TLS fails to work with Spice due to apparmor.d needing /etc/pki/libvirt-spice** r, adding manually
Hi after going through a common prcedure to create a self signed certificate, using the default directory, the VM log reports that it cannot load the certificates.
((null):2176): Spice-Warning **: reds.c:
((null):2176): Spice-Warning **: reds.c:
((null):2176): Spice-Warning **: reds.c:
TLS is enabled, and the path used is the default /etc/pki/
Key creation was as follows
openssl genrsa -des3 -out ca-key.pem 1024
openssl req -new -x509 -days 1095 -key ca-key.pem -out ca-cert.pem -utf8 -subj "/C=IL/
openssl genrsa -out server-key.pem 1024
openssl req -new -key server-key.pem -out server-key.csr -utf8 -subj "/C=IL/
openssl x509 -req -days 1095 -in server-key.csr -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem
openssl rsa -in server-key.pem -out server-
mv server-key.pem server-
mv server-
location permissions and file were set with libvirt-qemu as the owner.
The solution appears to be due to path access protection.
The path needs to be added in apparmor like it is pre-added for the /etc/pki/
I added the path /etc/pki/
As this is already added for /etc/pki/
I added this directly after the /etc/pki/
If possible the comments by me can really be deleted for clarity.
Ubuntu 12.10
qemu-kvm-spice:
Installed: 1.2.0-2012.
Candidate: 1.2.0-2012.
Version table:
*** 1.2.0-2012.
500 http://
100 /var/lib/
Question information
- Language:
- English Edit question
- Status:
- Solved
- Assignee:
- No assignee Edit question
- Solved by:
- neonkandi
- Solved:
- Last query:
- Last reply:
This question was originally filed as bug #1078052.