From cc78bedddaff3a658f50efe88e425c18d9f483c7 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Tue, 14 Jun 2022 19:03:46 +0100
Subject: [PATCH] feat(profiles): disks add support for zfs.

---
 apparmor.d/abstractions/disks-read  | 29 ++++++++++++----------------
 apparmor.d/abstractions/disks-write | 30 ++++++++++++++---------------
 2 files changed, 27 insertions(+), 32 deletions(-)

diff --git a/apparmor.d/abstractions/disks-read b/apparmor.d/abstractions/disks-read
index 09cca718..146a45be 100644
--- a/apparmor.d/abstractions/disks-read
+++ b/apparmor.d/abstractions/disks-read
@@ -38,6 +38,11 @@
   @{sys}/devices/virtual/block/dm-[0-9]*/ r,
   @{sys}/devices/virtual/block/dm-[0-9]*/** r,
 
+  # ZFS devices
+  /dev/zd[0-9]* rk,
+  @{sys}/devices/virtual/block/zd[0-9]*/ r,
+  @{sys}/devices/virtual/block/zd[0-9]*/** r,
+
   # ZRAM devices
   /dev/zram[0-9]* rk,
   @{sys}/devices/virtual/block/zram[0-9]*/ r,
@@ -81,27 +86,17 @@
   # changes, it's better to allow the whole range (240-254) instead of the single major numbers
   # visible in the /proc/devices file.
   # [1]: https://raw.githubusercontent.com/torvalds/linux/master/Documentation/admin-guide/devices.txt
-  @{run}/udev/data/b254:[0-9]* r, # for dynamic kernel assignment of block devices
-  @{run}/udev/data/b253:[0-9]* r, # for dynamic kernel assignment of block devices
-  @{run}/udev/data/b252:[0-9]* r, # for dynamic kernel assignment of block devices
-  @{run}/udev/data/b251:[0-9]* r, # for dynamic kernel assignment of block devices
-  @{run}/udev/data/b250:[0-9]* r, # for dynamic kernel assignment of block devices
-  @{run}/udev/data/b249:[0-9]* r, # for dynamic kernel assignment of block devices
-  @{run}/udev/data/b248:[0-9]* r, # for dynamic kernel assignment of block devices
-  @{run}/udev/data/b247:[0-9]* r, # for dynamic kernel assignment of block devices
-  @{run}/udev/data/b246:[0-9]* r, # for dynamic kernel assignment of block devices
-  @{run}/udev/data/b245:[0-9]* r, # for dynamic kernel assignment of block devices
-  @{run}/udev/data/b244:[0-9]* r, # for dynamic kernel assignment of block devices
-  @{run}/udev/data/b243:[0-9]* r, # for dynamic kernel assignment of block devices
-  @{run}/udev/data/b242:[0-9]* r, # for dynamic kernel assignment of block devices
-  @{run}/udev/data/b241:[0-9]* r, # for dynamic kernel assignment of block devices
-  @{run}/udev/data/b240:[0-9]* r, # for dynamic kernel assignment of block devices
+  @{run}/udev/data/b252:[0-9]* r,
+  @{run}/udev/data/b253:[0-9]* r,
   @{run}/udev/data/b259:[0-9]* r,
+  @{run}/udev/data/c24[0-9]:[0-9]* r,
+  @{run}/udev/data/c25[0-4]:[0-9]* r,
 
-  @{run}/udev/data/b179:[0-9]* r, # for /dev/mmcblk*
+  @{run}/udev/data/b230:[0-9]* r, # /dev/zvol*
   @{run}/udev/data/b11:[0-9]*  r, # for /dev/sr*
-  @{run}/udev/data/b8:[0-9]*   r, # for /dev/sd*
+  @{run}/udev/data/b179:[0-9]* r, # for /dev/mmcblk*
   @{run}/udev/data/b7:[0-9]*   r, # for /dev/loop*
+  @{run}/udev/data/b8:[0-9]*   r, # for /dev/sd*
 
   @{run}/udev/data/c189:[0-9]* r, # for /dev/bus/usb/**
 
diff --git a/apparmor.d/abstractions/disks-write b/apparmor.d/abstractions/disks-write
index ec836de5..e72a8906 100644
--- a/apparmor.d/abstractions/disks-write
+++ b/apparmor.d/abstractions/disks-write
@@ -39,6 +39,11 @@
   @{sys}/devices/virtual/block/dm-[0-9]*/ r,
   @{sys}/devices/virtual/block/dm-[0-9]*/** r,
 
+  # ZFS devices
+  /dev/zd[0-9]* rwk,
+  @{sys}/devices/virtual/block/zd[0-9]*/ r,
+  @{sys}/devices/virtual/block/zd[0-9]*/** r,
+
   # ZRAM devices
   /dev/zram[0-9]* rwk,
   @{sys}/devices/virtual/block/zram[0-9]*/ r,
@@ -63,22 +68,17 @@
   # changes, it's better to allow the whole range (240-254) instead of the single major numbers
   # visible in the /proc/devices file.
   # [1]: https://raw.githubusercontent.com/torvalds/linux/master/Documentation/admin-guide/devices.txt
-  @{run}/udev/data/b254:[0-9]* r, # for dynamic kernel assignment of block devices
-  @{run}/udev/data/b253:[0-9]* r, # for dynamic kernel assignment of block devices
-  @{run}/udev/data/b252:[0-9]* r, # for dynamic kernel assignment of block devices
-  @{run}/udev/data/b251:[0-9]* r, # for dynamic kernel assignment of block devices
-  @{run}/udev/data/b250:[0-9]* r, # for dynamic kernel assignment of block devices
-  @{run}/udev/data/b249:[0-9]* r, # for dynamic kernel assignment of block devices
-  @{run}/udev/data/b248:[0-9]* r, # for dynamic kernel assignment of block devices
-  @{run}/udev/data/b247:[0-9]* r, # for dynamic kernel assignment of block devices
-  @{run}/udev/data/b246:[0-9]* r, # for dynamic kernel assignment of block devices
-  @{run}/udev/data/b245:[0-9]* r, # for dynamic kernel assignment of block devices
-  @{run}/udev/data/b244:[0-9]* r, # for dynamic kernel assignment of block devices
-  @{run}/udev/data/b243:[0-9]* r, # for dynamic kernel assignment of block devices
-  @{run}/udev/data/b242:[0-9]* r, # for dynamic kernel assignment of block devices
-  @{run}/udev/data/b241:[0-9]* r, # for dynamic kernel assignment of block devices
-  @{run}/udev/data/b240:[0-9]* r, # for dynamic kernel assignment of block devices
+  @{run}/udev/data/b252:[0-9]* r,
+  @{run}/udev/data/b253:[0-9]* r,
   @{run}/udev/data/b259:[0-9]* r,
+  @{run}/udev/data/c24[0-9]:[0-9]* r,
+  @{run}/udev/data/c25[0-4]:[0-9]* r,
+
+  @{run}/udev/data/b230:[0-9]* r, # /dev/zvol*
+  @{run}/udev/data/b11:[0-9]*  r, # for /dev/sr*
+  @{run}/udev/data/b179:[0-9]* r, # for /dev/mmcblk*
+  @{run}/udev/data/b7:[0-9]*   r, # for /dev/loop*
+  @{run}/udev/data/b8:[0-9]*   r, # for /dev/sd*
 
   @{run}/udev/data/b179:[0-9]* r, # for /dev/mmcblk*
   @{run}/udev/data/b11:[0-9]*  r, # for /dev/sr*