pid1: allowlist all tpm devices for a unit when encrypted creds are needed

We might be configured to use some ther device than /dev/tpmrm0, hence allow them all by allowlisting the tpm char device class as a whole.
2025-01-11 09:18:07 +03:00 · 2023-03-23 18:22:43 +01:00 · 2023-03-23 18:22:43 +01:00 · df637af460
commit df637af460
parent 50a4217bbe
1 changed files with 1 additions and 1 deletions
--- a/src/core/unit.c
+++ b/src/core/unit.c
@ -4217,7 +4217,7 @@ int unit_patch_contexts(Unit *u) {

                        /* If there are encrypted credentials we might need to access the TPM. */
                        if (exec_context_has_encrypted_credentials(ec)) {
-                                r = cgroup_add_device_allow(cc, "/dev/tpmrm0", "rw");
+                                r = cgroup_add_device_allow(cc, "char-tpm", "rw");
                                if (r < 0)
                                        return r;
                        }