From a5ec3e559c27525a58a4595c74f105900aa57fad Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Mon, 19 Apr 2021 15:15:38 +0100
Subject: [PATCH] Disk mount fix.

---
 apparmor.d/profiles-m-z/mount   | 2 ++
 apparmor.d/profiles-m-z/udisksd | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/apparmor.d/profiles-m-z/mount b/apparmor.d/profiles-m-z/mount
index bebd4a129..ff77618c5 100644
--- a/apparmor.d/profiles-m-z/mount
+++ b/apparmor.d/profiles-m-z/mount
@@ -13,6 +13,8 @@ profile mount @{exec_path} flags=(complain) {
   include <abstractions/disks-write>
   include <abstractions/nameservice-strict>
 
+  capability chown,
+
   # To be able to mount anything
   #  mount("/dev/sdb1", "/mnt", "ext4", 0, NULL) = -1 EPERM (Operation not permitted)
   #  write(2, "/mnt: permission denied.", 24) = 24
diff --git a/apparmor.d/profiles-m-z/udisksd b/apparmor.d/profiles-m-z/udisksd
index a8c8ce2f0..986ec271c 100644
--- a/apparmor.d/profiles-m-z/udisksd
+++ b/apparmor.d/profiles-m-z/udisksd
@@ -107,6 +107,8 @@ profile udisksd @{exec_path} flags=(attach_disconnected) {
   @{sys}/class/ r,
 
   @{sys}/devices/pci[0-9]*/**/{ata,usb,mmc}[0-9]/{,**/}uevent w,
+  @{sys}/devices/virtual/block/dm-[0-9]*/ w,
+  @{sys}/devices/virtual/block/dm-[0-9]*/** w,
 
   # For powering off USB devices
   @{sys}/devices/pci[0-9]*/**/{ata,usb,mmc}[0-9]/{,**/}remove rw,
@@ -124,6 +126,7 @@ profile udisksd @{exec_path} flags=(attach_disconnected) {
   @{run}/udisks2/ rw,
   @{run}/udisks2/loop{,.*} rw,
   @{run}/udisks2/unlocked-luks{,.*} rw,
+  @{run}/udisks2/unlocked-crypto-dev{,.*} rw,
   @{run}/udisks2/mounted-fs{,.*} rw,
 
   @{run}/systemd/seats/seat[0-9]* r,