From 1c97feb5c2a86cdb173a44aa856923b44ccdce36 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Thu, 6 Oct 2022 20:45:31 +0100
Subject: [PATCH] feat(profiles): add modprobed-db.

---
 apparmor.d/profiles-m-r/modprobed-db | 45 ++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)
 create mode 100644 apparmor.d/profiles-m-r/modprobed-db

diff --git a/apparmor.d/profiles-m-r/modprobed-db b/apparmor.d/profiles-m-r/modprobed-db
new file mode 100644
index 00000000..e609bacd
--- /dev/null
+++ b/apparmor.d/profiles-m-r/modprobed-db
@@ -0,0 +1,45 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2022 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}bin/modprobed-db
+profile modprobed-db @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/nameservice-strict>
+
+  @{exec_path} mr,
+
+  /{usr/,}bin/{,ba,da}sh    rix,
+  /{usr/,}bin/cat           rix,
+  /{usr/,}bin/cp            rix,
+  /{usr/,}bin/cut           rix,
+  /{usr/,}bin/gawk          rix,
+  /{usr/,}bin/getent        rix,
+  /{usr/,}bin/grep          rix,
+  /{usr/,}bin/logname       rix,
+  /{usr/,}bin/md5sum        rix,
+  /{usr/,}bin/rm            rix,
+  /{usr/,}bin/sed           rix,
+  /{usr/,}bin/sort          rix,
+  /{usr/,}bin/uniq          rix,
+  /{usr/,}bin/wc            rix,
+
+  /usr/share/terminfo/x/xterm-256color r,
+
+  owner @{user_config_dirs}/modprobed-db.conf r,
+  owner @{user_config_dirs}/modprobed.db rw,
+
+  owner /tmp/.inmem rw,
+  owner /tmp/.potential_new_db rw,
+
+        @{PROC}/modules r,
+  owner @{PROC}/@{pid}/loginuid r,
+
+  /dev/tty rw,
+
+  include if exists <local/modprobed-db>
+}
\ No newline at end of file