From cf177c711b8c86eb89187e96bb6813228f1f3343 Mon Sep 17 00:00:00 2001
From: Frank Brehm <frank@brehm-online.com>
Date: Sun, 14 May 2023 15:51:15 +0200
Subject: [PATCH] committing changes in /etc made by "/usr/bin/apt full-upgrade
 -y"

Packages with configuration changes:
-swtpm 0.6.3-0ubuntu3 amd64
+swtpm 0.6.3-0ubuntu3.1 amd64

Package changes:
-swtpm 0.6.3-0ubuntu3 amd64
-swtpm-tools 0.6.3-0ubuntu3 amd64
+swtpm 0.6.3-0ubuntu3.1 amd64
+swtpm-tools 0.6.3-0ubuntu3.1 amd64
---
 apparmor.d/usr.bin.swtpm | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/apparmor.d/usr.bin.swtpm b/apparmor.d/usr.bin.swtpm
index 386137b..56702ad 100644
--- a/apparmor.d/usr.bin.swtpm
+++ b/apparmor.d/usr.bin.swtpm
@@ -1,7 +1,7 @@
 # vim:syntax=apparmor
 # AppArmor policy for swtpm
 # Author: Lena Voytek <lena.voytek@canonical.com>
-# Last Modified: Fri Feb 18 10:23:53 2022
+# Last Modified: Tue Oct 11 10:53:05 2022
 
 #include <tunables/global>
 
@@ -12,7 +12,13 @@ profile swtpm /usr/bin/swtpm {
   # Site-specific additions and overrides. See local/README for details.
   #include <local/usr.bin.swtpm>
 
+  capability chown,
   capability dac_override,
+  capability dac_read_search,
+  capability fowner,
+  capability fsetid,
+  capability setgid,
+  capability setuid,
 
   network inet stream,
   network inet6 stream,
@@ -21,12 +27,14 @@ profile swtpm /usr/bin/swtpm {
 
   /usr/bin/swtpm rm,
 
-  owner /tmp/** rwk,
+  /tmp/** rwk,
+  owner @{HOME}/** rwk,
   owner /var/lib/libvirt/swtpm/** rwk,
   /run/libvirt/qemu/swtpm/*.sock rwk,
   owner /var/log/swtpm/libvirt/qemu/*.log rwk,
   owner /run/libvirt/qemu/swtpm/*.pid rwk,
   owner /dev/vtpmx rw,
+  owner /etc/nsswitch.conf r,
   owner /var/lib/swtpm/** rwk,
   owner /run/swtpm/sock rw,
 }
-- 
2.39.5