From 41ff05369d0ec487bcbfeddc53d63835ff4737e2 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Sun, 30 Mar 2025 21:07:47 +0200
Subject: [PATCH] fix(profile): integration tests.

---
 apparmor.d/groups/utils/chfn              | 9 +++------
 apparmor.d/profiles-g-l/landscape-sysinfo | 1 +
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/apparmor.d/groups/utils/chfn b/apparmor.d/groups/utils/chfn
index 7201d1a7a..45b50c7ad 100644
--- a/apparmor.d/groups/utils/chfn
+++ b/apparmor.d/groups/utils/chfn
@@ -10,19 +10,16 @@ include <tunables/global>
 @{exec_path} = @{bin}/chfn
 profile chfn @{exec_path} {
   include <abstractions/base>
+  include <abstractions/authentication>
+  include <abstractions/bus-system>
   include <abstractions/consoles>
   include <abstractions/nameservice-strict>
-  include <abstractions/authentication>
   include <abstractions/wutmp>
 
-  # To write records to the kernel auditing log.
   capability audit_write,
-
-  # To set the right permission to the files in the /etc/ dir.
   capability chown,
   capability fsetid,
-
-  # chfn is a SETUID binary
+  capability net_admin,
   capability setuid,
 
   network netlink raw,
diff --git a/apparmor.d/profiles-g-l/landscape-sysinfo b/apparmor.d/profiles-g-l/landscape-sysinfo
index 6be10f48c..3b140b2bf 100644
--- a/apparmor.d/profiles-g-l/landscape-sysinfo
+++ b/apparmor.d/profiles-g-l/landscape-sysinfo
@@ -28,6 +28,7 @@ profile landscape-sysinfo @{exec_path} {
   @{bin}/who rix,
 
   @{lib}/@{python_name}/dist-packages/landscape/{,**/}__pycache__/ w,
+  @{lib}/@{python_name}/dist-packages/landscape/{,**/}__pycache__/**.pyc w,
   @{lib}/@{python_name}/dist-packages/landscape/{,**/}__pycache__/**.pyc.@{u64} w,
 
   /var/log/landscape/{,**} rw,