apparmor: ubuntu_pro_esm_cache: also allow the disconnected attach fo…

…r child profiles and other main profiles too
canonical · Mar 12, 2024 · bee9cc5 · bee9cc5
1 parent 73eb5b2
commit bee9cc5
Showing 1 changed file with 7 additions and 7 deletions.
diff --git a/debian/apparmor/ubuntu_pro_esm_cache.jinja2 b/debian/apparmor/ubuntu_pro_esm_cache.jinja2
@@ -87,7 +87,7 @@ profile ubuntu_pro_esm_cache flags=(attach_disconnected) {
   /usr/bin/@{multiarch}-objdump rix,
 {% endif %}
 
-  profile cloud_id {
+  profile cloud_id flags=(attach_disconnected) {
     include <abstractions/base>
     include <abstractions/nameservice>
     include <abstractions/python>
@@ -138,7 +138,7 @@ profile ubuntu_pro_esm_cache flags=(attach_disconnected) {
 
   }
 
-  profile dpkg {
+  profile dpkg flags=(attach_disconnected) {
     include <abstractions/base>
 
     capability setgid,
@@ -149,7 +149,7 @@ profile ubuntu_pro_esm_cache flags=(attach_disconnected) {
 
   }
 
-  profile ubuntu_distro_info {
+  profile ubuntu_distro_info flags=(attach_disconnected) {
     include <abstractions/base>
 
     /usr/bin/ubuntu-distro-info mr,
@@ -158,7 +158,7 @@ profile ubuntu_pro_esm_cache flags=(attach_disconnected) {
 
   }
 
-  profile apt_methods {
+  profile apt_methods flags=(attach_disconnected) {
     include <abstractions/base>
     include <abstractions/nameservice>
     include <abstractions/ssl_certs>
@@ -189,7 +189,7 @@ profile ubuntu_pro_esm_cache flags=(attach_disconnected) {
 
   }
 
-  profile apt_methods_gpgv {
+  profile apt_methods_gpgv flags=(attach_disconnected) {
     include <abstractions/base>
     include <abstractions/nameservice>
     include <abstractions/ssl_certs>
@@ -228,7 +228,7 @@ profile ubuntu_pro_esm_cache flags=(attach_disconnected) {
   # b) <= bionic doesn't like the // or - chars in profile names
   # https://gitlab.com/apparmor/apparmor/-/commit/99755daafb8cfde4df542b66f656597a482129ac
 
-  profile ubuntu_pro_esm_cache_systemctl {
+  profile ubuntu_pro_esm_cache_systemctl flags=(attach_disconnected) {
     include <abstractions/base>
 
     capability net_admin,
@@ -247,7 +247,7 @@ profile ubuntu_pro_esm_cache flags=(attach_disconnected) {
     @{PROC}/sys/kernel/osrelease r,
   }
 
-  profile ubuntu_pro_esm_cache_systemd_detect_virt {
+  profile ubuntu_pro_esm_cache_systemd_detect_virt flags=(attach_disconnected) {
     include <abstractions/base>
 
     capability sys_ptrace,