From d6cd1af9c89450ba9e712ff36590fa7527b17674 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Sun, 23 Oct 2022 11:26:42 +0100
Subject: [PATCH] feat(profiles): add initial version of nmcli.

---
 apparmor.d/groups/network/nmcli | 38 +++++++++++++++++++++++++++++++++
 dists/flags/main.flags          |  1 +
 2 files changed, 39 insertions(+)
 create mode 100644 apparmor.d/groups/network/nmcli

diff --git a/apparmor.d/groups/network/nmcli b/apparmor.d/groups/network/nmcli
new file mode 100644
index 00000000..d86dec49
--- /dev/null
+++ b/apparmor.d/groups/network/nmcli
@@ -0,0 +1,38 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2022 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = /{usr/,}bin/nmcli
+profile nmcli @{exec_path} {
+  include <abstractions/base>
+
+  capability dac_read_search,
+  capability sys_nice,
+
+  @{exec_path} mr,
+
+  /{usr/,}bin/less rCx -> pager,
+
+  @{run}/udev/data/+pci* r,
+  @{run}/udev/data/n[0-9]* r,
+
+  @{sys}/devices/virtual/net/{,**} r,
+  @{sys}/devices/pci[0-9]*/**/net/*/{,**} r,
+
+  profile pager {
+    include <abstractions/base>
+    include <abstractions/consoles>
+
+    /{usr/,}bin/less  mr,
+
+    owner @{HOME}/.lesshs* rw,
+    owner @{user_cache_dirs}/.lesshs* rw,
+
+  }
+
+  include if exists <local/nmcli>
+}
\ No newline at end of file
diff --git a/dists/flags/main.flags b/dists/flags/main.flags
index 57a3e8e4..e50ce3a9 100644
--- a/dists/flags/main.flags
+++ b/dists/flags/main.flags
@@ -120,6 +120,7 @@ needrestart-iucode-scan-versions complain
 networkd-dispatcher complain
 nft complain
 nmap complain
+nmcli complain
 nullmailer-send complain
 packagekitd attach_disconnected,complain
 pass complain