[Pkg-libvirt-maintainers] Bug#930100: after upgrade to buster, qemu cannot read default spice certs
Guido Günther
agx at sigxcpu.org
Tue Jun 18 13:40:23 BST 2019
Hi,
On Thu, Jun 06, 2019 at 05:31:51PM -0400, Sam Hartman wrote:
> package: libvirt-daemon-system
> severity: important
> version: 5.0.0-3
>
> Upgrading stretch to buster.
> After the upgrade, libvirt could not read /etc/pki/qemu/server-cert.pem
> and server-key.pem.
>
> This is because of the apparmor profile.
>
> I think that's the default place where you're supposed to put spice and
> vnc certs if you're using tls.
>
> Please include /etc/pki/qemu and /etc/pki/libvirt-spice (the old
> location) as directories that qemu run by libvirt is permitted to read.
I'm happy to apply a (tested) patch (lacking bandwidth for anything
else) and I'll do an upload before the buster deadline.
Cheers,
-- Guido
More information about the Pkg-libvirt-maintainers
mailing list