profiles: Allow curl to read tmp, for scripts which might use config/etags/data...

Signed-off-by: Simon Poirier <simon.poirier@canonical.com>
2025-08-21 17:47:10 +00:00 · 2025-08-13 21:36:50 -04:00 · 2025-08-13 21:36:50 -04:00 · 01ab33202a
commit 01ab33202a
parent a8875460ed
1 changed files with 3 additions and 0 deletions
--- a/profiles/apparmor.d/curl
+++ b/profiles/apparmor.d/curl
@ -27,6 +27,9 @@ profile curl /usr/bin/curl {
  # (see --config, --cacert options)
  file r @{HOME}/**,

+  # allow reading data/config from tmp
+  owner file r /tmp/**,
+
  # allow writing output to $HOME, /tmp (see -o option)
  file w @{HOME}/**,
  file w /tmp/**,