[Bug 2071478] [NEW] Add sys_admin capability to apparmor profile by default

Lena Voytek 2071478 at bugs.launchpad.net
Fri Jun 28 14:56:39 UTC 2024 

Public bug reported:

Based on the upstream discussion here -
https://github.com/stefanberger/swtpm/discussions/866 - swtpm should be
allowed to run under root by default. This is fixed by adding capability
sys_admin to the apparmor profile.

** Affects: swtpm (Ubuntu)
     Importance: Undecided
     Assignee: Lena Voytek (lvoytek)
         Status: In Progress

** Affects: swtpm (Ubuntu Jammy)
     Importance: Undecided
     Assignee: Lena Voytek (lvoytek)
         Status: New

** Affects: swtpm (Ubuntu Mantic)
     Importance: Undecided
     Assignee: Lena Voytek (lvoytek)
         Status: New

** Affects: swtpm (Ubuntu Noble)
     Importance: Undecided
     Assignee: Lena Voytek (lvoytek)
         Status: New

** Affects: swtpm (Ubuntu Oracular)
     Importance: Undecided
     Assignee: Lena Voytek (lvoytek)
         Status: In Progress

** Also affects: swtpm (Ubuntu Focal)
   Importance: Undecided
       Status: New

** Also affects: swtpm (Ubuntu Oracular)
   Importance: Undecided
       Status: New

** Also affects: swtpm (Ubuntu Mantic)
   Importance: Undecided
       Status: New

** Also affects: swtpm (Ubuntu Noble)
   Importance: Undecided
       Status: New

** Also affects: swtpm (Ubuntu Jammy)
   Importance: Undecided
       Status: New

** No longer affects: swtpm (Ubuntu Focal)

** Changed in: swtpm (Ubuntu Jammy)
     Assignee: (unassigned) => Lena Voytek (lvoytek)

** Changed in: swtpm (Ubuntu Mantic)
     Assignee: (unassigned) => Lena Voytek (lvoytek)

** Changed in: swtpm (Ubuntu Noble)
     Assignee: (unassigned) => Lena Voytek (lvoytek)

** Changed in: swtpm (Ubuntu Oracular)
     Assignee: (unassigned) => Lena Voytek (lvoytek)

** Changed in: swtpm (Ubuntu Oracular)
       Status: New => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to swtpm in Ubuntu.
https://bugs.launchpad.net/bugs/2071478

Title:
  Add sys_admin capability to apparmor profile by default

Status in swtpm package in Ubuntu:
  In Progress
Status in swtpm source package in Jammy:
  New
Status in swtpm source package in Mantic:
  New
Status in swtpm source package in Noble:
  New
Status in swtpm source package in Oracular:
  In Progress

Bug description:
  Based on the upstream discussion here -
  https://github.com/stefanberger/swtpm/discussions/866 - swtpm should
  be allowed to run under root by default. This is fixed by adding
  capability sys_admin to the apparmor profile.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/swtpm/+bug/2071478/+subscriptions

More information about the foundations-bugs mailing list