# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
# LOGPROF-SUGGEST: no

  # Do not use it manually, It automatically replaces the consoles abstraction in a
  # profile with the attach_disconnected flag set and the re-attached path enabled.

  abi <abi/4.0>,

  include <abstractions/nameservice-strict>

  # nss-systemd
  @{att}@{run}/systemd/io.systemd.NamespaceResource rw,
  @{att}@{run}/systemd/userdb/io.systemd.DynamicUser rw,
  @{att}@{run}/systemd/userdb/io.systemd.Home rw,
  @{att}@{run}/systemd/userdb/io.systemd.Multiplexer rw,
  @{att}@{run}/systemd/userdb/org.gnome.DisplayManager rw,

  include if exists <abstractions/attached/nameservice-strict.d>

# vim:syntax=apparmor
