feat(profile): add snapd-apparmor

apparmor.d/profiles-s-z/snapd-apparmor

@@ -0,0 +1,28 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2023 Alexandre Pujol <[email protected]>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{lib_dirs} = @{lib}/ /snap/snapd/@{int}@{lib}
+
+@{exec_path} = @{lib_dirs}/snapd/snapd-apparmor
+profile snapd-apparmor @{exec_path} {
+  include <abstractions/base>
+
+  @{exec_path} mrix,
+
+  @{bin}/systemd-detect-virt         rPx,
+  @{lib_dirs}/snapd/apparmor_parser  rPx,
+
+  @{lib_dirs}/snapd/info r,
+
+  /var/lib/snapd/apparmor/profiles/ r,
+
+
+  @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,
+
+  include if exists <local/snapd-apparmor>
+}

dists/flags/main.flags

@@ -257,12 +257,16 @@ sddm attach_disconnected,mediate_deleted,complain
 sftp-server complain
 slirp4netns attach_disconnected,complain
 snap complain
+snap-bootstrap complain
 snap-device-helper complain
 snap-discard-ns complain
 snap-failure complain
+snap-repair complain
 snap-seccomp complain
 snap-update-ns complain
 snapd complain
+snapd-apparmor complain
+snapd-core-fixup complain
 spice-vdagent complain
 spice-vdagentd attach_disconnected,complain
 ssh complain