. virt-aa- helper patches/ 9008-apparmor- caps-mockup. patch patches/ 9009-apparmor- lp453335. patch patches/ 9010-apparmor- lp460271. patch patches/ 9011-apparmor- code-cleanups. patch
- debian/control:
+ Don't build-depend on QEmu
+ Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables
to Depends of libvirt-bin
+ Recommends qemu-kvm (>= 0.11.0-0ubuntu6)
+ Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg,
since we used to ship them as such
+ We call libxen-dev libxen3-dev, so change all references
+ Build-Depends on libxml2-utils
+ Build-Depends on open-iscsi-utils instead of open-iscsi due to
LP: #414986
- debian/postinst:
+ rename the libvirt group to libvirtd
+ add each admin user to the libvirtd group
- debian/
- debian/rules: add DEB_MAKE_
- debian/
- debian/
- AppArmor integration:
+ debian/control: Build-Depends on libapparmor-dev and Suggests
apparmor (>= 2.3+1289-0ubuntu14)
+ debian/
+ add debian/
+ add debian/
+ debian/
and apport hook
+ debian/postinst: reload apparmor profiles
+ debian/
+ debian/
upgrades
+ debian/
+ debian/rules: use --with-apparmor and copy apparmor and apport hook to
debian/tmp
- Dropped the following patches now included upstream:
+ 0005-Close-
+ 9090-reenable-
+ 9091-apparmor.patch
+ 9092-apparmor-
* AppArmor integration updates:
- debian/
/
- debian/
/
- debian/
/
to usr.lib.
made no changes to the old profile, remove it, otherwise, update the
paths, preserving the shipped usr.lib.
- update to 0.7.4 version of the sVirt AppArmor driver (can be dropped in
0.7.4):
+ debian/
+ debian/
+ debian/
+ debian/
- add virt-aa-helper-test and examples/appar...