From d567f5156e22500915ab6e5f9f15d07f7aa182a2 Mon Sep 17 00:00:00 2001
From: Nishit Majithia <nishit.nm@gmail.com>
Date: Fri, 30 Aug 2024 20:24:42 +0530
Subject: [PATCH] socat: minor fix in the profile

 - Use @{bin}
 - Allow executable mapping and read for the binary

Signed-off-by: Nishit Majithia <nishit.nm@gmail.com>
---
 apparmor.d/groups/network/socat | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/apparmor.d/groups/network/socat b/apparmor.d/groups/network/socat
index 847b3636b..df5e874d1 100644
--- a/apparmor.d/groups/network/socat
+++ b/apparmor.d/groups/network/socat
@@ -7,7 +7,7 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = /usr/bin/socat
+@{exec_path} = @{bin}/socat
 profile socat @{exec_path} {
   include <abstractions/base>
   include <abstractions/nameservice-strict>
@@ -29,6 +29,8 @@ profile socat @{exec_path} {
   # fuctionalities that is why it is necessary to allow whole `network`
   network,
 
+  @{exec_path} mr,
+
   # Enale /dev/ptmx access for testsuite
   # /dev/ptmx rw,