From 8c591c90ab32bc598878f3005567ad65d00f75cb Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Sun, 13 Apr 2025 19:28:59 +0200
Subject: [PATCH] feat(profile): journalctl minor improvments.

---
 apparmor.d/groups/systemd/journalctl | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/apparmor.d/groups/systemd/journalctl b/apparmor.d/groups/systemd/journalctl
index 36fbd9e75..bc061cfe5 100644
--- a/apparmor.d/groups/systemd/journalctl
+++ b/apparmor.d/groups/systemd/journalctl
@@ -20,8 +20,10 @@ profile journalctl @{exec_path} flags=(attach_disconnected) {
   capability net_admin,
   capability sys_resource,
 
-  signal (receive) set=(term) peer=cockpit-bridge,
-  signal (send) peer=child-pager,
+  network netlink raw,
+
+  signal receive set=term peer=cockpit-bridge,
+  signal send peer=child-pager,
 
   @{exec_path} mr,
 
@@ -49,6 +51,7 @@ profile journalctl @{exec_path} flags=(attach_disconnected) {
 
   @{run}/host/container-manager r,
   @{run}/systemd/journal/io.systemd.journal rw,
+  @{run}/systemd/notify rw,
 
         @{PROC}/sys/fs/nr_open r,
   owner @{PROC}/@{pid}/cgroup r,