# This AppArmor profile is part of the prometheus-smartctl_exporter package
# Georg Pfuetzenreuter <mail+apparmor@georg-pfuetzenreuter.net>

abi <abi/3.0>,

include <tunables/global>

/usr/sbin/smartctl_exporter {
  include <abstractions/base>

  network inet stream,
  network inet6 stream,

  /usr/sbin/smartctl_exporter mr,
  /usr/sbin/smartctl Cx -> smartctl,

  /proc/sys/net/core/somaxconn r,
  /proc/[1-9]*/{fd/,limits,stat} r,

  /sys/kernel/mm/transparent_hugepage/hpage_pmd_size r,

  profile smartctl {
    include <abstractions/base>

    capability sys_rawio,

    /usr/sbin/smartctl mr,

    /etc/smart_drivedb.h r,
    /usr/share/smartmontools/drivedb.h r,

    /dev/{,*} r,
    /proc/devices r,
    /sys/class/scsi_host/ r,
    /sys/devices/pci*/*/*/*/*host*/**/proc_name r,

  }

  include if exists <local/prometheus-smartctl_exporter>
}
