** Description changed: + Please accept the swtpm apparmor profile as a Jammy FFe. + + [Rationale] + + We would like to MIR swtpm in the near future, and adding in the + apparmor profile is needed for this to happen for security. + + [Regression Potential] + + If the apparmor profile is missing certain exceptions then some users + may encounter permission denied errors with their setup. + + If users encounter errors with this, it will be limited to the packages + built with src:swtpm as the packages have no reverse dependencies in the + archive. + + swtpm is not seeded. + + [Tests] + + + [Original Description] + This is a spin off from MIR bug 1948748 for swtpm. As we can see in bug 1859506 it currently seems to run in guest-context which is good as that is already rather reduced and safer than e.g. the libvirt daemon. But still we should evaluate adding a further reduced profile just for swtpm and have it transition there.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1950631 Title: [FFe] wrap swtpm in an apparmor profile To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1950631/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs