[Bug 2072524] [NEW] Allow non-owned lockfile writes in /var/lib/libvirt/swtpm/

Lena Voytek 2072524 at bugs.launchpad.net
Mon Jul 8 23:00:18 UTC 2024 

Public bug reported:

Based on the upstream comment here -
https://github.com/stefanberger/swtpm/issues/852#issuecomment-2156039973
- users are having issues with apparmor denials when attempting to use
TPM2 NVRAM state lockfiles. This is due to the file not being owned by
the swtpm user. The issue is fixed by allowing write access to non-owned
lock files in /var/lib/libvirt/swtpm/. This was fixed upstream in my pr
here - https://github.com/stefanberger/swtpm/pull/868

** Affects: swtpm (Ubuntu)
     Importance: Undecided
     Assignee: Lena Voytek (lvoytek)
         Status: In Progress

** Affects: swtpm (Ubuntu Jammy)
     Importance: Undecided
     Assignee: Lena Voytek (lvoytek)
         Status: New

** Affects: swtpm (Ubuntu Mantic)
     Importance: Undecided
     Assignee: Lena Voytek (lvoytek)
         Status: New

** Affects: swtpm (Ubuntu Noble)
     Importance: Undecided
     Assignee: Lena Voytek (lvoytek)
         Status: New

** Affects: swtpm (Ubuntu Oracular)
     Importance: Undecided
     Assignee: Lena Voytek (lvoytek)
         Status: In Progress

** Also affects: swtpm (Ubuntu Mantic)
   Importance: Undecided
       Status: New

** Also affects: swtpm (Ubuntu Noble)
   Importance: Undecided
       Status: New

** Also affects: swtpm (Ubuntu Oracular)
   Importance: Undecided
       Status: New

** Also affects: swtpm (Ubuntu Jammy)
   Importance: Undecided
       Status: New

** Changed in: swtpm (Ubuntu Jammy)
     Assignee: (unassigned) => Lena Voytek (lvoytek)

** Changed in: swtpm (Ubuntu Mantic)
     Assignee: (unassigned) => Lena Voytek (lvoytek)

** Changed in: swtpm (Ubuntu Noble)
     Assignee: (unassigned) => Lena Voytek (lvoytek)

** Changed in: swtpm (Ubuntu Oracular)
     Assignee: (unassigned) => Lena Voytek (lvoytek)

** Changed in: swtpm (Ubuntu Oracular)
       Status: New => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to swtpm in Ubuntu.
https://bugs.launchpad.net/bugs/2072524

Title:
  Allow non-owned lockfile writes in /var/lib/libvirt/swtpm/

Status in swtpm package in Ubuntu:
  In Progress
Status in swtpm source package in Jammy:
  New
Status in swtpm source package in Mantic:
  New
Status in swtpm source package in Noble:
  New
Status in swtpm source package in Oracular:
  In Progress

Bug description:
  Based on the upstream comment here -
  https://github.com/stefanberger/swtpm/issues/852#issuecomment-2156039973
  - users are having issues with apparmor denials when attempting to use
  TPM2 NVRAM state lockfiles. This is due to the file not being owned by
  the swtpm user. The issue is fixed by allowing write access to non-
  owned lock files in /var/lib/libvirt/swtpm/. This was fixed upstream
  in my pr here - https://github.com/stefanberger/swtpm/pull/868

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/swtpm/+bug/2072524/+subscriptions

More information about the foundations-bugs mailing list