Make sure swtpm is run in a scope, not swtpm_setup

diff --git a/mkosi/qemu.py b/mkosi/qemu.py
index cdb6501c4818778972af0419191843016178709c..260afe3eb9b00bec9e0b9faa19b3f391ddb1cb93 100644 (file)
--- a/mkosi/qemu.py
+++ b/mkosi/qemu.py
@@ -262,10 +262,6 @@ def start_swtpm(config: Config) -> Iterator[Path]:
             sandbox=config.sandbox(
                 binary="swtpm_setup",
                 options=["--bind", state, state],
-                setup=scope_cmd(
-                    name=f"mkosi-swtpm-{config.machine_or_name()}",
-                    description=f"swtpm for {config.machine_or_name()}",
-                ),
             ),
             stdout=None if ARG_DEBUG.get() else subprocess.DEVNULL,
         )  # fmt: skip
@@ -284,7 +280,14 @@ def start_swtpm(config: Config) -> Iterator[Path]:
             with spawn(
                 cmdline,
                 pass_fds=(sock.fileno(),),
-                sandbox=config.sandbox(binary="swtpm", options=["--bind", state, state]),
+                sandbox=config.sandbox(
+                    binary="swtpm",
+                    options=["--bind", state, state],
+                    setup=scope_cmd(
+                        name=f"mkosi-swtpm-{config.machine_or_name()}",
+                        description=f"swtpm for {config.machine_or_name()}",
+                    ),
+                ),
             ) as proc:
                 yield path
                 proc.terminate()