From 17d187e93be814ef42f0ea7235c614ad737788db Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Wed, 22 Nov 2023 20:55:47 +0000
Subject: [PATCH] feat(profiles): ensure apparmor_parser works with snap.

---
 apparmor.d/profiles-a-f/apparmor_parser | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/apparmor.d/profiles-a-f/apparmor_parser b/apparmor.d/profiles-a-f/apparmor_parser
index 763954e4..ee7b5a19 100644
--- a/apparmor.d/profiles-a-f/apparmor_parser
+++ b/apparmor.d/profiles-a-f/apparmor_parser
@@ -1,12 +1,14 @@
 # apparmor.d - Full set of apparmor profiles
-# Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io>
+# Copyright (C) 2021-2023 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
 abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = @{bin}/apparmor_parser
+@{lib_dirs} = @{lib}/ /snap/snapd/@{int}@{lib}
+
+@{exec_path} = @{bin}/apparmor_parser @{lib_dirs}/snapd/apparmor_parser
 profile apparmor_parser @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/consoles>
@@ -15,6 +17,8 @@ profile apparmor_parser @{exec_path} flags=(attach_disconnected) {
 
   @{exec_path} mr,
 
+  @{lib_dirs}/snapd/apparmor.d/{,**} r,
+
   /etc/apparmor/{,**} r,
   /etc/apparmor.d/{,**} r,
   /etc/apparmor.d/cache.d/{,**} rw,