Proxmox-Port/swtpm
1
0
Fork 0
mirror of https://github.com/stefanberger/swtpm.git synced 2026-01-08 20:57:37 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

apparmor: add support for mkosi integration working directory

Browse Source 
mkosi integrates with swtpm to automatically set up and build
VMs with vTPM support. The working directory is in an ephemeral
namespace that appears as /work/tmp/, and apparmor stops swtpm
from creating the local state files (lockfile, etc).
Add a policy entry to allow this to work.

Signed-off-by: Luca Boccassi <luca.boccassi@gmail.com>
This commit is contained in:
Luca Boccassi 2025-11-22 20:26:39 +00:00 committed by Stefan Berger
parent 8084873972
commit e9dfe88740
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
debian/usr.bin.swtpm vendored
View File

@ -33,6 +33,8 @@ profile swtpm /usr/bin/swtpm {
/usr/share/swtpm/profiles/*.json r, # distro profiles
/etc/swtpm/profiles/*.json r, # local profiles
/tmp/** rwk,
# For mkosi integration https://github.com/systemd/mkosi
/work/tmp/** rwk,
owner /dev/vtpmx rw,
owner /etc/nsswitch.conf r,