From 58783e06cb2fb482c520e36ffbcbe15cf7b1ecbe Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Sat, 14 Sep 2024 15:28:18 +0100
Subject: [PATCH] fix(profile): ufw can't determine iptables version

fix #485
---
 apparmor.d/profiles-s-z/ufw | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/apparmor.d/profiles-s-z/ufw b/apparmor.d/profiles-s-z/ufw
index 4340f12db..6a9897d91 100644
--- a/apparmor.d/profiles-s-z/ufw
+++ b/apparmor.d/profiles-s-z/ufw
@@ -1,5 +1,6 @@
 # apparmor.d - Full set of apparmor profiles
 # Copyright (C) 2024 EricLin <ericlin050914@gmail.com>
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
 abi <abi/3.0>,
@@ -9,6 +10,7 @@ include <tunables/global>
 @{exec_path} = @{bin}/ufw
 profile ufw @{exec_path} {
     include <abstractions/base>
+    include <abstractions/consoles>
     include <abstractions/nameservice-strict>
     include <abstractions/python>
 
@@ -22,16 +24,16 @@ profile ufw @{exec_path} {
     @{exec_path} mr,
 
     @{bin}/ r,
+    @{bin}/cat ix,
     @{bin}/env r,
     @{bin}/python3.@{int} ix,
-    @{bin}/cat ix,
+    @{bin}/xtables-legacy-multi ix,
     @{bin}/xtables-nft-multi ix,
-
     @{lib}/ufw/ufw-init ix,
 
-    /etc/ufw/{,**} rwk,
-
     /etc/default/ufw r,
+    /etc/ufw/ rw,
+    /etc/ufw/** rwk,
 
     owner @{run}/ufw.lock rwk,
 
@@ -40,12 +42,9 @@ profile ufw @{exec_path} {
     owner @{tmp}/???????? rw,
     owner @{tmp}/tmp???????? rw,
 
-    @{PROC}/@{pid}/stat r,
     @{PROC}/@{pid}/fd/ r,
     @{PROC}/@{pid}/net/ip_tables_names r,
-
-    /dev/pts/[0-9]* rw,
-    /dev/tty rw, 
+    @{PROC}/@{pid}/stat r,
 
     include if exists <local/ufw>