From f87ce6bbb2abdb0e1f1aee2035d21d959d3c994f Mon Sep 17 00:00:00 2001
From: Gerorge Liao <george.liao@canonical.com>
Date: Fri, 10 Jan 2025 12:28:40 +0100
Subject: [PATCH] [apparmor] Added the right permission for the bridge_helper
 exec

---
 src/platform/backends/qemu/qemu_vm_process_spec.cpp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/platform/backends/qemu/qemu_vm_process_spec.cpp b/src/platform/backends/qemu/qemu_vm_process_spec.cpp
index 4d9884c2f4..d70db89d9a 100644
--- a/src/platform/backends/qemu/qemu_vm_process_spec.cpp
+++ b/src/platform/backends/qemu/qemu_vm_process_spec.cpp
@@ -123,6 +123,10 @@ profile %1 flags=(attach_disconnected) {
   capability setgid,
   capability setuid,
 
+  # for bridge helper
+  capability net_admin,
+  capability net_raw,
+
   network inet stream,
   network inet6 stream,
 
@@ -154,7 +158,7 @@ profile %1 flags=(attach_disconnected) {
   /{usr/,}bin/cat rmix,
 
   # to execute bridge helper
-  %4/bin/bridge_helper,
+  %4/bin/bridge_helper ix,
 
   # for restore
   /{usr/,}bin/bash rmix,