Code review comment for ~lvoytek/ubuntu/+source/swtpm:swtpm-lp1950631-add-apparmor-jammy

Hi Serge, long time not seen, glad that you are still around!

@Serge:
On one hand I wonder if the owner restriction as shown now:
  owner @{HOME}/** rwk,
would work for you?
What users do your use case run swtpm as and would that work then?

@Serge;
Furthermore, how common is that setup of yours?
Even if you are unable to talk about details, is it "a very special things unlikely to happen generally around the world", or is it more like "you don't know yet, but in a year everyone will be doing that"?

If it is anywhere close to the former I'd suggest in that case it might make sense to just put a rule int he local override /etc/apparmor.d/local/usr.bin.swtpm

@Lena
Which does bring me to that as a question - IIRC dh_apparmor will automatically add a template for the local overrides in /etc/apparmor.d/local/usr.bin.swtpm - could you confirm that?
If it does not we need to fix that.
And once it does I think we then need an include here in your profile like
  # Site-specific additions and overrides. See local/README for details.
  #include <local/usr.sbin.libvirtd>
Or is that include also added automatically nowadays and I missed that feature?