[Bug 1950631] Re: [FFe] wrap swtpm in an apparmor profile

Wed, 09 Mar 2022 09:35:49 -0800 

** Description changed:

+ Dear Release Team,
+ 
  Please accept the swtpm apparmor profile as a Jammy FFe.
+ 
+ PPA: ppa:lvoytek/swtpm-apparmor-profile-jammy
  
  [Rationale]
  
  We would like to MIR swtpm in the near future, and adding in the
  apparmor profile is needed for this to happen for security.
  
  [Regression Potential]
  
  If the apparmor profile is missing certain exceptions then some users
  may encounter permission denied errors with their setup.
  
  If users encounter errors with this, it will be limited to the packages
  built with src:swtpm as the packages have no reverse dependencies in the
  archive.
  
  swtpm is not seeded.
  
  [Tests]
  
  autopkgtest output:
  
  ============================================================================
  Testsuite summary for swtpm 0.6.1
  ============================================================================
  # TOTAL: 58
  # PASS:  50
  # SKIP:  8
  # XFAIL: 0
  # FAIL:  0
  # XPASS: 0
  # ERROR: 0
  ============================================================================
  make[3]: Leaving directory '/tmp/autopkgtest.cLbuOZ/build.Gmd/src/tests'
  make[2]: Leaving directory '/tmp/autopkgtest.cLbuOZ/build.Gmd/src/tests'
  make[1]: Leaving directory '/tmp/autopkgtest.cLbuOZ/build.Gmd/src/tests'
  make[1]: Entering directory '/tmp/autopkgtest.cLbuOZ/build.Gmd/src'
  make[1]: Leaving directory '/tmp/autopkgtest.cLbuOZ/build.Gmd/src'
  autopkgtest [10:14:10]: test run-tests: -----------------------]
  autopkgtest [10:14:11]: test run-tests:  - - - - - - - - - - results - - - - 
- - - - - -
  run-tests            PASS
  autopkgtest [10:14:11]: @@@@@@@@@@@@@@@@@@@@ summary
  run-tests            PASS
  qemu-system-x86_64: terminating on signal 15 from pid 58469 (/usr/bin/python3)
  
- 
  [Original Description]
  
  This is a spin off from MIR bug 1948748 for swtpm.
  
  As we can see in bug 1859506 it currently seems to run in guest-context
  which is good as that is already rather reduced and safer than e.g. the
  libvirt daemon.
  
  But still we should evaluate adding a further reduced profile just for
  swtpm and have it transition there.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1950631

Title:
  [FFe] wrap swtpm in an apparmor profile

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1950631/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to