]> git.proxmox.com Git - swtpm.git/blame - debian/usr.bin.swtpm
projects / swtpm.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
debian/rpm: Adjust changelog for 0.8.0 release
[swtpm.git] / debian / usr.bin.swtpm
CommitLineData
3d2747a1
LV		 1# vim:syntax=apparmor
2# AppArmor policy for swtpm
3
4#include <tunables/global>
5
6profile swtpm /usr/bin/swtpm {
7 #include <abstractions/base>
8 #include <abstractions/openssl>
9
10 # Site-specific additions and overrides. See local/README for details.
11 #include <local/usr.bin.swtpm>
12
13 capability chown,
14 capability dac_override,
15 capability dac_read_search,
16 capability fowner,
17 capability fsetid,
18 capability setgid,
19 capability setuid,
20
21 network inet stream,
22 network inet6 stream,
23 unix (send) type=dgram addr=none peer=(addr=none),
24 unix (send, receive) type=stream addr=none peer=(label=libvirt-*),
25
26 /usr/bin/swtpm rm,
27
28 /tmp/** rwk,
29 owner @{HOME}/** rwk,
30 owner /var/lib/libvirt/swtpm/** rwk,
31 /run/libvirt/qemu/swtpm/*.sock rwk,
32 owner /var/log/swtpm/libvirt/qemu/*.log rwk,
33 owner /run/libvirt/qemu/swtpm/*.pid rwk,
34 owner /dev/vtpmx rw,
35 owner /etc/nsswitch.conf r,
36 owner /var/lib/swtpm/** rwk,
37 owner /run/swtpm/sock rw,
38}
Software TPM used for PVE's Virtual Machines