From 931c20708905fd5b48f07aa492749fe178e152eb Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Sun, 25 May 2025 18:24:34 +0200 Subject: [PATCH] feat(profile): simplify needrestart & fix pam-auth-update. --- apparmor.d/profiles-m-r/needrestart | 19 +------------------ apparmor.d/profiles-m-r/pam-auth-update | 2 +- 2 files changed, 2 insertions(+), 19 deletions(-) diff --git a/apparmor.d/profiles-m-r/needrestart b/apparmor.d/profiles-m-r/needrestart index 13838902e..9b731fd64 100644 --- a/apparmor.d/profiles-m-r/needrestart +++ b/apparmor.d/profiles-m-r/needrestart @@ -9,11 +9,8 @@ include @{exec_path} = @{sbin}/needrestart profile needrestart @{exec_path} flags=(attach_disconnected) { include - include - include - include + include include - include capability checkpoint_restore, capability dac_read_search, @@ -27,18 +24,13 @@ profile needrestart @{exec_path} flags=(attach_disconnected) { @{sh_path} rix, @{bin}/dpkg-query rpx, @{bin}/fail2ban-server rPx, - @{bin}/sed rix, - @{bin}/stty rix, @{bin}/systemctl rCx -> systemctl, @{bin}/systemd-detect-virt rPx, @{bin}/udevadm rCx -> udevadm, - @{bin}/who rix, @{lib}/needrestart/* rPx, @{python_path} rix, @{sbin}/unix_chkpwd rPx, - /usr/share/debconf/frontend rCx -> debconf, - /etc/needrestart/hook.d/* rPx, /etc/needrestart/notify.d/* rPx, /etc/needrestart/restart.d/* rPx, @@ -96,15 +88,6 @@ profile needrestart @{exec_path} flags=(attach_disconnected) { include if exists } - profile debconf { - include - include - - @{sbin}/needrestart Px, - - include if exists - } - include if exists } diff --git a/apparmor.d/profiles-m-r/pam-auth-update b/apparmor.d/profiles-m-r/pam-auth-update index aff011389..5e0cbaaf4 100644 --- a/apparmor.d/profiles-m-r/pam-auth-update +++ b/apparmor.d/profiles-m-r/pam-auth-update @@ -12,7 +12,7 @@ profile pam-auth-update @{exec_path} flags=(complain) { include include - @{exec_path} mr, + @{exec_path} mrix, @{bin}/md5sum ix, @{bin}/cp ix,