From 29e00fe11ff3aa79e4f149d022b81d52169dae5d Mon Sep 17 00:00:00 2001
From: Alex Murray <alex.murray@canonical.com>
Date: Tue, 10 Dec 2024 12:00:13 +1030
Subject: [PATCH] profiles/apparmor.d/rygel: silence unneeded /{dev,sys}
 accesses

Signed-off-by: Alex Murray <alex.murray@canonical.com>
---
 profiles/apparmor.d/rygel | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/profiles/apparmor.d/rygel b/profiles/apparmor.d/rygel
index 741114d19..99373e8d0 100644
--- a/profiles/apparmor.d/rygel
+++ b/profiles/apparmor.d/rygel
@@ -22,8 +22,10 @@ profile rygel /usr/bin/rygel {
   include <abstractions/freedesktop.org>
   include <abstractions/nameservice>
 
-  # gst-plugin-scanner tries to probe various things and inherit fds
+  # gst-plugin-scanner tries to probe various things and inherit fds but
+  # explicitly deny others as they are not needed and are noisy
   file r /dev/{,urandom,null},
+  deny file /{dev,sys}/** r,
 
   file r @{etc_ro}/rygel.conf,