[Bug 2072524] Re: Allow non-owned lockfile writes in /var/lib/libvirt/swtpm/
Launchpad Bug Tracker
2072524 at bugs.launchpad.net
Tue Jul 9 17:56:30 UTC 2024
This bug was fixed in the package swtpm - 0.7.3-0ubuntu7
---------------
swtpm (0.7.3-0ubuntu7) oracular; urgency=medium
* d/usr.bin.swtpm:
- Add sys_admin capability to apparmor profile to allow access to kernel
modules such as tpm_vtpm_proxy (LP: #2071478)
- Allow non-owned lockfile write access in /var/lib/libvirt/swtpm/ to fix
apparmor denials when working with TPM2 locks (LP: #2072524)
-- Lena Voytek <lena.voytek at canonical.com> Tue, 09 Jul 2024 06:06:00
-0700
** Changed in: swtpm (Ubuntu Oracular)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to swtpm in Ubuntu.
https://bugs.launchpad.net/bugs/2072524
Title:
Allow non-owned lockfile writes in /var/lib/libvirt/swtpm/
Status in swtpm package in Ubuntu:
Fix Released
Status in swtpm source package in Jammy:
In Progress
Status in swtpm source package in Mantic:
In Progress
Status in swtpm source package in Noble:
In Progress
Status in swtpm source package in Oracular:
Fix Released
Bug description:
Based on the upstream comment here -
https://github.com/stefanberger/swtpm/issues/852#issuecomment-2156039973
- users are having issues with apparmor denials when attempting to use
TPM2 NVRAM state lockfiles. This is due to the file not being owned by
the swtpm user. The issue is fixed by allowing write access to non-
owned lock files in /var/lib/libvirt/swtpm/. This was fixed upstream
in my pr here - https://github.com/stefanberger/swtpm/pull/868
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/swtpm/+bug/2072524/+subscriptions
More information about the foundations-bugs
mailing list