Bug#860951: ejabberd: apparmor profile missing "m" perm for su

[Philipp Huebner]

Hi,

thank you for forwarding issue+patch to the Debian BTS!
However, I cannot confirm this issue on my Debian systems with active 
AppArmor and ejabberd 16.09 from backports.

A diff between the profile in the 16.01 Ubuntu package and current HEAD 
(for 16.09) is attached, could you try out that one instead?

You can download the complete file here:
http://git.deb.at/w/pkg/ejabberd.git/blob/HEAD:/debian/usr.sbin.ejabberdctl

Regards,
--
 .''`.   Philipp Huebner <debala...@debian.org>
: :'  :  pgp fp: 6719 25C5 B8CD E74A 5225  3DF9 E5CA 8C49 25E4 205F
`. `'`
  `-
--- usr.sbin.ejabberdctl	2016-02-05 19:05:04.000000000 +0100
+++ /home/debalance/usr.sbin.ejabberdctl	2017-04-23 11:20:46.979560622 +0200
@@ -12,6 +12,7 @@
 	/bin/dash					rmix,
 	/bin/date					ix,
 	/bin/grep					ix,
+	/bin/ps						ix,
 	/bin/sed					ix,
 	/bin/sleep					ix,
 
@@ -43,13 +44,15 @@
 	}
 
 
-	/etc/ejabberd**					r,
 	/etc/default/ejabberd				r,
+	/etc/ejabberd**					r,
+	/etc/ImageMagick**				r,
 
 	/run/ejabberd**					rw,
 
 	/sys/devices/system/cpu**			r,
 	/sys/devices/system/node**			r,
+	/proc/sys/kernel/random/uuid			r,
 
 	/usr/bin/cut					ix,
 	/usr/bin/erl					ix,
@@ -58,18 +61,24 @@
 	/usr/bin/getent					ix,
 	/usr/bin/id					ix,
 	/usr/bin/seq					ix,
+	/usr/bin/uuidgen				ix,
 
 	/usr/lib/erlang/bin/erl				ix,
 	/usr/lib/erlang/erts-*/bin/beam*		ix,
 	/usr/lib/erlang/erts-*/bin/child_setup		ix,
 	/usr/lib/erlang/erts-*/bin/epmd			ix,
+	/usr/lib/erlang/erts-*/bin/erl_child_setup	ix,
 	/usr/lib/erlang/erts-*/bin/erlexec		ix,
 	/usr/lib/erlang/erts-*/bin/inet_gethost		ix,
 	/usr/lib/erlang/lib/**.so			rm,
 	/usr/lib/erlang/p1_pam/bin/epam			px -> /usr/sbin/ejabberdctl//su,
 
+	/usr/lib/x86_64-linux-gnu/ImageMagick-*/**	ix,
+
 	/usr/sbin/ejabberdctl				r,
 
+	/usr/share/ImageMagick-*/**			rix,
+
 	/var/backups/					rw,
 	/var/backups/ejabberd**				rwlk,
 	/var/lib/ejabberd**				rw,