From 90dc8487669ab0d83c8f86971a1bae4ff501ace1 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Fri, 9 Dec 2022 18:55:42 +0000
Subject: [PATCH] feat(profiles): mkinitcpio support for systemd hooks.

---
 apparmor.d/groups/pacman/mkinitcpio | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/apparmor.d/groups/pacman/mkinitcpio b/apparmor.d/groups/pacman/mkinitcpio
index dca90329..69289f06 100644
--- a/apparmor.d/groups/pacman/mkinitcpio
+++ b/apparmor.d/groups/pacman/mkinitcpio
@@ -30,7 +30,9 @@ profile mkinitcpio @{exec_path} flags=(attach_disconnected) {
   /{usr/,}bin/find                rix,
   /{usr/,}bin/findmnt             rPx,
   /{usr/,}bin/fsck                rix,
+  /{usr/,}bin/getent              rix,
   /{usr/,}bin/grep                rix,
+  /{usr/,}bin/gzip                rix,
   /{usr/,}bin/hexdump             rix,
   /{usr/,}bin/install             rix,
   /{usr/,}bin/ldconfig            rix,
@@ -51,6 +53,7 @@ profile mkinitcpio @{exec_path} flags=(attach_disconnected) {
   /{usr/,}bin/tput                rix,
   /{usr/,}bin/uname               rix,
   /{usr/,}bin/xz                  rix,
+  /{usr/,}bin/zcat                rix,
   /{usr/,}bin/zstd                rix,
 
   /{usr/,}bin/{depmod,insmod}     rPx,
@@ -81,8 +84,9 @@ profile mkinitcpio @{exec_path} flags=(attach_disconnected) {
   # Can copy any program to the initframs
   /{usr/,}bin/ r,
   /{usr/,}bin/[a-z0-9]* mr,
+  /{usr/,}lib/ r,
   /{usr/,}lib/plymouth/plymouthd-* mr,
-  /{usr/,}lib/systemd/systemd-* mr,
+  /{usr/,}lib/systemd/{,**} mr,
   /{usr/,}lib/udev/[a-z0-9]* mr,
 
   # Manage /boot