From d8d4ec11a611c153bae2f68aec69a7aa02c64298 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Sat, 1 Mar 2025 14:20:35 +0100
Subject: [PATCH] feat(profile): systemd-networkd: update cap.

---
 apparmor.d/groups/systemd/systemd-networkd | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/apparmor.d/groups/systemd/systemd-networkd b/apparmor.d/groups/systemd/systemd-networkd
index 619ca9dbb..20b396a72 100644
--- a/apparmor.d/groups/systemd/systemd-networkd
+++ b/apparmor.d/groups/systemd/systemd-networkd
@@ -14,10 +14,12 @@ profile systemd-networkd @{exec_path} flags=(attach_disconnected) {
   include <abstractions/bus/org.freedesktop.hostname1>
   include <abstractions/common/systemd>
 
+  capability bpf,
   capability net_admin,
   capability net_bind_service,
   capability net_broadcast,
   capability net_raw,
+  capability sys_admin,
 
   network inet dgram,
   network inet6 dgram,
@@ -61,12 +63,14 @@ profile systemd-networkd @{exec_path} flags=(attach_disconnected) {
 
   @{run}/udev/data/n@{int} r,
 
+  @{sys}/devices/@{pci}/ r,
   @{sys}/devices/@{pci}/rfkill@{int}/* r,
   @{sys}/devices/**/net/** r,
-  @{sys}/devices/@{pci}/ r,
   @{sys}/devices/virtual/dmi/id/{sys,board,bios}_vendor r,
   @{sys}/devices/virtual/dmi/id/product_name r,
   @{sys}/devices/virtual/dmi/id/product_version r,
+  @{sys}/fs/cgroup/ r,
+  @{sys}/kernel/btf/vmlinux r,
 
         @{PROC}/@{pid}/cgroup r,
         @{PROC}/pressure/* r,