Package: mkosi Version: 26-2 Severity: normal X-Debbugs-Cc: [email protected]
Attempting to use 'mkosi vm' to start an OS image in a virtual machine fails at the TMP setup step due to the policy in /etc/apparmor.d/usr.bin.swtpm from the swtpm package, which allows swtpm to run only in a small subset of directories. mkosi attempts to setup in /work/tmp, which is not included, leading to: swtpm: SWTPM_NVRAM_StoreData: Error (fatal) opening /work/tmp/mkosi-swtpm-cgx_pynd/TMP2-00.permall for write failed, Permission denied swtpm: SWTPM_NVRAM_Lock_Dir: Could not open lockfile: Permission denied Could not receive response to CMD_GET_INFO from swtpm: Connection reset by peer Could not get active profile. An error occurred. Authoring the TPM state failed. Error getting next filename: Connection reset by peer ‣ "swtpm_setup --tpm-state /work/tmp/mkosi-swtpm-cgx_pynd --tpm2 --pcr-banks sha256 --config /dev/null --profile-name=custom --profile-remove-disabled=check" returned non-zero exit code 1. Regards, Simon -- System Information: Debian Release: forky/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing'), (1, 'buildd-unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 6.19.9+deb14-amd64-simonp (SMP w/32 CPU threads; PREEMPT) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages mkosi depends on: ii apt 3.1.16 ii apt-utils 3.1.16 ii btrfs-progs 6.17.1-1 ii cpio 2.15+dfsg-2.1 ii cryptsetup-bin 2:2.8.4-1 ii debian-archive-keyring 2025.1 ii dosfstools 4.2-1.2 ii e2fsprogs 1.47.4-1 ii efitools 1.9.2-5 ii erofs-utils 1.9.1-1 ii fdisk 2.41.3-4 ii gnupg 2.4.9-4 ii jq 1.8.1-4+b1 ii kmod 34.2-2+b1 ii mtools 4.0.49-1 ii openssl 3.6.1-3 ii pesign 116-8.1 ii python3 3.13.9-3 ii python3-cryptography 46.0.6-1 ii python3-pefile 2024.8.26-2.1 ii squashfs-tools 1:4.7.5-1 ii systemd 260.1-1 ii systemd-boot-efi 260.1-1 ii systemd-boot-tools 260.1-1 ii systemd-container 260.1-1 ii systemd-repart 260.1-1 ii systemd-ukify 260.1-1 ii tpm2-tools 5.7-1 ii xz-utils 5.8.2-2 ii zstd 1.5.7+dfsg-3+b1 Versions of packages mkosi recommends: pn archlinux-keyring <none> ii debian-archive-keyring 2025.1 pn distribution-gpg-keys <none> pn dnf <none> ii ipxe-qemu 2.0.0+dfsg-2 ii ovmf 2025.11-4 pn pacman-package-manager <none> pn qemu-system <none> ii systemd-timesyncd 260.1-1 pn ubuntu-keyring <none> ii uidmap 1:4.19.3-1 ii virtiofsd 1.13.2-6 pn zypper <none> mkosi suggests no packages. -- no debconf information
