From d448e3ea087fafe5779089af7733af7541aa8b95 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Sun, 10 Nov 2024 19:23:02 +0000
Subject: [PATCH] fix(profile): ensure keepass can check program calling its
 secret service.

fix #582
---
 apparmor.d/profiles-g-l/keepassxc | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/apparmor.d/profiles-g-l/keepassxc b/apparmor.d/profiles-g-l/keepassxc
index f48113b02..90a65a84b 100644
--- a/apparmor.d/profiles-g-l/keepassxc
+++ b/apparmor.d/profiles-g-l/keepassxc
@@ -83,12 +83,13 @@ profile keepassxc @{exec_path} {
   owner @{run}/user/@{uid}/org.keepassxc.KeePassXC.BrowserServer w,
   owner @{run}/user/@{uid}/org.keepassxc.KeePassXC/ w,
 
-             @{PROC}/@{pids}/comm r,
-             @{PROC}/modules r,
-       owner @{PROC}/@{pid}/mountinfo r,
-       owner @{PROC}/@{pid}/mounts r,
-  deny       @{PROC}/sys/kernel/random/boot_id r,
-  deny owner @{PROC}/@{pid}/cmdline r,
+        @{PROC}/@{pid}/comm r,
+        @{PROC}/@{pid}/stat r,
+        @{PROC}/modules r,
+        @{PROC}/sys/kernel/random/boot_id r,
+  owner @{PROC}/@{pid}/cmdline r,
+  owner @{PROC}/@{pid}/mountinfo r, 
+  owner @{PROC}/@{pid}/mounts r,
 
         /dev/shm/#@{int} rw,
         /dev/tty rw,