[Bug 1948880] Re: libvirt should not use user tss for swtpm

Mon, 15 Nov 2021 06:35:54 -0800 

#1 old state

ubuntu@node-horsea:~$ sudo ls -laFR /var/log/swtpm/libvirt/qemu 
/run/libvirt/qemu/swtpm /var/lib/libvirt/swtpm
/run/libvirt/qemu/swtpm:
total 4
drwxrwx--- 2 libvirt-qemu tss   80 Nov 15 13:43 ./
drwxr-xr-x 5 root         root 180 Nov 15 13:43 ../
-rw-r--r-- 1 tss          tss    4 Nov 15 13:43 4-f-tpm-swtpm.pid
srw------- 1 libvirt-qemu kvm    0 Nov 15 13:43 4-f-tpm-swtpm.sock=

/var/lib/libvirt/swtpm:
total 12
drwx--x--x 3 root root 4096 Nov 15 13:43 ./
drwxr-xr-x 8 root root 4096 Nov 15 13:38 ../
drwx--x--x 3 root root 4096 Nov 15 13:43 65113265-34d6-4358-b562-4d7508d6ff17/

/var/lib/libvirt/swtpm/65113265-34d6-4358-b562-4d7508d6ff17:
total 12
drwx--x--x 3 root root 4096 Nov 15 13:43 ./
drwx--x--x 3 root root 4096 Nov 15 13:43 ../
drwx------ 2 tss  tss  4096 Nov 15 13:43 tpm2/

/var/lib/libvirt/swtpm/65113265-34d6-4358-b562-4d7508d6ff17/tpm2:
total 16
drwx------ 2 tss  tss  4096 Nov 15 13:43 ./
drwx--x--x 3 root root 4096 Nov 15 13:43 ../
-rw-r----- 1 tss  tss     0 Nov 15 13:43 .lock
-rw------- 1 tss  tss  6098 Nov 15 13:43 tpm2-00.permall

/var/log/swtpm/libvirt/qemu:
total 16
drwx-wx--- 2 tss  tss  4096 Nov 15 13:38 ./
drwx--x--x 3 root root 4096 Nov 15 13:38 ../
-rw-r--r-- 1 tss  tss  4744 Nov 15 13:43 f-tpm-swtpm.log


We see a few things effectively owned by the guest libvirt-qemu user.
And others by tss, mostly the state file and log files.

And the processes are running as tss
1   106    9007       1  20   0   7492  4136 -      Ss   ?          0:00
/usr/bin/swtpm socket --daemon --ctrl type=unixio,path=/run/libvirt/qemu/swtpm/
4-f-tpm-swtpm.sock,mode=0600 --tpmstate dir=/var/lib/libvirt/swtpm/65113265-
34d6-4358-b562-4d7508d6ff17/tpm2,mode=0600 --log file=/var/log/swtpm/libvirt/
qemu/f-tpm-swtpm.log --tpm2 --pid file=/run/libvirt/qemu/swtpm/4-f-tpm-swtpm.pid

$ id tss
uid=106(tss) gid=111(tss) groups=111(tss)
$ id swtpm
uid=116(swtpm) gid=126(swtpm) groups=126(swtpm)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1948880

Title:
  libvirt should not use user tss for swtpm

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1948880/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to