Hi Martin,
I'm currently trying to clean up bugs that were missed or got no update.
First I have to beg your pardon for missing it in the first place.

I have run spice sessions without that showing up, so I checked what that 
actually is about.
In general that directory is to plug configs for the gssapi - see some libvirt 
ref at [1].

This is enabled since ages, but I haven't heard of any issues. Which either 
means it works fine or no one is actually using it.
I'd assume your setup has a SASL/GSSAPI configured more than vnc/spice to 
trigger this.
If you'd have any details on this part of your setup for better reproducibility 
of the issue, that would be great.
In general sharing a guest xml could help so I can kind of bisect through it 
if/how to trigger it.

Alternatively it seems only be used when you use the non TLS socket.
Your bug report states only default networks as modified, but maybe this 
differs from the env this pops up. Could you could check if you have any 
changes made to either
/etc/sasl2/libvirt.conf or to listen_tls in /etc/libvirt/libvirtd.conf.


[1]: https://libvirt.org/auth.html#ACL_server_kerberos

** Changed in: libvirt (Ubuntu Xenial)
       Status: New => Incomplete

** Changed in: libvirt (Ubuntu)
       Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1696471

Title:
  AppArmor denies access to /etc/gss/mech.d/

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1696471/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to