From 13b8c8d2327a6a4be91a4d00c5f9f446e9b42dc9 Mon Sep 17 00:00:00 2001
From: valoq <valoq@mailbox.org>
Date: Wed, 10 Sep 2025 12:23:41 +0200
Subject: [PATCH 1/3] add search tools

---
 apparmor.d/profiles-a-f/fd | 21 +++++++++++++++++++++
 apparmor.d/profiles-m-r/rg | 21 +++++++++++++++++++++
 2 files changed, 42 insertions(+)
 create mode 100644 apparmor.d/profiles-a-f/fd
 create mode 100644 apparmor.d/profiles-m-r/rg

diff --git a/apparmor.d/profiles-a-f/fd b/apparmor.d/profiles-a-f/fd
new file mode 100644
index 000000000..da281c82d
--- /dev/null
+++ b/apparmor.d/profiles-a-f/fd
@@ -0,0 +1,21 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2025 valoq <valoq@mailbox.ofd>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/4.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{bin}/fd
+profile fd @{exec_path}  {
+  include <abstractions/base>
+
+  ## Allow reading the entire filesystem to search for filenames
+  /{,**} r,
+
+  @{exec_path} mr,
+
+  include if exists <local/fd>
+}
+
+# vim:syntax=apparmor
diff --git a/apparmor.d/profiles-m-r/rg b/apparmor.d/profiles-m-r/rg
new file mode 100644
index 000000000..d2638c904
--- /dev/null
+++ b/apparmor.d/profiles-m-r/rg
@@ -0,0 +1,21 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2025 valoq <valoq@mailbox.org>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/4.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{bin}/rg
+profile rg @{exec_path}  {
+  include <abstractions/base>
+
+  ## Allow reading the entire filesystem to search for strings
+  /{,**} r,
+
+  @{exec_path} mr,
+
+  include if exists <local/rg>
+}
+
+# vim:syntax=apparmor

From 4bceadb8c135fc3abfb4f7a72434c8d98f99fe9f Mon Sep 17 00:00:00 2001
From: valoq <valoq@mailbox.org>
Date: Sun, 14 Sep 2025 13:42:12 +0200
Subject: [PATCH 2/3] Update rg

fix permission order
---
 apparmor.d/profiles-m-r/rg | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/apparmor.d/profiles-m-r/rg b/apparmor.d/profiles-m-r/rg
index d2638c904..856f1f532 100644
--- a/apparmor.d/profiles-m-r/rg
+++ b/apparmor.d/profiles-m-r/rg
@@ -10,11 +10,11 @@ include <tunables/global>
 profile rg @{exec_path}  {
   include <abstractions/base>
 
+  @{exec_path} mr,
+
   ## Allow reading the entire filesystem to search for strings
   /{,**} r,
 
-  @{exec_path} mr,
-
   include if exists <local/rg>
 }
 

From 0a8a4b47bab504ee3ed18b037a42d226c87a9e81 Mon Sep 17 00:00:00 2001
From: valoq <valoq@mailbox.org>
Date: Sun, 14 Sep 2025 13:42:40 +0200
Subject: [PATCH 3/3] Update fd

fix permission order
---
 apparmor.d/profiles-a-f/fd | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/apparmor.d/profiles-a-f/fd b/apparmor.d/profiles-a-f/fd
index da281c82d..1913ba7d5 100644
--- a/apparmor.d/profiles-a-f/fd
+++ b/apparmor.d/profiles-a-f/fd
@@ -10,11 +10,11 @@ include <tunables/global>
 profile fd @{exec_path}  {
   include <abstractions/base>
 
+  @{exec_path} mr,
+
   ## Allow reading the entire filesystem to search for filenames
   /{,**} r,
 
-  @{exec_path} mr,
-
   include if exists <local/fd>
 }