[Bug 2071478] Re: Add sys_admin capability to apparmor profile by default
Lena Voytek
2071478 at bugs.launchpad.net
Fri Jun 28 17:45:04 UTC 2024
** Description changed:
Based on the upstream discussion here -
- https://github.com/stefanberger/swtpm/discussions/866 - swtpm should be
- allowed to run under root by default. This is fixed by adding capability
- sys_admin to the apparmor profile.
+ https://github.com/stefanberger/swtpm/discussions/866 - certain features
+ of swtpm require access to kernel modules to work. For example, using
+ --vtpm-proxy requires the tpm_vtpm_proxy module. This should work by
+ default, and is fixed by adding capability sys_admin to the apparmor
+ profile.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to swtpm in Ubuntu.
https://bugs.launchpad.net/bugs/2071478
Title:
Add sys_admin capability to apparmor profile by default
Status in swtpm package in Ubuntu:
In Progress
Status in swtpm source package in Jammy:
New
Status in swtpm source package in Mantic:
New
Status in swtpm source package in Noble:
New
Status in swtpm source package in Oracular:
In Progress
Bug description:
Based on the upstream discussion here -
https://github.com/stefanberger/swtpm/discussions/866 - certain
features of swtpm require access to kernel modules to work. For
example, using --vtpm-proxy requires the tpm_vtpm_proxy module. This
should work by default, and is fixed by adding capability sys_admin to
the apparmor profile.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/swtpm/+bug/2071478/+subscriptions
More information about the foundations-bugs
mailing list