Merge branch 'integration'

* integration: fix(test): minor fixes. tests(integration): add more tests.
2024-11-11 23:39:43 +00:00 · 2024-11-11 23:39:43 +00:00 · 6f14d025e9
commit 6f14d025e9
parent 9a3adc66d0 5240dcbdd1
5 changed files with 110 additions and 10 deletions
--- a/apparmor.d/profiles-a-f/chsh
+++ b/apparmor.d/profiles-a-f/chsh
@ -10,26 +10,19 @@ include <tunables/global>
@{exec_path} = @{bin}/chsh
 profile chsh @{exec_path} {
  include <abstractions/base>
-  include <abstractions/wutmp>
  include <abstractions/authentication>
  include <abstractions/nameservice-strict>
+  include <abstractions/wutmp>

-  # To write records to the kernel auditing log.
  capability audit_write,
-
-  # To set the right permission to the files in the /etc/ dir.
  capability chown,
  capability fsetid,
-
-  # gpasswd is a SETUID binary
  capability setuid,

  network netlink raw,

  @{exec_path} mr,

-  owner @{PROC}/@{pid}/loginuid r,
-
  /etc/shells r,

  /etc/passwd rw,
@ -44,6 +37,8 @@ profile chsh @{exec_path} {
  # modify the /etc/passwd or /etc/shadow password database.
  /etc/.pwd.lock rwk,

+  owner @{PROC}/@{pid}/loginuid r,
+
  include if exists <local/chsh>
 }