From 03881d5614dd8a3c3ac9f2061dd55183480c867f Mon Sep 17 00:00:00 2001
From: Jeroen Rijken <jeroen.rijken@xs4all.nl>
Date: Sat, 30 Jul 2022 12:24:59 +0200
Subject: [PATCH] Add capability, dbus and some proc

---
 apparmor.d/profiles-s-z/zsysd | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/apparmor.d/profiles-s-z/zsysd b/apparmor.d/profiles-s-z/zsysd
index b9e94212..644d05dd 100644
--- a/apparmor.d/profiles-s-z/zsysd
+++ b/apparmor.d/profiles-s-z/zsysd
@@ -11,6 +11,13 @@ profile zsysctl @{exec_path} flags=(complain) {
   include <abstractions/base>
   include <abstractions/dbus-strict>
 
+  capability sys_ptrace,
+  capability sys_admin,
+
+  dbus send bus=system path=/org/freedesktop/PolicyKit1/Authority
+       interface=org.freedesktop.PolicyKit1.Authority
+       member=CheckAuthorization,
+
   @{exec_path}          rm,
   /{usr/,}bin/zsysctl   rix,
   /{usr/,}bin/zsysd     rix,
@@ -27,9 +34,11 @@ profile zsysctl @{exec_path} flags=(complain) {
   @{run}/zsys-snapshot.unattended-upgrades rw,
   @{run}/zsysd.sock rw,
 
-  @{PROC}/@{pids}/mounts r,
-  @{PROC}/filesystems r,
-  @{PROC}/sys/kernel/spl/hostid r,
+        @{PROC}/@{pids}/mounts r,
+        @{PROC}/cmdline r,
+  owner @{PROC}/@{pids}/stats r,
+        @{PROC}/filesystems r,
+        @{PROC}/sys/kernel/spl/hostid r,
 
   @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,