From 1b939eaa6f7f4830f587fad42cb4a81aac22332e Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Sun, 27 Jul 2025 21:28:54 +0200
Subject: [PATCH] feat(profile): add more test for lspci.

---
 apparmor.d/groups/utils/lspci      | 4 ++++
 tests/integration/utils/lspci.bats | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/apparmor.d/groups/utils/lspci b/apparmor.d/groups/utils/lspci
index 63a2d50ab..e8ba89298 100644
--- a/apparmor.d/groups/utils/lspci
+++ b/apparmor.d/groups/utils/lspci
@@ -13,8 +13,12 @@ profile lspci @{exec_path} flags=(attach_disconnected) {
   include <abstractions/consoles>
   include <abstractions/nameservice-strict>
 
+  capability dac_read_search,
   capability sys_admin,
 
+  network inet dgram,
+  network inet6 dgram,
+
   @{exec_path} mr,
 
   /usr/share/hwdata/pci.ids r,
diff --git a/tests/integration/utils/lspci.bats b/tests/integration/utils/lspci.bats
index 848b7ef61..facf379a9 100644
--- a/tests/integration/utils/lspci.bats
+++ b/tests/integration/utils/lspci.bats
@@ -22,6 +22,10 @@ load ../common
     lspci -s 00:00.0
 }
 
+@test "lspci: Query the PCI ID database for unknown ID's via DNS" {
+    sudo lspci -q
+}
+
 @test "lspci: Dump info in a readable form" {
     lspci -vm
 }