reachableceo 7665f59cfe fix: use swtpm_user/swtpm_group in qemu.conf for permanent TPM fix ...

The ACL-based approach didn't work because libvirt creates per-VM
swtpm dirs with mode 0111, which caps the ACL mask to --x, making
the libvirt-qemu:rwx ACL ineffective.

The real fix is configuring libvirt's swtpm_user and swtpm_group
in /etc/libvirt/qemu.conf so libvirt creates swtpm state dirs
owned by libvirt-qemu directly.

Updated scripts/fix-swtpm-permissions.sh to:
- Set swtpm_user="libvirt-qemu" and swtpm_group="libvirt-qemu"
- Fix ownership of any existing stale state dirs
- Restart libvirtd to apply changes

All 523 tests pass, 0 lint warnings.

💘 Generated with Crush

Assisted-by: GLM-5.1 via Crush <crush@charm.land>

2026-05-07 14:05:45 -05:00

1.9 KiB

Executable File

Raw Blame History

View Raw