[Pkg-libvirt-maintainers] Bug#1061222: libvirt-daemon-system: Apparmour enrty for /etc/apparmor.d/abstractions/libvirt-qemu to include TPM device missing

Douglas Baggett doug.baggett at gmail.com
Sat Jan 20 22:28:48 GMT 2024 

Package: libvirt-daemon-system
Version: 9.0.0-4
Severity: important
X-Debbugs-Cc: doug.baggett at gmail.com

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
Was trying to install a Windows 11 under KVM using virt-manager and
using TPM passthrough and kept getting an error.

   * What exactly did you do (or not do) that was effective (or
     ineffective)? (Effective)

     Followed the instructions at:
     https://askubuntu.com/questions/1365829/qemu-failed-to-passthrough-a-tpm-device
     to add `/dev/tpm0 rw,` to /etc/apparmor.d/abstractions/libvirt-qemu which is the tpm device when using
     passthrough to apparmour. I then restarted the apparmour service
     via systemd. 

   * What was the outcome of this action?
     VM works without issue

   * What outcome did you expect instead?

*** End of the template - remove these template lines ***


-- System Information:
Debian Release: 12.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-17-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libvirt-daemon-system depends on:
ii  adduser                         3.134
ii  debconf [debconf-2.0]           1.5.82
ii  gettext-base                    0.21-12
ii  iptables                        1.8.9-2
ii  libvirt-clients                 9.0.0-4
ii  libvirt-daemon                  9.0.0-4
ii  libvirt-daemon-config-network   9.0.0-4
ii  libvirt-daemon-config-nwfilter  9.0.0-4
ii  libvirt-daemon-system-systemd   9.0.0-4
ii  logrotate                       3.21.0-1
ii  polkitd                         122-3

Versions of packages libvirt-daemon-system recommends:
ii  dmidecode                    3.4-1
ii  dnsmasq-base [dnsmasq-base]  2.89-1
ii  iproute2                     6.1.0-3
ii  mdevctl                      1.2.0-3+b1
ii  parted                       3.5-3

Versions of packages libvirt-daemon-system suggests:
ii  apparmor    3.0.8-3
pn  auditd      <none>
ii  nfs-common  1:2.6.2-4
pn  open-iscsi  <none>
pn  pm-utils    <none>
ii  systemd     252.19-1~deb12u1
pn  systemtap   <none>
pn  zfsutils    <none>

-- Configuration Files:
/etc/libvirt/qemu.conf [Errno 13] Permission denied: '/etc/libvirt/qemu.conf'

-- debconf information excluded

More information about the Pkg-libvirt-maintainers mailing list