From a792c4cb4eb1cee268d3d40bb3f5a3d677900c05 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Tue, 14 Jun 2022 19:09:50 +0100
Subject: [PATCH] feat(profiles): add some missing ubuntu profiles.

---
 apparmor.d/groups/ubuntu/apt-esm-json-hook    | 16 +++++++
 apparmor.d/groups/ubuntu/release-upgrade-motd | 21 +++++++++
 .../groups/ubuntu/update-motd-fsck-at-reboot  | 46 +++++++++++++++++++
 3 files changed, 83 insertions(+)
 create mode 100644 apparmor.d/groups/ubuntu/apt-esm-json-hook
 create mode 100644 apparmor.d/groups/ubuntu/release-upgrade-motd
 create mode 100644 apparmor.d/groups/ubuntu/update-motd-fsck-at-reboot

diff --git a/apparmor.d/groups/ubuntu/apt-esm-json-hook b/apparmor.d/groups/ubuntu/apt-esm-json-hook
new file mode 100644
index 00000000..31af9923
--- /dev/null
+++ b/apparmor.d/groups/ubuntu/apt-esm-json-hook
@@ -0,0 +1,16 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2022 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}lib/ubuntu-advantage/apt-esm-json-hook
+profile apt-esm-json-hook @{exec_path} {
+  include <abstractions/base>
+
+  @{exec_path} mr,
+
+  include if exists <local/apt-esm-json-hook>
+}
\ No newline at end of file
diff --git a/apparmor.d/groups/ubuntu/release-upgrade-motd b/apparmor.d/groups/ubuntu/release-upgrade-motd
new file mode 100644
index 00000000..e47fbf14
--- /dev/null
+++ b/apparmor.d/groups/ubuntu/release-upgrade-motd
@@ -0,0 +1,21 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2022 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}lib/ubuntu-release-upgrader/release-upgrade-motd
+profile release-upgrade-motd @{exec_path} {
+  include <abstractions/base>
+
+  @{exec_path} mr,
+
+  /{usr/,}bin/{,ba,da}sh  rix,
+  /{usr/,}bin/date        rix,
+  /{usr/,}bin/expr        rix,
+  /{usr/,}bin/stat        rix,
+
+  include if exists <local/release-upgrade-motd>
+}
\ No newline at end of file
diff --git a/apparmor.d/groups/ubuntu/update-motd-fsck-at-reboot b/apparmor.d/groups/ubuntu/update-motd-fsck-at-reboot
new file mode 100644
index 00000000..8a443243
--- /dev/null
+++ b/apparmor.d/groups/ubuntu/update-motd-fsck-at-reboot
@@ -0,0 +1,46 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2022 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}lib/update-notifier/update-motd-fsck-at-reboot
+profile update-motd-fsck-at-reboot @{exec_path} {
+  include <abstractions/base>
+
+  @{exec_path} mr,
+
+  /{usr/,}{s,}bin/dumpe2fs  rPx,
+  /{usr/,}bin/{,ba,da}sh    rix,
+  /{usr/,}bin/{m,}awk       rix,
+  /{usr/,}bin/cat           rix,
+  /{usr/,}bin/cut           rix,
+  /{usr/,}bin/date          rix,
+  /{usr/,}bin/grep          rix,
+  /{usr/,}bin/id            rix,
+  /{usr/,}bin/mount         rCx -> mount,
+  /{usr/,}bin/stat          rix,
+
+  /var/lib/update-notifier/fsck-at-reboot rw,
+
+  @{PROC}/uptime r,
+
+  profile mount {
+    include <abstractions/base>
+
+    /{usr/,}bin/mount mr,
+
+    @{run}/mount/utab r,
+
+    @{sys}/devices/virtual/block/**/ r,
+    @{sys}/devices/virtual/block/**/autoclear r,
+    @{sys}/devices/virtual/block/**/backing_file r,
+
+    @{PROC}/@{pid}/mountinfo r,
+
+  }
+
+  include if exists <local/update-motd-fsck-at-reboot>
+}
\ No newline at end of file