From fd88162c55ba88e2d146c9a4c428438e728cda12 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Fri, 11 Nov 2022 21:41:04 +0000
Subject: [PATCH] feat(profiles): disks access - add NBD devices.

---
 apparmor.d/abstractions/disks-read  | 6 ++++++
 apparmor.d/abstractions/disks-write | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/apparmor.d/abstractions/disks-read b/apparmor.d/abstractions/disks-read
index 178f9fa7..9e113882 100644
--- a/apparmor.d/abstractions/disks-read
+++ b/apparmor.d/abstractions/disks-read
@@ -53,6 +53,11 @@
   @{sys}/devices/virtual/block/zram[0-9]*/ r,
   @{sys}/devices/virtual/block/zram[0-9]*/** r,
 
+  # NBD devices
+  /dev/nbd* rk,
+  @{sys}/devices/virtual/block/nbd[0-9]*/ r,
+  @{sys}/devices/virtual/block/nbd[0-9]*/** r,
+
   # Armbian / DietPi
   @{sys}/devices/platform/{soc,*.mmc}/**/block/mmcblk[0-9]*/{,mmcblk*/}          r,
   @{sys}/devices/platform/{soc,*.mmc}/**/block/mmcblk[0-9]*/{,mmcblk*/}hidden    r,
@@ -98,6 +103,7 @@
   @{run}/udev/data/b11:[0-9]*  r, # for /dev/sr*
   @{run}/udev/data/b179:[0-9]* r, # for /dev/mmcblk*
   @{run}/udev/data/b230:[0-9]* r, # for /dev/zvol*
+  @{run}/udev/data/b43:[0-9]*  r, # for /dev/nbd*
   @{run}/udev/data/b7:[0-9]*   r, # for /dev/loop*
   @{run}/udev/data/b8:[0-9]*   r, # for /dev/sd*
 
diff --git a/apparmor.d/abstractions/disks-write b/apparmor.d/abstractions/disks-write
index f6adf946..b5898b26 100644
--- a/apparmor.d/abstractions/disks-write
+++ b/apparmor.d/abstractions/disks-write
@@ -51,6 +51,11 @@
   @{sys}/devices/virtual/block/zram[0-9]*/ r,
   @{sys}/devices/virtual/block/zram[0-9]*/** r,
 
+  # NBD devices
+  /dev/nbd* rwk,
+  @{sys}/devices/virtual/block/nbd[0-9]*/ r,
+  @{sys}/devices/virtual/block/nbd[0-9]*/** r,
+
   # Floppy disks
   /dev/fd[0-9]* rwk,
   @{sys}/devices/platform/floppy.[0-9]*/block/fd[0-9]/ r,
@@ -78,6 +83,7 @@
   @{run}/udev/data/b179:[0-9]* r, # for /dev/mmcblk*
   @{run}/udev/data/b2:[0-9]*   r, # for /dev/fd*
   @{run}/udev/data/b230:[0-9]* r, # for /dev/zvol*
+  @{run}/udev/data/b43:[0-9]*  r, # for /dev/nbd*
   @{run}/udev/data/b7:[0-9]*   r, # for /dev/loop*
   @{run}/udev/data/b8:[0-9]*   r, # for /dev/sd*