Adding apparmor-profile to allow haveged to bind to unix sockets.

Signed-off-by: Daniel Baumann <daniel@debian.org>

debian/usr.sbin.haveged

@@ -0,0 +1,28 @@
+# Last Modified: Fri Aug 21 15:23:17 2015
+#include <tunables/global>
+
+/usr/sbin/haveged {
+  #include <abstractions/base>
+  #include <abstractions/consoles>
+
+  # Required for ioctl RNDADDENTROPY
+  capability sys_admin,
+
+  network unix stream,
+
+  owner @{PROC}/@{pid}/status r,
+
+  @{PROC}/sys/kernel/osrelease r,
+  @{PROC}/sys/kernel/random/poolsize r,
+  @{PROC}/sys/kernel/random/write_wakeup_threshold w,
+  /dev/random w,
+
+  /sys/devices/system/cpu/ r,
+  /sys/devices/system/cpu/cpu*/cache/ r,
+  /sys/devices/system/cpu/cpu*/cache/index*/{type,size,level} r,
+  /usr/sbin/haveged mr,
+
+  /run/haveged.pid w,
+
+  #include <local/usr.sbin.haveged>
+}