From 7679ac49b11e8245bae1abb2bdce2514a601811a Mon Sep 17 00:00:00 2001
From: Jamie Strandboge <jamie@ubuntu.com>
Date: Mon, 8 Apr 2013 20:11:43 -0500
Subject: [PATCH] add read access to @{PROC}/sys/vm/overcommit_memory as used
 by glibc. See
 http://sourceware.org/git/?p=glibc.git;a=commit;h=9fab36eb583c0e585e83a01253299afed9ea9a11

Acked-By: Jamie Strandboge <jamie@canonical.com>
Acked-by: John Johansen <john.johansen@canonical.com>
Acked-By: Seth Arnold <seth.arnold@canonical.com>
---
 profiles/apparmor.d/abstractions/base | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/profiles/apparmor.d/abstractions/base b/profiles/apparmor.d/abstractions/base
index 1dc5cf7df..bcc2554d8 100644
--- a/profiles/apparmor.d/abstractions/base
+++ b/profiles/apparmor.d/abstractions/base
@@ -100,6 +100,9 @@
   # glibc statvfs
   @{PROC}/filesystems            r,
 
+  # glibc malloc (man 5 proc)
+  @{PROC}/sys/vm/overcommit_memory r,
+
   # Workaround https://launchpad.net/bugs/359338 until upstream handles stacked
   # filesystems generally. This does not appreciably decrease security with
   # Ubuntu profiles because the user is expected to have access to files owned