# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2025 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only

# LTTng is an open source tracing framework for Linux - https://lttng.org
#
# Lttng tracing is very noisy and should not be allowed by confined apps.

  abi <abi/4.0>,

  deny       @{run}/shm/lttng-ust-@{int} rw,
  deny owner @{run}/shm/lttng-ust-@{int}-@{uid} rw,
  deny owner @{run}/shm/lttng-ust-@{int}-@{int} rw,

  deny       /dev/shm/lttng-ust-wait-@{int} rw,
  deny owner /dev/shm/lttng-ust-wait-@{int}-@{int} rw,
  deny owner /dev/shm/lttng-ust-wait-@{int}-@{uid} rw,

  include if exists <abstractions/lttng.d>

# vim:syntax=apparmor
