From c29927ea2ffa0501d9ba6b6a3c90d323241db6ce Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Tue, 28 Jan 2025 23:28:11 +0100
Subject: [PATCH] fix(profile): ensure all child-open* profiles share the same
 flags.

fix #630
---
 apparmor.d/groups/children/child-open          | 2 +-
 apparmor.d/groups/children/child-open-browsers | 2 +-
 apparmor.d/groups/children/child-open-help     | 2 +-
 apparmor.d/groups/children/child-open-strict   | 2 +-
 dists/flags/main.flags                         | 1 -
 5 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/apparmor.d/groups/children/child-open b/apparmor.d/groups/children/child-open
index 6804326aa..84b1d1ea1 100644
--- a/apparmor.d/groups/children/child-open
+++ b/apparmor.d/groups/children/child-open
@@ -19,7 +19,7 @@ abi <abi/4.0>,
 
 include <tunables/global>
 
-profile child-open flags=(attach_disconnected) {
+profile child-open flags=(attach_disconnected,mediate_deleted) {
   include <abstractions/base>
   include <abstractions/app-open>
   include <abstractions/app/open>
diff --git a/apparmor.d/groups/children/child-open-browsers b/apparmor.d/groups/children/child-open-browsers
index 6873ea2fc..473276bff 100644
--- a/apparmor.d/groups/children/child-open-browsers
+++ b/apparmor.d/groups/children/child-open-browsers
@@ -15,7 +15,7 @@ abi <abi/4.0>,
 
 include <tunables/global>
 
-profile child-open-browsers flags=(attach_disconnected) {
+profile child-open-browsers flags=(attach_disconnected,mediate_deleted) {
   include <abstractions/base>
   include <abstractions/app/open>
 
diff --git a/apparmor.d/groups/children/child-open-help b/apparmor.d/groups/children/child-open-help
index d70cd920a..1150d16d3 100644
--- a/apparmor.d/groups/children/child-open-help
+++ b/apparmor.d/groups/children/child-open-help
@@ -6,7 +6,7 @@ abi <abi/4.0>,
 
 include <tunables/global>
 
-profile child-open-help {
+profile child-open-help flags=(attach_disconnected,mediate_deleted) {
   include <abstractions/base>
   include <abstractions/app/open>
 
diff --git a/apparmor.d/groups/children/child-open-strict b/apparmor.d/groups/children/child-open-strict
index 98bbdcdb9..7faf52185 100644
--- a/apparmor.d/groups/children/child-open-strict
+++ b/apparmor.d/groups/children/child-open-strict
@@ -11,7 +11,7 @@ abi <abi/4.0>,
 
 include <tunables/global>
 
-profile child-open-strict {
+profile child-open-strict flags=(attach_disconnected,mediate_deleted) {
   include <abstractions/base>
   include <abstractions/app/open>
 
diff --git a/dists/flags/main.flags b/dists/flags/main.flags
index 70bbd4a36..cf38d2756 100644
--- a/dists/flags/main.flags
+++ b/dists/flags/main.flags
@@ -45,7 +45,6 @@ calibre complain
 cc-remote-login-helper complain
 cctk complain
 child-modprobe-nvidia attach_disconnected,complain
-child-open attach_disconnected,complain
 cockpit-askpass complain
 cockpit-bridge complain
 cockpit-certificate-ensure attach_disconnected,complain