From edcd1304320ec91a74fd2c62bda78b894c8d0326 Mon Sep 17 00:00:00 2001
From: Jeroen Rijken <jeroen.rijken@xs4all.nl>
Date: Sat, 9 Jul 2022 20:53:21 +0200
Subject: [PATCH] Calico profile cleanup.

---
 apparmor.d/groups/virt/calico | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/apparmor.d/groups/virt/calico b/apparmor.d/groups/virt/calico
index ac46f619..313959fb 100644
--- a/apparmor.d/groups/virt/calico
+++ b/apparmor.d/groups/virt/calico
@@ -9,17 +9,18 @@ profile calico @{exec_path} flags=(complain) {
   network inet,
   network inet6,
 
-  @{exec_path} rix,
+  @{exec_path} rm,
   @{exec_path}-ipam rix,
   
-  @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,
-  /var/lib/calico/{,**} r,
   /etc/cni/net.d/{,**}  r,
-    
+  
+  /var/lib/calico/{,**} r,
   /var/log/calico/cni/ r,
   /var/log/calico/cni/cni.log rw,
   
   @{run}/calico/ipam.lock rwk,
 
+  @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,
+
   include if exists <local/calico>
 }