[Bug 2086736] Re: AppArmor profile needs to allow access to /var/tmp
Lena Voytek
2086736 at bugs.launchpad.net
Tue Nov 5 22:29:31 UTC 2024
** Tags added: server-triage-discuss
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to swtpm in Ubuntu.
https://bugs.launchpad.net/bugs/2086736
Title:
AppArmor profile needs to allow access to /var/tmp
Status in swtpm package in Ubuntu:
In Progress
Status in swtpm source package in Jammy:
New
Status in swtpm source package in Noble:
New
Status in swtpm source package in Oracular:
New
Status in swtpm source package in Plucky:
In Progress
Bug description:
QEMU's avocado tests need access to /var/tmp/**. To avoid the
following type of AppArmor permission failures add a rule that allows
access to /var/tmp/**.
type=AVC msg=audit(1730829888.863:260): apparmor="DENIED" \
operation="mknod" class="file" profile="swtpm" \
name="/var/tmp/qemu_3r9txw7z/swtpm-socket" pid=3925 comm="swtpm" \
requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000FSUID="stefanb" \
OUID="stefanb"
To resolve this, add the following line to the usr.bin.swtpm profile:
diff --git a/debian/usr.bin.swtpm b/debian/usr.bin.swtpm
index cd7f5e8a..a6e8a627 100644
--- a/debian/usr.bin.swtpm
+++ b/debian/usr.bin.swtpm
@@ -4,6 +4,7 @@
#include <tunables/global>
profile swtpm /usr/bin/swtpm {
+ #include <abstractions/user-tmp>
#include <abstractions/base>
#include <abstractions/openssl>
To run the QEMU avocado test use the following command:
make check-avocado \
AVOCADO_TESTS=tests/avocado/machine_aspeed.py:AST2x00Machine.test_arm_ast2600_evb_buildroot_tpm
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/swtpm/+bug/2086736/+subscriptions
More information about the foundations-bugs
mailing list