From 77eb8c3c11a0b8983567aca7d48f370fb978a073 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Sun, 9 Feb 2025 20:26:52 +0100
Subject: [PATCH] feat(profile): minor update.

---
 apparmor.d/groups/virt/dockerd     | 2 +-
 apparmor.d/profiles-a-f/fractal    | 4 +++-
 apparmor.d/profiles-m-r/mount-cifs | 1 +
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/apparmor.d/groups/virt/dockerd b/apparmor.d/groups/virt/dockerd
index 13f050c7..2e2d3635 100644
--- a/apparmor.d/groups/virt/dockerd
+++ b/apparmor.d/groups/virt/dockerd
@@ -85,7 +85,7 @@ profile dockerd @{exec_path} flags=(attach_disconnected) {
   owner /var/lib/docker/tmp/qemu-check@{int}/check rix,
 
   /tmp/build/ w,
-  /tmp/containerd-mount@{int10}/{,**} rw,
+  /tmp/containerd-mount@{int}/{,**} rw,
 
   owner @{run}/docker/ rw,
   owner @{run}/docker/** rwlk,
diff --git a/apparmor.d/profiles-a-f/fractal b/apparmor.d/profiles-a-f/fractal
index 6dfb8445..9de5761c 100644
--- a/apparmor.d/profiles-a-f/fractal
+++ b/apparmor.d/profiles-a-f/fractal
@@ -33,11 +33,13 @@ profile fractal @{exec_path} flags=(attach_disconnected) {
 
   owner @{tmp}/.@{rand6} rw,
   owner @{tmp}/.goutputstream-@{rand6} rw,
-  owner @{tmp}/@{rand6} rw,
+
+  owner @{run}/user/@{uid}/fractal/{,**} rw,
 
         @{PROC}/sys/net/ipv6/conf/all/disable_ipv6 r,
   owner @{PROC}/@{pid}/cgroup r,
   owner @{PROC}/@{pid}/mountinfo r,
+  owner @{PROC}/@{pid}/stat r,
 
   /dev/ r,
 
diff --git a/apparmor.d/profiles-m-r/mount-cifs b/apparmor.d/profiles-m-r/mount-cifs
index 190db34d..899ab080 100644
--- a/apparmor.d/profiles-m-r/mount-cifs
+++ b/apparmor.d/profiles-m-r/mount-cifs
@@ -40,6 +40,7 @@ profile mount-cifs @{exec_path} flags=(complain) {
   @{bin}/systemd-ask-password rPUx,
 
   /etc/fstab r,
+  /etc/sync-credentials r,
 
   owner @{HOME}/.smbcredentials r,