From 1121bcf856240eea8bd73074f440de6459e639d0 Mon Sep 17 00:00:00 2001
From: Jose Maldonado aka Yukiteru <josemald89@gmail.com>
Date: Fri, 29 Aug 2025 13:54:42 -0400
Subject: [PATCH] rpcbind: update profile

rpcbind: update profile
---
 apparmor.d/groups/network/rpcbind | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/apparmor.d/groups/network/rpcbind b/apparmor.d/groups/network/rpcbind
index 1d81292fd..0650470ac 100644
--- a/apparmor.d/groups/network/rpcbind
+++ b/apparmor.d/groups/network/rpcbind
@@ -1,5 +1,6 @@
 # apparmor.d - Full set of apparmor profiles
 # Copyright (C) 2023 Jeroen Rijken
+# Copyright (C) 2025 Jose Maldonado
 # SPDX-License-Identifier: GPL-2.0-only
 
 abi <abi/4.0>,
@@ -9,9 +10,18 @@ include <tunables/global>
 @{exec_path} = @{sbin}/rpcbind
 profile rpcbind @{exec_path} flags=(complain) {
   include <abstractions/base>
+  include <abstractions/nameservice-strict>
+
+  capability setgid,
+  capability setuid,
 
   @{exec_path} rm,
 
+  /etc/netconfig r,
+
+  @{run}/rpcbind.lock rwkl,
+  @{run}/rpcbind/*.xdr rwkl,
+
   include if exists <local/rpcbind>
 }