Based on the upstream discussion here - https://github.com/stefanberger/swtpm/discussions/866 - swtpm should be allowed to run under root by default. This is fixed by adding capability sys_admin to the apparmor profile.
Based on the upstream discussion here - https:/ /github. com/stefanberge r/swtpm/ discussions/ 866 - swtpm should be allowed to run under root by default. This is fixed by adding capability sys_admin to the apparmor profile.