From 435cf47359d0931584800780ec99cbb66d1cf2e7 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Tue, 9 Jul 2024 12:10:21 +0100
Subject: [PATCH] fix: ensure dkms module can be installed on system update.

fix #377
---
 apparmor.d/groups/pacman/pacman-hook-dkms | 3 ++-
 dists/flags/main.flags                    | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/apparmor.d/groups/pacman/pacman-hook-dkms b/apparmor.d/groups/pacman/pacman-hook-dkms
index 8d0fb58c..fd449cd1 100644
--- a/apparmor.d/groups/pacman/pacman-hook-dkms
+++ b/apparmor.d/groups/pacman/pacman-hook-dkms
@@ -14,6 +14,8 @@ profile pacman-hook-dkms @{exec_path} flags=(attach_disconnected) {
   capability dac_read_search,
   capability mknod,
 
+  network unix stream,
+
   @{exec_path} mr,
 
   @{sh_path}    rix,
@@ -31,7 +33,6 @@ profile pacman-hook-dkms @{exec_path} flags=(attach_disconnected) {
   # Inherit Silencer
   deny network inet stream,
   deny network inet6 stream,
-  deny unix (receive) type=stream,
 
   include if exists <local/pacman-hook-dkms>
 }
diff --git a/dists/flags/main.flags b/dists/flags/main.flags
index 8bb7843b..bff50ba9 100644
--- a/dists/flags/main.flags
+++ b/dists/flags/main.flags
@@ -254,6 +254,7 @@ ollama attach_disconnected,complain
 os-prober attach_disconnected,complain
 package-data-downloader complain
 packagekitd attach_disconnected,complain
+pacman-hook-dkms complain
 pam_kwallet_init complain
 pam-tmpdir-helper complain
 passim complain