From 6739b238cef5bf052371ad4fe67f31c65dd107f2 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Fri, 15 Aug 2025 11:33:29 +0200
Subject: [PATCH] feat(abs): base-strict: allow communication to children and
 stacked profiles.

---
 apparmor.d/abstractions/base-strict | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/apparmor.d/abstractions/base-strict b/apparmor.d/abstractions/base-strict
index 818a4937f..22ca5ec5e 100644
--- a/apparmor.d/abstractions/base-strict
+++ b/apparmor.d/abstractions/base-strict
@@ -67,8 +67,9 @@
   # Allow unconfined processes to us via unix sockets
   unix receive peer=(label=unconfined),
 
-  # Allow communication to children profiles
+  # Allow communication to children and stacked profiles
   signal peer=@{profile_name}//*,
+  signal peer=@{profile_name}//&*,
   unix type=stream peer=(label=@{profile_name}//*),
 
   # Allow us to create abstract and anonymous sockets