From 70aa5fdbb2a039625b08d305abdce52a2b04f936 Mon Sep 17 00:00:00 2001
From: Jeroen Rijken <jeroen.rijken@xs4all.nl>
Date: Sat, 16 Jul 2022 21:20:30 +0200
Subject: [PATCH] Small fixes

---
 apparmor.d/abstractions/disks-read  | 8 ++++----
 apparmor.d/groups/virt/cni-loopback | 2 +-
 apparmor.d/groups/virt/containerd   | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/apparmor.d/abstractions/disks-read b/apparmor.d/abstractions/disks-read
index 1399c2c4..178f9fa7 100644
--- a/apparmor.d/abstractions/disks-read
+++ b/apparmor.d/abstractions/disks-read
@@ -8,7 +8,7 @@
 
   /dev/ r,
   /dev/block/ r,
-  /dev/disk/*/ r,
+  /dev/disk/{,*/} r,
 
   # Regular disk/partition devices
   /dev/{s,v}d[a-z]* rk,
@@ -37,14 +37,14 @@
 
   # LUKS/LVM (device-mapper) devices
   /dev/dm-[0-9]* rk,
-  /dev/mapper/* r,
+  /dev/mapper/{,*} r,
   @{sys}/devices/virtual/block/dm-[0-9]*/ r,
   @{sys}/devices/virtual/block/dm-[0-9]*/** r,
 
   # ZFS devices
   /dev/zd[0-9]* rk,
-  /dev/zvol/ r,
-  /dev/zvol/*/ r,
+  /dev/zvol/{,*/} r,
+  /dev/*pool/ r,
   @{sys}/devices/virtual/block/zd[0-9]*/ r,
   @{sys}/devices/virtual/block/zd[0-9]*/** r,
 
diff --git a/apparmor.d/groups/virt/cni-loopback b/apparmor.d/groups/virt/cni-loopback
index da2cd4a0..f1e29c59 100644
--- a/apparmor.d/groups/virt/cni-loopback
+++ b/apparmor.d/groups/virt/cni-loopback
@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path} = /{usr/,}lib/cni/loopback /opt/cni/bin/loopback
-profile cni-loopback @{exec_path} {
+profile cni-loopback @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
 
   @{exec_path} mr,
diff --git a/apparmor.d/groups/virt/containerd b/apparmor.d/groups/virt/containerd
index f1be9889..db5899a6 100644
--- a/apparmor.d/groups/virt/containerd
+++ b/apparmor.d/groups/virt/containerd
@@ -56,7 +56,7 @@ profile containerd @{exec_path} flags=(attach_disconnected) {
 
   /opt/containerd/{,**} rw,
 
-  /var/lib/cni/results/cni-loopback-@{uuid}-lo l,
+  /var/lib/cni/results/cni-loopback-@{uuid}-lo wl,
   /var/lib/containerd/{,**} rwk,
   /var/lib/containerd/tmpmounts/containerd-mount[0-9]*/** l,
   /var/lib/docker/containerd/{,**} rwk,