# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2019-2021 Mikhail Morfikov
# Copyright (C) 2023-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only

abi <abi/4.0>,

include <tunables/global>

@{exec_path} = @{sbin}/parted
profile parted @{exec_path} {
  include <abstractions/base>
  include <abstractions/disks-write>

  capability sys_admin,
  capability sys_rawio,

  ptrace read,

  @{exec_path} mr,

  @{sh_path}        rix,

  @{bin}/udevadm    rCx -> udevadm,
  @{sbin}/dmidecode rPx,

  /etc/inputrc r,

  owner @{user_img_dirs}/{,**} rwk,

        @{PROC}/devices r,
        @{PROC}/swaps r,
  owner @{PROC}/@{pid}/mounts r,

  profile udevadm {
    include <abstractions/base>
    include <abstractions/app/udevadm>
    include <abstractions/disks-write>

    owner @{user_img_dirs}/{,**} rwk,

    include if exists <local/parted_udevadm>
  }

  include if exists <local/parted>
}

# vim:syntax=apparmor