From ad4bfab4f22d8decb271fe7958890601ccc4e3e9 Mon Sep 17 00:00:00 2001
From: Roman Beslik <me@beroal.in.ua>
Date: Sat, 26 Apr 2025 22:04:27 +0300
Subject: [PATCH] loginctl-linger

---
 apparmor.d/groups/systemd/loginctl       | 1 +
 apparmor.d/groups/systemd/systemd-logind | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/apparmor.d/groups/systemd/loginctl b/apparmor.d/groups/systemd/loginctl
index ca43277aa..a6406ab70 100644
--- a/apparmor.d/groups/systemd/loginctl
+++ b/apparmor.d/groups/systemd/loginctl
@@ -12,6 +12,7 @@ profile loginctl @{exec_path} flags=(attach_disconnected) {
   include <abstractions/consoles>
   include <abstractions/bus-system>
   include <abstractions/common/systemd>
+  include <abstractions/nameservice-strict>
 
   capability net_admin,
   capability sys_resource,
diff --git a/apparmor.d/groups/systemd/systemd-logind b/apparmor.d/groups/systemd/systemd-logind
index a879d02ec..a56e16298 100644
--- a/apparmor.d/groups/systemd/systemd-logind
+++ b/apparmor.d/groups/systemd/systemd-logind
@@ -56,7 +56,7 @@ profile systemd-logind @{exec_path} flags=(attach_disconnected) {
   /swap/swapfile r,
   /swapfile r,
 
-  /var/lib/systemd/linger/ r,
+  /var/lib/systemd/linger/{,@{user}} rw,
 
   @{run}/.#nologin* rw,
   @{run}/credentials/getty@tty@{int}.service/ r,