AppArmor: allow calls to needed dbus systemd methods (#244)

https://github.com/fphammerle/systemctl-mqtt/pull/244

CHANGELOG.md

@@ -5,6 +5,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
+### Fixed
+- add missing dbus rules for systemd Manager and Unit in apparmor profile.
+  ([#244](https://github.com/fphammerle/systemctl-mqtt/pull/244)
+  by Julien Frantz (julien.frantz@gmail.com))
 
 ## [2.0.0] - 2025-11-22
 ### Added

docker-apparmor-profile

@@ -60,10 +60,16 @@ profile systemctl-mqtt flags=(attach_disconnected) {
        interface=org.freedesktop.DBus.Properties
        member=Get
        peer=(label=unconfined),
+  dbus (send)
+       bus=system
+       path=/org/freedesktop/systemd1/unit/**
+       interface=org.freedesktop.DBus.Properties
+       member=Get
+       peer=(label=unconfined),
   dbus (send)
        bus=system
        path=/org/freedesktop/systemd1
        interface=org.freedesktop.systemd1.Manager
-       member=RestartUnit
+       member={GetUnit,LoadUnit,StartUnit,StopUnit,RestartUnit}
        peer=(label=unconfined),
 }