~lvoytek/ubuntu/+source/swtpm:aa-sysadmin-lockfile-jammy

Last commit made on 2024-07-30
Get this branch:
git clone -b aa-sysadmin-lockfile-jammy https://git.launchpad.net/~lvoytek/ubuntu/+source/swtpm
Only Lena Voytek can upload to this branch. If you are Lena Voytek please log in for upload directions.

Branch merges

Branch information

Name:
aa-sysadmin-lockfile-jammy
Repository:
lp:~lvoytek/ubuntu/+source/swtpm

Recent commits

e8299dc... by Lena Voytek

changelog

de5a0df... by Lena Voytek

    - Allow non-owned lockfile write access in /var/lib/libvirt/swtpm/ to fix
      apparmor denials when working with TPM2 locks (LP: #2072524)

57c1d54... by Lena Voytek

  * d/usr.bin.swtpm:
    - Add sys_admin capability to apparmor profile to allow access to kernel
      modules such as tpm_vtpm_proxy (LP: #2071478)

4661438... by Lena Voytek

changelog

7a0d068... by Lena Voytek

* d/p/create-user-config-files-use-correct-swtpm-localca.patch: Fix the path
  to swtpm-localca used in swtpm-create-user-config-files (LP: #2016744)

ec80a8f... by Lena Voytek

changelog

ff42e33... by Lena Voytek

* d/usr.bin.swtpm: Update apparmor profile to match swtpm upstream
  In between adding the apparmor profile to Ubuntu and merging upstream
  additional rules were used to cover more common use cases. (LP: #1992377)
  - The six capability lines fix the broken upstream unit test cases:
    test_ctrlchannel, test_vtpm_proxy, test_tpm2_file_permissions,
    test_tpm2_save_load_state_2_block, and test_tpm2_ctrlchannel2
  - owner @{HOME}/** rwk was added as using a folder in one's home directory
    is common for managing tpm states
  - Access in the tmp directory is further generalized as this is where swtpm
    interacts with qemu and libvirt
  - The ability to read from /etc/nsswitch.conf was added for vtpm proxy to
    work

f252cc7... by Lena Voytek

changelog

d1faa59... by Lena Voytek

* d/usr.bin.swtpm: Add additional apparmor rules
  - allow full interaction with libvirt (LP: #1968187)
  - add qemu socket rules (LP: #1968335)

1f2a09e... by Christian Ehrhardt 

0.6.3-0ubuntu2 (patches unapplied)

Imported using git-ubuntu import.