Comment 3 for bug 1968187

Hmm,
ok I expected libvirt to call this e.g. from src/qemu/qemu_tpm.c and I wondered already why it is the guests profile.
But since it runs under the guests profile it must be more like "libvirt -> qemu -> ??? -> swtpm_setup" - do you have an example of the call path that you see?

Only once we somewhat understand when/how/why it calls swtpm_setup we can decide to either
a) might be called in any config, can't be detected from guest devices, need to add it to TEMPLATE.qemu
b) will only be called when configured, have libvirt-aa-helper detect tpm and only then add abstractions/openssl to the guests rules
c) is generally safe and not a problem to add (only read access), add it to TEMPLATE.qemu
d) is actually not called by qemu but by libvirt, ???? is the reason it is under the guests profile