From 17520a94bf1be89d5025722ab4397b911dcbcd71 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Fri, 10 Jan 2025 00:09:24 +0100
Subject: [PATCH] feat(profile): improve snap & login bus.

---
 apparmor.d/abstractions/bus/org.freedesktop.login1 | 2 +-
 apparmor.d/profiles-s-z/snap                       | 1 +
 apparmor.d/profiles-s-z/snapd                      | 1 +
 3 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/apparmor.d/abstractions/bus/org.freedesktop.login1 b/apparmor.d/abstractions/bus/org.freedesktop.login1
index 77271fe2..385c7573 100644
--- a/apparmor.d/abstractions/bus/org.freedesktop.login1
+++ b/apparmor.d/abstractions/bus/org.freedesktop.login1
@@ -21,7 +21,7 @@
 
   dbus receive bus=system path=/org/freedesktop/login1
        interface=org.freedesktop.login1.Manager
-       member={SessionNew,SessionRemoved,UserNew,UserRemoved,PrepareFor*}
+       member={SessionNew,SessionRemoved,UserNew,UserRemoved,SeatNew,PrepareFor*}
        peer=(name="{@{busname},org.freedesktop.login1}", label=systemd-logind),
 
   dbus send bus=system path=/org/freedesktop/login1
diff --git a/apparmor.d/profiles-s-z/snap b/apparmor.d/profiles-s-z/snap
index aa1f6b2b..cdb01d14 100644
--- a/apparmor.d/profiles-s-z/snap
+++ b/apparmor.d/profiles-s-z/snap
@@ -73,6 +73,7 @@ profile snap @{exec_path} {
   @{run}/mount/utab r,
   @{run}/snapd.socket rw,
 
+  @{sys}/fs/cgroup/cgroup.controllers r,
   @{sys}/kernel/security/apparmor/features/{,**} r,
 
         @{PROC}/@{pids}/cgroup r,
diff --git a/apparmor.d/profiles-s-z/snapd b/apparmor.d/profiles-s-z/snapd
index 250005f5..4e383b77 100644
--- a/apparmor.d/profiles-s-z/snapd
+++ b/apparmor.d/profiles-s-z/snapd
@@ -153,6 +153,7 @@ profile snapd @{exec_path} {
   @{run}/systemd/private rw,
 
   @{sys}/fs/cgroup/{,*/} r,
+  @{sys}/fs/cgroup/cgroup.controllers r,
   @{sys}/fs/cgroup/system.slice/{,**/} r,
   @{sys}/fs/cgroup/user.slice/ r,
   @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/{,**/} r,