diff --git a/apparmor.d/groups/network/netplan.script b/apparmor.d/groups/network/netplan.script index 5bffd6d95..094726865 100644 --- a/apparmor.d/groups/network/netplan.script +++ b/apparmor.d/groups/network/netplan.script @@ -40,6 +40,8 @@ profile netplan.script @{exec_path} flags=(attach_disconnected) { include include + capability net_admin, + include if exists } diff --git a/apparmor.d/groups/snap/snap b/apparmor.d/groups/snap/snap index 4911e128e..dffe5e2e1 100644 --- a/apparmor.d/groups/snap/snap +++ b/apparmor.d/groups/snap/snap @@ -37,6 +37,7 @@ profile snap @{exec_path} flags=(attach_disconnected) { #aa:dbus talk bus=session name=io.snapcraft.PrivilegedDesktopLauncher label=snap.snap-store.snap-store #aa:dbus talk bus=session name=org.freedesktop.systemd1 label="@{p_systemd_user}" + #aa:dbus talk bus=system name=org.freedesktop.systemd1 label="@{p_systemd}" dbus send bus=session path=/org/freedesktop/portal/documents interface=org.freedesktop.portal.Documents diff --git a/apparmor.d/groups/snap/snapd b/apparmor.d/groups/snap/snapd index cde0d7a23..c32d33ded 100644 --- a/apparmor.d/groups/snap/snapd +++ b/apparmor.d/groups/snap/snapd @@ -187,6 +187,8 @@ profile snapd @{exec_path} { capability net_admin, capability sys_resource, + network netlink raw, + /etc/systemd/system/{,**/} r, /etc/systemd/system/snap* rw, /etc/systemd/user/{,**/} rw, diff --git a/apparmor.d/groups/systemd/hostnamectl b/apparmor.d/groups/systemd/hostnamectl index a0dd945a5..dcbe9a46f 100644 --- a/apparmor.d/groups/systemd/hostnamectl +++ b/apparmor.d/groups/systemd/hostnamectl @@ -16,6 +16,10 @@ profile hostnamectl @{exec_path} { capability net_admin, #aa:dbus talk bus=system name=org.freedesktop.hostname1 label=systemd-hostnamed + dbus send bus=system path=/org/freedesktop/hostname1 + interface=org.freedesktop.DBus.Properties + member=GetAll + peer=(name=org.freedesktop.hostname1), @{exec_path} mr,