[Bug 1859506] [NEW] swtmp fails in focal with apparor

Mon, 13 Jan 2020 10:10:52 -0800 

Public bug reported:

Jan 13 17:49:22 ottawa audit[142634]: AVC apparmor="ALLOWED" operation="open" 
profile="libvirt-047133ac-847c-46b6-a6b0-b80bbadf17b0" 
name="/var/log/swtpm/libvirt/qemu/core20-swtpm.log" pid=142634 comm="swtpm" 
requested_mask="c" denied_mask="c" fsuid=130 ouid=130
Jan 13 17:49:22 ottawa kernel: audit: type=1400 audit(1578937762.252:1829): 
apparmor="ALLOWED" operation="open" 
profile="libvirt-047133ac-847c-46b6-a6b0-b80bbadf17b0" 
name="/var/log/swtpm/libvirt/qemu/core20-swtpm.log" pid=142634 comm="swtpm" 
requested_mask="c" denied_mask="c" fsuid=130 ouid=130
Jan 13 17:49:22 ottawa audit[142635]: AVC apparmor="ALLOWED" 
operation="file_lock" profile="libvirt-047133ac-847c-46b6-a6b0-b80bbadf17b0" 
name="/var/lib/libvirt/swtpm/047133ac-847c-46b6-a6b0-b80bbadf17b0/tpm2/.lock" 
pid=142635 comm="swtpm" requested_mask="k" denied_mask="k" fsuid=130 ouid=130
Jan 13 17:49:22 ottawa kernel: audit: type=1400 audit(1578937762.508:1831): 
apparmor="ALLOWED" operation="file_lock" 
profile="libvirt-047133ac-847c-46b6-a6b0-b80bbadf17b0" 
name="/var/lib/libvirt/swtpm/047133ac-847c-46b6-a6b0-b80bbadf17b0/tpm2/.lock" 
pid=142635 comm="swtpm" requested_mask="k" denied_mask="k" fsuid=130 ouid=130


I've tried swtpm in my VM and it failed with apparor errors. I've set the 
profile to complain, and the above got "allowed" to make the VM run.

I guess the libvirt tpm specific apparor rules are incomplete or need
adjustment for newer swtpm.

I got swtpm from github.

** Affects: libvirt (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: qemu (Ubuntu)
     Importance: Undecided
         Status: Invalid


** Tags: apparmor core20 focal

** Also affects: libvirt (Ubuntu)
   Importance: Undecided
       Status: New

** Changed in: qemu (Ubuntu)
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1859506

Title:
  swtmp fails in focal with apparor

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1859506/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to