From 7c3fcf260ceb13bab0936c22c118d7b745ec8582 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Sat, 1 Oct 2022 18:46:32 +0100
Subject: [PATCH] feat(profiles): add systemd-id128.

---
 apparmor.d/groups/systemd/systemd-id128 | 20 ++++++++++++++++++++
 dists/flags/main.flags                  |  1 +
 2 files changed, 21 insertions(+)
 create mode 100644 apparmor.d/groups/systemd/systemd-id128

diff --git a/apparmor.d/groups/systemd/systemd-id128 b/apparmor.d/groups/systemd/systemd-id128
new file mode 100644
index 00000000..34e44382
--- /dev/null
+++ b/apparmor.d/groups/systemd/systemd-id128
@@ -0,0 +1,20 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2022 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}bin/systemd-id128
+profile systemd-id128 @{exec_path} {
+  include <abstractions/base>
+
+  @{exec_path} mr,
+
+  /etc/machine-id r,
+
+  @{PROC}/sys/kernel/random/boot_id r,
+
+  include if exists <local/systemd-id128>
+}
diff --git a/dists/flags/main.flags b/dists/flags/main.flags
index 908c127d..5c751c8f 100644
--- a/dists/flags/main.flags
+++ b/dists/flags/main.flags
@@ -171,6 +171,7 @@ systemd-environment-d-generator complain
 systemd-escape complain
 systemd-hostnamed attach_disconnected,complain
 systemd-hwdb attach_disconnected,complain
+systemd-id128 complain
 systemd-localed attach_disconnected,complain
 systemd-logind attach_disconnected,complain
 systemd-machine-id-setup complain