From 77d2f923b0d5a33dad1d190ea6e04836d3df3577 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Mon, 26 May 2025 23:45:10 +0200
Subject: [PATCH] feat(profile): pacman: allow landlock to restrict itself

See https://docs.kernel.org/userspace-api/landlock.html#c.sys_landlock_restrict_self

fix #750
---
 apparmor.d/groups/pacman/pacman | 1 +
 1 file changed, 1 insertion(+)

diff --git a/apparmor.d/groups/pacman/pacman b/apparmor.d/groups/pacman/pacman
index 6af9bae96..def1f2a28 100644
--- a/apparmor.d/groups/pacman/pacman
+++ b/apparmor.d/groups/pacman/pacman
@@ -27,6 +27,7 @@ profile pacman @{exec_path} flags=(attach_disconnected) {
   capability setfcap,
   capability setgid,
   capability setuid,
+  capability sys_admin,
   capability sys_chroot,
   capability sys_ptrace,
   capability sys_resource,