From 4a6c0102428c03d01a5c993ba19b8453b6fdeeda Mon Sep 17 00:00:00 2001
From: Jeroen Rijken <jeroen.rijken@xs4all.nl>
Date: Thu, 1 Sep 2022 15:37:31 +0200
Subject: [PATCH] Add profile

---
 .../profiles-s-z/update-secureboot-policy       | 17 +++++++++++++++++
 apparmor.d/profiles-s-z/whereis                 |  1 -
 2 files changed, 17 insertions(+), 1 deletion(-)
 create mode 100644 apparmor.d/profiles-s-z/update-secureboot-policy

diff --git a/apparmor.d/profiles-s-z/update-secureboot-policy b/apparmor.d/profiles-s-z/update-secureboot-policy
new file mode 100644
index 000000000..5ed5c8966
--- /dev/null
+++ b/apparmor.d/profiles-s-z/update-secureboot-policy
@@ -0,0 +1,17 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2022 Jeroen Rijken
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}{,s}bin/update-secureboot-policy
+profile update-secureboot-policy @{exec_path} flags=(complain) {
+  include <abstractions/base>
+
+  @{exec_path} rm,
+  /usr/share/debconf/frontend rPx,
+
+  include if exists <local/update-secureboot-policy>
+}
\ No newline at end of file
diff --git a/apparmor.d/profiles-s-z/whereis b/apparmor.d/profiles-s-z/whereis
index b1f23b499..d55a83c0e 100644
--- a/apparmor.d/profiles-s-z/whereis
+++ b/apparmor.d/profiles-s-z/whereis
@@ -34,7 +34,6 @@ profile whereis @{exec_path} flags=(complain) {
   /snap/bin/ r,
   /var/lib/flatpak/exports/bin/ r,
 
-  owner @{HOME}/{.local/,}/{.,}bin/ r,
   owner @{HOME}/.krew/bin/ r,
   owner @{HOME}/{.,}go/bin/ r,
   owner @{HOME}/{.local/,}{.,}bin/ r,