From 7361c21c401bfa0cf0c3eb3cb0bbcb9b534b7501 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Sun, 25 May 2025 15:14:56 +0200
Subject: [PATCH] feat(profile): add mdadm-mkconf.

---
 apparmor.d/profiles-m-r/mdadm-mkconf | 30 ++++++++++++++++++++++++++++
 dists/flags/main.flags               |  1 +
 2 files changed, 31 insertions(+)
 create mode 100644 apparmor.d/profiles-m-r/mdadm-mkconf

diff --git a/apparmor.d/profiles-m-r/mdadm-mkconf b/apparmor.d/profiles-m-r/mdadm-mkconf
new file mode 100644
index 000000000..8139ac68e
--- /dev/null
+++ b/apparmor.d/profiles-m-r/mdadm-mkconf
@@ -0,0 +1,30 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2025 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/4.0>,
+
+include <tunables/global>
+
+@{exec_path} = /usr/share/mdadm/mkconf
+profile mdadm-mkconf @{exec_path} {
+  include <abstractions/base>
+
+  @{exec_path} mr,
+
+  @{sh_path}       r,
+  @{bin}/date     ix,
+  @{bin}/cat      ix,
+  @{bin}/sed      ix,
+  @{sbin}/mdadm   Px,
+
+  /etc/default/mdadm r,
+
+  / r,
+
+  /var/tmp/mkinitramfs_@{rand6}/etc/mdadm/mdadm.conf.tmp rw,
+
+  include if exists <local/mdadm-mkconf>
+}
+
+# vim:syntax=apparmor
diff --git a/dists/flags/main.flags b/dists/flags/main.flags
index 6c29eba15..e27c76bc2 100644
--- a/dists/flags/main.flags
+++ b/dists/flags/main.flags
@@ -237,6 +237,7 @@ lvmdump complain
 lvmpolld complain
 man complain
 mate-notification-daemon complain
+mdadm-mkconf complain
 ModemManager attach_disconnected,complain
 mount attach_disconnected,complain
 multipath attach_disconnected,complain