From f16dd60f1474349066be3f75f8cbb1806c840afd Mon Sep 17 00:00:00 2001
From: Louis Sautier <sautier.louis@gmail.com>
Date: Tue, 1 Jul 2025 20:37:28 +0200
Subject: [PATCH] lsblk: allow access to PCI buses with hex chars

This fixes the following error when a block device's PCI bus starts with
a non-decimal hex character and `lsblk /dev/nvme2n1` is executed:
```
audit: type=1400 audit(1751394406.516:554): apparmor="DENIED" operation="open" class="file" profile="lsblk" name="/sys/devices/pci0000:a0/0000:a0:01.1/0000:a1:00.0/nvme/nvme2/nvme2n1/" pid=164652 comm="lsblk" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
```
I used hex4 and hex2 as it matches the example from
https://docs.kernel.org/PCI/sysfs-pci.html and also because lspci(8)
says:
> domains are numbered from 0 to ffff
>
> bus (0 to ff)

Bug: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2111604
Signed-off-by: Louis Sautier <sautier.louis@gmail.com>
---
 profiles/apparmor.d/lsblk | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/profiles/apparmor.d/lsblk b/profiles/apparmor.d/lsblk
index 7f565984a..c91e70845 100644
--- a/profiles/apparmor.d/lsblk
+++ b/profiles/apparmor.d/lsblk
@@ -23,7 +23,7 @@ profile lsblk /usr/bin/lsblk {
   @{sys}/class/block/ r,
   @{sys}/dev/block/ r,
 
-  @{sys}/devices/pci@{int}:@{int}/** r,
+  @{sys}/devices/pci@{hex4}:@{hex2}/** r,
   @{sys}/devices/virtual/** r,
   @{sys}/devices/platform/** r,