From 02fdc0cf27c16f5884e0d8806cab44e20bbdce5f69ef3159b6b9d2e897307a4e Mon Sep 17 00:00:00 2001
From: Marcus Rueckert <mrueckert@suse.com>
Date: Fri, 31 May 2024 12:09:35 +0000
Subject: [PATCH 1/2] - AppArmor: allow haprox to read the files needed for the
 "p   post_mortem" support

OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=303
---
 haproxy.changes           |  6 ++++++
 usr.sbin.haproxy.apparmor | 13 +++++++++++++
 2 files changed, 19 insertions(+)

diff --git a/haproxy.changes b/haproxy.changes
index 3798402..aea0e67 100644
--- a/haproxy.changes
+++ b/haproxy.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri May 31 12:07:48 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
+
+- AppArmor: allow haprox to read the files needed for the "p
+  post_mortem" support
+
 -------------------------------------------------------------------
 Wed May 29 14:00:25 UTC 2024 - mrueckert@suse.de
 
diff --git a/usr.sbin.haproxy.apparmor b/usr.sbin.haproxy.apparmor
index c698d15..2bc5b5b 100644
--- a/usr.sbin.haproxy.apparmor
+++ b/usr.sbin.haproxy.apparmor
@@ -38,7 +38,20 @@ profile haproxy /usr/sbin/haproxy {
   /{,var/}run/haproxy/pid rw,
   /{,var/}run/haproxy/master.sock* rwlk,
 
+  # This is for the additional debug output in haproxy >= 2.9
+  # can be accessed with "p post_mortem" in gdb
   /sys/devices/system/node/ r,
+  /sys/devices/system/node/*/cpumap r,
+  /sys/devices/system/cpu/online r,
+  /sys/class/dmi/id/sys_vendor r,
+  /sys/class/dmi/id/product_family r,
+  /sys/class/dmi/id/product_name r,
+  /sys/class/dmi/id/board_vendor r,
+  /sys/firmware/devicetree/base/model r,
+  /sys/class/dmi/id/board_name r,
+  /proc/2/status r,
+  /proc/cpuinfo r,
+  # end of debug.c files
 
   # Site-specific additions and overrides. See local/README for details.
   #include if exists <local/haproxy>

From b2ffc054b894f268e57abeaaf84ac94d98f9d753a4afe07e3c21d268f0e82cf4 Mon Sep 17 00:00:00 2001
From: Marcus Rueckert <mrueckert@suse.com>
Date: Fri, 31 May 2024 13:00:07 +0000
Subject: [PATCH 2/2] fix typo

OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=304
---
 haproxy.changes | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/haproxy.changes b/haproxy.changes
index aea0e67..b0614c4 100644
--- a/haproxy.changes
+++ b/haproxy.changes
@@ -1,8 +1,8 @@
 -------------------------------------------------------------------
 Fri May 31 12:07:48 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
 
-- AppArmor: allow haprox to read the files needed for the "p
-  post_mortem" support
+- AppArmor: allow haproxy to read the files needed for the
+  "p post_mortem" support
 
 -------------------------------------------------------------------
 Wed May 29 14:00:25 UTC 2024 - mrueckert@suse.de