Merge abstractions/libnuma: add rules for active usage

The current profile is for linking against libnuma. This update adds the rules needed to get system information when actually using libnuma functionality. MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1768 Approved-by: Georgia Garcia <georgia.garcia@canonical.com> Approved-by: Christian Boltz <apparmor@cboltz.de> Merged-by: Christian Boltz <apparmor@cboltz.de>
2025-08-21 17:47:10 +00:00 · 2025-08-14 13:06:22 +00:00 · 2025-08-14 13:06:22 +00:00 · 9c5064529a
commit 9c5064529a
parent 862d8ec9fc 24216d79e9
1 changed files with 10 additions and 2 deletions
--- a/profiles/apparmor.d/abstractions/libnuma
+++ b/profiles/apparmor.d/abstractions/libnuma
@ -11,12 +11,20 @@

  abi <abi/4.0>,

-  # this abstract profile can be included by applications that are
-  # dynamically linked to libnuma
+  # This abstract profile can be included by applications that are
+  # dynamically linked to libnuma.
+
  # libnuma defines the function num_init() as the .init function
  # to be called by the runtime linker (ld) when libnuma is loaded
+  # even if not any active usage of libnuma takes place

  @{sys}/devices/system/cpu/node/ r,

+  # Actually using libnuma functionality will need a few more
+  # sysfs entries to gather information about the system
+  @{sys}/devices/system/cpu/ r,
+  @{sys}/devices/system/node/node[0-9]*/meminfo r,
+  @{sys}/devices/system/node/*/cpumap r,
+
  # Include additions to the abstraction
  include if exists <abstractions/libnuma.d>