From e7dc2fbf06ffb3089976ac6b478fb96b59dac08f Mon Sep 17 00:00:00 2001
From: npwc <51269503+npwc@users.noreply.github.com>
Date: Wed, 24 Jan 2024 20:53:14 +0000
Subject: [PATCH] Create profile for sing-box (#273)

* Create profile for sing-box

* Update sing-box
---
 apparmor.d/profiles-s-z/sing-box | 33 ++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 apparmor.d/profiles-s-z/sing-box

diff --git a/apparmor.d/profiles-s-z/sing-box b/apparmor.d/profiles-s-z/sing-box
new file mode 100644
index 00000000..0ebe76ad
--- /dev/null
+++ b/apparmor.d/profiles-s-z/sing-box
@@ -0,0 +1,33 @@
+# apparmor.d - Full set of apparmor profiles
+# SPDX-License-Identifier: GPL-2.0-only
+
+# https://github.com/SagerNet/sing-box
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{bin}/sing-box
+profile sing-box @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/nameservice-strict>
+  include <abstractions/user-tmp>
+
+  capability net_bind_service,
+
+  network inet stream,
+  network inet6 stream,
+  network inet dgram,
+  network inet6 dgram,
+
+  /proc/meminfo r,
+  /sys/kernel/mm/transparent_hugepage/hpage_pmd_size r,
+
+  @{bin}/tor mrix,
+  @{bin}/sing-box mr,
+  /usr/{,local/}share/sing-box/geoip.db r,
+  /usr/{,local/}share/sing-box/geosite.db r,
+
+  owner /{,usr/local/}etc/sing-box/config.json r,
+  owner @{user_share_dirs}/certmagic/** rw,
+}