Skip to content

Commit

Permalink
debian: Add rule to allow usage of /var/tmp directory (QEMU)
Browse files Browse the repository at this point in the history 
QEMU's functional tests need access to /var/tmp/**. To avoid the following
type of AppArmor permission failures add a rule that allows access to
/var/tmp/**.

 type=AVC msg=audit(1730829888.863:260): apparmor="DENIED" \
   operation="mknod" class="file" profile="swtpm" \
   name="/var/tmp/qemu_3r9txw7z/swtpm-socket" pid=3925 comm="swtpm" \
   requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000FSUID="stefanb" \
   OUID="stefanb"

[ To run the QEMU's functional tests use the following command:
    make check-functional ]

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
  • Loading branch information
@stefanberger
stefanberger committed Nov 6, 2024
1 parent 1982c51 commit cc52b20
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions debian/usr.bin.swtpm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
#include <tunables/global>

profile swtpm /usr/bin/swtpm {
#include <abstractions/user-tmp>
#include <abstractions/base>
#include <abstractions/openssl>

Expand Down

0 comments on commit cc52b20

Please sign in to comment.