From 5e38394986e6e2d0d14638261a214cf4cf91faa6 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Sat, 12 Apr 2025 23:38:11 +0200
Subject: [PATCH] fix(profile): snap: simplify cgroup access.

---
 apparmor.d/groups/snap/snapd | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/apparmor.d/groups/snap/snapd b/apparmor.d/groups/snap/snapd
index f1cd46537..4efe83957 100644
--- a/apparmor.d/groups/snap/snapd
+++ b/apparmor.d/groups/snap/snapd
@@ -157,12 +157,11 @@ profile snapd @{exec_path} {
   @{run}/systemd/private rw,
 
   @{sys}/fs/cgroup/{,*/} r,
-  @{sys}/fs/cgroup/cgroup.controllers r,
-  @{sys}/fs/cgroup/system.slice/{,**/} r,
-  @{sys}/fs/cgroup/system.slice/snap*.service/cgroup.procs r,
   @{sys}/fs/cgroup/*.slice/ r,
   @{sys}/fs/cgroup/*.slice/*.service/{,**/} r,
-  @{sys}/fs/cgroup/*.slice/*-@{uid}.slice/*@@{uid}.service/app.slice/snap*.service/cgroup.procs r,
+  @{sys}/fs/cgroup/*.slice/*.slice/{,**/} r,
+  @{sys}/fs/cgroup/*.slice/**/cgroup.procs r,
+  @{sys}/fs/cgroup/cgroup.controllers r,
   @{sys}/kernel/kexec_loaded r,
   @{sys}/kernel/security/apparmor/.notify r,
   @{sys}/kernel/security/apparmor/features/{,**} r,