** Description changed:

+ Please accept the swtpm apparmor profile as a Jammy FFe.
+ 
+ [Rationale]
+ 
+ We would like to MIR swtpm in the near future, and adding in the
+ apparmor profile is needed for this to happen for security.
+ 
+ [Regression Potential]
+ 
+ If the apparmor profile is missing certain exceptions then some users
+ may encounter permission denied errors with their setup.
+ 
+ If users encounter errors with this, it will be limited to the packages
+ built with src:swtpm as the packages have no reverse dependencies in the
+ archive.
+ 
+ swtpm is not seeded.
+ 
+ [Tests]
+ 
+ 
+ [Original Description]
+ 
  This is a spin off from MIR bug 1948748 for swtpm.
  
  As we can see in bug 1859506 it currently seems to run in guest-context
  which is good as that is already rather reduced and safer than e.g. the
  libvirt daemon.
  
  But still we should evaluate adding a further reduced profile just for
  swtpm and have it transition there.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1950631

Title:
  [FFe] wrap swtpm in an apparmor profile

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1950631/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to