# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
# LOGPROF-SUGGEST: no

# Add common attached path to the nameservice-strict abstraction.
#
# !!! warning
#
#     Do not use it manually, It automatically replaces the nameservice-strict abstraction in a
#     profile with the attach_disconnected flag set and the re-attached path enabled.
#

  abi <abi/4.0>,

  include <abstractions/nameservice-strict>

  # nss-systemd
  @{att}@{run}/systemd/io.systemd.NamespaceResource rw,
  @{att}@{run}/systemd/userdb/io.systemd.DynamicUser rw,
  @{att}@{run}/systemd/userdb/io.systemd.Home rw,
  @{att}@{run}/systemd/userdb/io.systemd.Multiplexer rw,
  @{att}@{run}/systemd/userdb/org.gnome.DisplayManager rw,

  include if exists <abstractions/attached/nameservice-strict.d>

# vim:syntax=apparmor
