Comment 3 for bug 1994030

On my system, pidfiles in /run/libvirt/qemu/swtpm/ are apparently created/owned by root, so the "owner /run/libvirt/qemu/swtpm/*.pid rwk," line in /etc/apparmor.d/usr.bin.swtpm doesn't grant swtpm access.

Workaround:

Add "/run/libvirt/qemu/swtpm/*.pid rwk," to the local override config in /etc/apparmor.d/local/usr.bin.swtpm, and then `sudo systemctl reload apparmor.service`.