debian: Add rules for reading profiles from distro and local dirs

Allow a user to pass profiles from the distro or local dirs directly to swtpm. A rule to allow reading profiles from somewhere under the HOME directory already exists. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
stefanberger · Oct 2, 2024 · 47d37cc · 47d37cc
1 parent 34e5103
commit 47d37cc
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/debian/usr.bin.swtpm b/debian/usr.bin.swtpm
@@ -28,8 +28,10 @@ profile swtpm /usr/bin/swtpm {
 
   /run/libvirt/qemu/swtpm/*.pid rwk,
   /run/libvirt/qemu/swtpm/*.sock rwk,
-  /tmp/** rwk,
   /var/lib/libvirt/swtpm/** wk,
+  /usr/share/swtpm/profiles/*.json r,  # distro profiles
+  /etc/swtpm/profiles/*.json r,        # local profiles
+  /tmp/** rwk,
 
   owner /dev/vtpmx rw,
   owner /etc/nsswitch.conf r,