From b527256c0d6f9d19d97be3d01c29ccd1c0561c02 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Maxime=20B=C3=A9lair?= <maxime.belair@canonical.com>
Date: Wed, 19 Mar 2025 16:02:55 +0100
Subject: [PATCH] small fix for lsblk profile

Fixes bug #2103524

lsblk on some virtualized systems require access to directory
/sys/devices/LNXSYSTM:*/LNXSYBUS:*/** since block devices can be exposed
in this directory.
---
 profiles/apparmor.d/lsblk | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/profiles/apparmor.d/lsblk b/profiles/apparmor.d/lsblk
index 6d803c7fb..6041214be 100644
--- a/profiles/apparmor.d/lsblk
+++ b/profiles/apparmor.d/lsblk
@@ -26,12 +26,16 @@ profile lsblk /usr/bin/lsblk {
   @{sys}/devices/virtual/** r,
   @{sys}/devices/platform/** r,
 
+  # Needed for Hyper-V VMs (including Azure)
+  @{sys}/devices/LNXSYSTM:*/LNXSYBUS:*/** r,
+
   /dev/sr[0-9]* rk,
 
   @{run}/udev/data/** r,
 
   @{run}/mount/** r,
   @{PROC}/swaps r,
+  @{PROC}/cmdline r,
   owner @{PROC}/@{pid}/mountinfo r,
 
   include if exists <local/lsblk>