Code review comment for ~lvoytek/ubuntu/+source/swtpm:aa-allow-libvirt-pid-access

We don't need a windows vm to reproduce the problem, any linux vm with tpm 2.0 added will work. Without the apparmor change, the same DENIED will appear in the logs and virt-manager will fail to start the VM, so I think the test case can be simplified to something like "launch ubuntu vm, add tpm 2.0 device".

While checking this, I noticed that it looks like swtpm (or libvirt) is leaking pid files in /run/libvirt/qemu/swtpm:
# ls -la /run/libvirt/qemu/swtpm/
total 24
drwxrwx--- 2 libvirt-qemu swtpm 160 Oct 24 19:20 .
drwxr-xr-x 5 root root 180 Oct 24 19:28 ..
-rw-r--r-- 1 root root 7 Oct 24 18:45 2-win11_22H2-swtpm.pid
-rw-r--r-- 1 root root 7 Oct 24 18:56 3-win11_22H2-swtpm.pid
-rw-r--r-- 1 root root 7 Oct 24 18:59 4-win11_22H2-swtpm.pid
-rw-r--r-- 1 root root 7 Oct 24 19:01 5-win11_22H2-swtpm.pid
-rw-r--r-- 1 root root 7 Oct 24 19:18 6-win11_22H2-swtpm.pid
-rw-r--r-- 1 root root 7 Oct 24 19:20 7-win11_22H2-swtpm.pid

Everytime I stop and start a VM with a tpm 2.0 device, I new pid file gets created, and when that vm is stopped, the pid file is not removed. I'm ready to file a separate bug for this, but maybe we could take a quick look to see why this is happening. I wanted to try some strace/opensnoop to see if someone is even trying to remove those pid files (and perhaps failing due to "reasons").

Note that the directory permissions libvirt-qemu:swtpm 775 would allow the swtpm user to remove the pid file, even though it's owned by root.