[Bug 1950631] Re: [FFe] wrap swtpm in an apparmor profile
Christian Ehrhardt
1950631 at bugs.launchpad.net
Mon Mar 7 13:25:33 UTC 2022
** Tags removed: server-next
** Tags added: server-todo
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to swtpm in Ubuntu.
https://bugs.launchpad.net/bugs/1950631
Title:
[FFe] wrap swtpm in an apparmor profile
Status in libvirt package in Ubuntu:
In Progress
Status in swtpm package in Ubuntu:
In Progress
Bug description:
Please accept the swtpm apparmor profile as a Jammy FFe.
[Rationale]
We would like to MIR swtpm in the near future, and adding in the
apparmor profile is needed for this to happen for security.
[Regression Potential]
If the apparmor profile is missing certain exceptions then some users
may encounter permission denied errors with their setup.
If users encounter errors with this, it will be limited to the
packages built with src:swtpm as the packages have no reverse
dependencies in the archive.
swtpm is not seeded.
[Tests]
[Original Description]
This is a spin off from MIR bug 1948748 for swtpm.
As we can see in bug 1859506 it currently seems to run in guest-
context which is good as that is already rather reduced and safer than
e.g. the libvirt daemon.
But still we should evaluate adding a further reduced profile just for
swtpm and have it transition there.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1950631/+subscriptions
More information about the foundations-bugs
mailing list