From: Frank Brehm <frank@brehm-online.com>
Date: Sun, 14 May 2023 13:51:15 +0000 (+0200)
Subject: committing changes in /etc made by "/usr/bin/apt full-upgrade -y"
X-Git-Url: https://git.uhu-banane.org/?a=commitdiff_plain;h=cf177c711b8c86eb89187e96bb6813228f1f3343;p=config%2Fbruni%2Fetc-mint-new1.git

committing changes in /etc made by "/usr/bin/apt full-upgrade -y"

Packages with configuration changes:
-swtpm 0.6.3-0ubuntu3 amd64
+swtpm 0.6.3-0ubuntu3.1 amd64

Package changes:
-swtpm 0.6.3-0ubuntu3 amd64
-swtpm-tools 0.6.3-0ubuntu3 amd64
+swtpm 0.6.3-0ubuntu3.1 amd64
+swtpm-tools 0.6.3-0ubuntu3.1 amd64
---

diff --git a/apparmor.d/usr.bin.swtpm b/apparmor.d/usr.bin.swtpm
index 386137b..56702ad 100644
--- a/apparmor.d/usr.bin.swtpm
+++ b/apparmor.d/usr.bin.swtpm
@@ -1,7 +1,7 @@
 # vim:syntax=apparmor
 # AppArmor policy for swtpm
 # Author: Lena Voytek <lena.voytek@canonical.com>
-# Last Modified: Fri Feb 18 10:23:53 2022
+# Last Modified: Tue Oct 11 10:53:05 2022
 
 #include <tunables/global>
 
@@ -12,7 +12,13 @@ profile swtpm /usr/bin/swtpm {
   # Site-specific additions and overrides. See local/README for details.
   #include <local/usr.bin.swtpm>
 
+  capability chown,
   capability dac_override,
+  capability dac_read_search,
+  capability fowner,
+  capability fsetid,
+  capability setgid,
+  capability setuid,
 
   network inet stream,
   network inet6 stream,
@@ -21,12 +27,14 @@ profile swtpm /usr/bin/swtpm {
 
   /usr/bin/swtpm rm,
 
-  owner /tmp/** rwk,
+  /tmp/** rwk,
+  owner @{HOME}/** rwk,
   owner /var/lib/libvirt/swtpm/** rwk,
   /run/libvirt/qemu/swtpm/*.sock rwk,
   owner /var/log/swtpm/libvirt/qemu/*.log rwk,
   owner /run/libvirt/qemu/swtpm/*.pid rwk,
   owner /dev/vtpmx rw,
+  owner /etc/nsswitch.conf r,
   owner /var/lib/swtpm/** rwk,
   owner /run/swtpm/sock rw,
 }