From 0c90adb24d81bab5f241c853be367e62f8fea01f Mon Sep 17 00:00:00 2001
From: doublez13 <zakraise@eng.utah.edu>
Date: Thu, 11 Sep 2025 17:04:37 -0600
Subject: [PATCH] Update mdadm

There were lots of missing components of mdadm.

I have a few scripts that create and tear down MD RAID arrays.  I've ran them all and added the missing entries.

Note that mdadm has the ability to run in daemon mode and send mail when an array fails. That's why it requires all the network entries.
---
 apparmor.d/profiles-m-r/mdadm | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/apparmor.d/profiles-m-r/mdadm b/apparmor.d/profiles-m-r/mdadm
index e40f6b1e3..94a178ce7 100644
--- a/apparmor.d/profiles-m-r/mdadm
+++ b/apparmor.d/profiles-m-r/mdadm
@@ -1,5 +1,6 @@
 # apparmor.d - Full set of apparmor profiles
 # Copyright (C) 2025 Alexandre Pujol <alexandre@pujol.io>
+# Copyright (C) 2025 Zane Zakraisek <zz@eng.utah.edu>
 # SPDX-License-Identifier: GPL-2.0-only
 
 abi <abi/4.0>,
@@ -14,12 +15,22 @@ profile mdadm @{exec_path} flags=(attach_disconnected) {
 
   capability dac_read_search,
   capability sys_admin,
+  capability mknod,
+  capability net_admin,
+
+  network netlink raw,
 
   mqueue (read getattr) type=posix /,
 
   @{exec_path} mr,
 
+  @{sh_path}      rix,
+  @{bin}/sendmail rPUx,
+
+  /etc/mdadm.conf r,
+
   @{run}/initctl r,
+  @{run}/mdadm/* rwk,
 
   /var/tmp/mkinitramfs_@{rand6}/etc/mdadm/mdadm.conf.tmp rw,
 
@@ -27,13 +38,17 @@ profile mdadm @{exec_path} flags=(attach_disconnected) {
   @{sys}/devices/@{pci}/class r,
   @{sys}/devices/@{pci}/device r,
   @{sys}/devices/@{pci}/vendor r,
+  @{sys}/devices/virtual/block/md*/** rw,
+  @{sys}/module/md_mod/** rw,
 
   @{PROC}/@{pid}/fd/ r,
   @{PROC}/cmdline r,
   @{PROC}/kcore r,
   @{PROC}/partitions r,
+  @{PROC}/mdstat rw,
 
   /dev/**/ r,
+  /dev/.tmp.md.* rw,
 
   include if exists <local/mdadm>
 }