From a447640f3c50f73f5dcce9a8944db5eeed450320 Mon Sep 17 00:00:00 2001
From: npwc <51269503+npwc@users.noreply.github.com>
Date: Tue, 16 Jan 2024 14:44:30 +0000
Subject: [PATCH] Update secure-time-sync

---
 apparmor.d/profiles-s-z/secure-time-sync | 17 ++++-------------
 1 file changed, 4 insertions(+), 13 deletions(-)

diff --git a/apparmor.d/profiles-s-z/secure-time-sync b/apparmor.d/profiles-s-z/secure-time-sync
index 411087215..671dcccd6 100644
--- a/apparmor.d/profiles-s-z/secure-time-sync
+++ b/apparmor.d/profiles-s-z/secure-time-sync
@@ -5,10 +5,11 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = /usr/{,local/}bin/secure-time-sync
-profile secure-time-sync @{exec_path} flags=(attach_disconnected) {
+@{exec_path} = @{bin}/secure-time-sync
+profile secure-time-sync @{bin}/secure-time-sync flags=(attach_disconnected) {
   include <abstractions/base>
-  include <abstractions/bash>
+  include <abstractions/nameservice-strict>
+  include <abstractions/ssl_certs>
 
   capability sys_time,
 
@@ -18,16 +19,6 @@ profile secure-time-sync @{exec_path} flags=(attach_disconnected) {
 
   owner /dev/tty rw,
 
-  owner /etc/ca-certificates/** r,
-  owner /etc/ssl/** r,
-
-  owner /etc/host.conf r,
-  owner /etc/hosts r,
-  owner /etc/nsswitch.conf r,
-  owner /etc/passwd r,
-  owner /etc/resolv.conf r,
-  owner /etc/gai.conf r,
-
   /usr/bin/bash ix,
   /usr/bin/curl mrix,
   /usr/bin/date mrix,