From fa317ad91b7a5bdac87955105aa5844a69d529b9 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Thu, 1 May 2025 20:40:26 +0200
Subject: [PATCH] feat(profile): improve netplan generator.

---
 apparmor.d/groups/network/netplan-generate | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/apparmor.d/groups/network/netplan-generate b/apparmor.d/groups/network/netplan-generate
index 60ec7656f..64f8399e1 100644
--- a/apparmor.d/groups/network/netplan-generate
+++ b/apparmor.d/groups/network/netplan-generate
@@ -21,9 +21,11 @@ profile netplan-generate @{exec_path} flags=(attach_disconnected) {
 
   /etc/netplan/{,*} r,
 
+  @{run}/NetworkManager/ rw,
+  @{run}/NetworkManager/conf.d/ rw,
   @{run}/NetworkManager/conf.d/@{int}-globally-managed-devices.conf rw,
   @{run}/NetworkManager/conf.d/@{int}-globally-managed-devices.conf.@{rand6} rw,
-  @{run}/NetworkManager/system-connections/ r,
+  @{run}/NetworkManager/system-connections/ rw,
   @{run}/NetworkManager/system-connections/* rw,
 
   @{run}/systemd/generator/multi-user.target.wants/ w,
@@ -43,13 +45,13 @@ profile netplan-generate @{exec_path} flags=(attach_disconnected) {
   @{run}/udev/rules.d/ rw,
   @{run}/udev/rules.d/@{int}-netplan{,-*}.rules{,.@{rand6}} rw,
 
-  @{sys}/devices/**/net/*/address r,
-
   @{run}/netplan/ r,
 
   @{run}/udev/rules.d/ r,
   @{run}/udev/rules.d/@{int}-netplan{,-*}.rules{,.@{rand6}} rw,
 
+  @{sys}/devices/**/net/*/address r,
+
   profile systemctl {
     include <abstractions/base>
     include <abstractions/app/systemctl>