From 50b0e09a9ad141d391b9cbd3c632ec869cf9500d Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Tue, 10 Sep 2024 18:15:27 +0100
Subject: [PATCH] feat(profile): add fstrim.

---
 apparmor.d/profiles-a-f/fstrim | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 apparmor.d/profiles-a-f/fstrim

diff --git a/apparmor.d/profiles-a-f/fstrim b/apparmor.d/profiles-a-f/fstrim
new file mode 100644
index 00000000..e4910804
--- /dev/null
+++ b/apparmor.d/profiles-a-f/fstrim
@@ -0,0 +1,31 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{bin}/fstrim
+profile fstrim @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/disks-write>
+
+  capability dac_override,
+  capability sys_admin,
+
+  @{exec_path} mr,
+
+  /etc/fstab r,
+
+  @{HOMEDIRS}/ r,
+  @{MOUNTDIRS}/ r,
+  @{MOUNTS}/ r,
+  / r,
+  /boot/ r,
+  /var/ r,
+
+  include if exists <local/fstrim>
+}
+
+# vim:syntax=apparmor