From 01ab33202a7a0f46fc0f93ae9709fb43219d5a88 Mon Sep 17 00:00:00 2001
From: Simon Poirier <simon.poirier@canonical.com>
Date: Wed, 13 Aug 2025 21:36:50 -0400
Subject: [PATCH] profiles: Allow curl to read tmp, for scripts which might use
 config/etags/data...

Signed-off-by: Simon Poirier <simon.poirier@canonical.com>
---
 profiles/apparmor.d/curl | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/profiles/apparmor.d/curl b/profiles/apparmor.d/curl
index 369369877..cbee547fe 100644
--- a/profiles/apparmor.d/curl
+++ b/profiles/apparmor.d/curl
@@ -27,6 +27,9 @@ profile curl /usr/bin/curl {
   # (see --config, --cacert options)
   file r @{HOME}/**,
 
+  # allow reading data/config from tmp
+  owner file r /tmp/**,
+
   # allow writing output to $HOME, /tmp (see -o option)
   file w @{HOME}/**,
   file w /tmp/**,