From a84f0b540c77241acdd5e7a5013b7a0d1d9c5eb1 Mon Sep 17 00:00:00 2001
From: Jeroen Rijken <jeroen.rijken@xs4all.nl>
Date: Mon, 5 Jun 2023 21:18:32 +0200
Subject: [PATCH] Add unix domain socket

Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
---
 apparmor.d/groups/ssh/sshfs | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/apparmor.d/groups/ssh/sshfs b/apparmor.d/groups/ssh/sshfs
index 4ded5371..ff1c2b89 100644
--- a/apparmor.d/groups/ssh/sshfs
+++ b/apparmor.d/groups/ssh/sshfs
@@ -12,6 +12,8 @@ profile sshfs @{exec_path} flags=(complain) {
 
   @{exec_path} mr,
 
+  unix (connect, send, receive) type=stream peer=(label="sshfs//fusermount",addr=none),
+
   /{usr/,}bin/ssh            rPx,
   /{usr/,}bin/fusermount{,3} rCx -> fusermount,
 
@@ -23,13 +25,15 @@ profile sshfs @{exec_path} flags=(complain) {
   @{PROC}/sys/fs/pipe-max-size r,
 
 
-  profile fusermount {
+  profile fusermount flags=(complain) {
     include <abstractions/base>
     include <abstractions/nameservice-strict>
 
     # To mount anything:
     capability sys_admin,
 
+    unix (connect, send, receive) type=stream peer=(label="sshfs",addr=none),
+
     /{usr/,}bin/fusermount{,3} mr,
 
     mount fstype={fuse,fuse.sshfs} -> @{HOME}/*/,