From 24216d79e91ec3a2f1bff2329655b318629a9867 Mon Sep 17 00:00:00 2001
From: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Date: Wed, 13 Aug 2025 10:39:49 +0200
Subject: [PATCH] abstractions/libnuma: add rules for active usage

The current profile is for linking against libnuma. This
update adds the rules needed to get system information
when actually using libnuma functionality.

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
---
 profiles/apparmor.d/abstractions/libnuma | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/profiles/apparmor.d/abstractions/libnuma b/profiles/apparmor.d/abstractions/libnuma
index ea80cfdcc..9f761b130 100644
--- a/profiles/apparmor.d/abstractions/libnuma
+++ b/profiles/apparmor.d/abstractions/libnuma
@@ -11,12 +11,20 @@
 
   abi <abi/4.0>,
 
-  # this abstract profile can be included by applications that are
-  # dynamically linked to libnuma
+  # This abstract profile can be included by applications that are
+  # dynamically linked to libnuma.
+
   # libnuma defines the function num_init() as the .init function
   # to be called by the runtime linker (ld) when libnuma is loaded
+  # even if not any active usage of libnuma takes place
 
   @{sys}/devices/system/cpu/node/ r,
 
+  # Actually using libnuma functionality will need a few more
+  # sysfs entries to gather information about the system
+  @{sys}/devices/system/cpu/ r,
+  @{sys}/devices/system/node/node[0-9]*/meminfo r,
+  @{sys}/devices/system/node/*/cpumap r,
+
   # Include additions to the abstraction
   include if exists <abstractions/libnuma.d>
-- 
GitLab

