From 83bff808dc0f5b4567875fd962ae33062e118cd0 Mon Sep 17 00:00:00 2001
From: Jeroen Rijken <jeroen.rijken@xs4all.nl>
Date: Wed, 7 Jun 2023 22:26:10 +0200
Subject: [PATCH] dpkg updates

Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
---
 apparmor.d/groups/children/child-dpkg | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/apparmor.d/groups/children/child-dpkg b/apparmor.d/groups/children/child-dpkg
index 174db2cc..5252f0fd 100644
--- a/apparmor.d/groups/children/child-dpkg
+++ b/apparmor.d/groups/children/child-dpkg
@@ -16,6 +16,7 @@ include <tunables/global>
 profile child-dpkg {
   include <abstractions/base>
   include <abstractions/consoles>
+  include <abstractions/nameservice-strict>
 
   capability dac_read_search,
   capability setgid,
@@ -26,11 +27,22 @@ profile child-dpkg {
   #  ERROR: ld.so: object 'libfakeroot-sysv.so' from LD_PRELOAD cannot be preloaded (cannot open
   #  shared object file): ignored.
   /{usr/,}bin/dpkg-query rpx,
+  /{usr/,}bin/dpkg-deb rPx,
+  /{usr/,}bin/dpkg-split rPx,
 
   /etc/dpkg/dpkg.cfg.d/{,*} r,
   /etc/dpkg/dpkg.cfg r,
 
+  /usr/share/doc/perl-modules-*/{,**/}*.dpkg-{new,tmp} rwl,
+  /usr/share/perl/*/{,**/}*.dpkg-{new,tmp} rwl,
+
   /var/lib/dpkg/** r,
+  /var/lib/dpkg/lock rw,
+  /var/lib/dpkg/tmp.ci/control rw,
+  /var/lib/dpkg/tmp.ci/md5sums rw,
+  /var/lib/dpkg/triggers/Lock rw,
+  /var/lib/dpkg/updates/* rw,
+  /var/log/dpkg.log ra,
 
   # file_inherit
   /tmp/#[0-9]*[0-9] rw,