From c969faf6e813eb9f311be907fc1a5b3bf8e336e4 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Thu, 1 May 2025 19:46:32 +0200
Subject: [PATCH] feat(profile): add initial version of sshd-auth.

Fix #725
---
 apparmor.d/groups/ssh/sshd | 1 +
 dists/flags/main.flags     | 1 +
 2 files changed, 2 insertions(+)

diff --git a/apparmor.d/groups/ssh/sshd b/apparmor.d/groups/ssh/sshd
index 3ae1326d8..fe5a6f1cd 100644
--- a/apparmor.d/groups/ssh/sshd
+++ b/apparmor.d/groups/ssh/sshd
@@ -65,6 +65,7 @@ profile sshd @{exec_path} flags=(attach_disconnected) {
   @{sbin}/nologin                   rPx,
   @{bin}/passwd                     rPx,
   @{lib}/{openssh,ssh}/sftp-server  rPx,
+  @{lib}/{openssh,ssh}/sshd-auth    rPx,
   @{lib}/{openssh,ssh}/sshd-session rix,
 
   @{etc_ro}/environment r,
diff --git a/dists/flags/main.flags b/dists/flags/main.flags
index 453d5f73a..e57be4377 100644
--- a/dists/flags/main.flags
+++ b/dists/flags/main.flags
@@ -292,6 +292,7 @@ snapd complain
 snapd-apparmor complain
 snapshot complain
 speech-dispatcher complain
+sshd-auth complain
 ssservice complain
 startplasma complain
 startx attach_disconnected,complain