apparmor profile needs extension
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
swtpm (Ubuntu) |
Fix Released
|
Undecided
|
Lena Voytek |
Bug Description
Hi team,
I've tried to create a socket activated systemd service for supplying a software tpm for qemu. As it didn't worked I recognized that the swtpm package ships an apparmor profile. To make it work i've to add a read/write/lock permission for the tpm's nvram folder and a read/write permission for the tpm's unix socket used for the connection with qemu.
Since there is no default location for the tpm nvram (correct?) I suggest using "/var/lib/swtpm" which follows the /var/lib/<package> convention.
Since there is no default location for the tpm unix socket I suggest using "/run/swtpm/sock" which follows the systemd.socket unit conventions
A patch which adds the settings is attached to this message.
Greetings,
André
Related branches
- Christian Ehrhardt (community): Approve
- Canonical Server Core Reviewers: Pending requested
- Canonical Server: Pending requested
-
Diff: 38 lines (+16/-1)2 files modifieddebian/changelog (+8/-0)
debian/usr.bin.swtpm (+8/-1)
The attachment "add_socket_ and_nvram. diff" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.
[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]