From d5044ff3285b4bb62472416bf80bc75d67bfcb5f Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Sun, 20 Jul 2025 14:55:36 +0200 Subject: [PATCH] feat(profile): add lslocks --- apparmor.d/groups/utils/lslocks | 33 ++++++++++++++++++++++++++++ tests/integration/utils/lslocks.bats | 22 +++++++++++++++++++ 2 files changed, 55 insertions(+) create mode 100644 apparmor.d/groups/utils/lslocks create mode 100644 tests/integration/utils/lslocks.bats diff --git a/apparmor.d/groups/utils/lslocks b/apparmor.d/groups/utils/lslocks new file mode 100644 index 000000000..5fbcdbc8f --- /dev/null +++ b/apparmor.d/groups/utils/lslocks @@ -0,0 +1,33 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2025 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{bin}/lslocks +profile lslocks @{exec_path} flags=(attach_disconnected) { + include + + capability dac_read_search, + capability sys_ptrace, + + ptrace read, + + @{exec_path} mr, + + @{PROC}/ r, + @{PROC}/@{pid}/ r, + @{PROC}/@{pid}/comm r, + @{PROC}/@{pid}/fd/ r, + @{PROC}/@{pid}/fdinfo/ r, + @{PROC}/@{pid}/fdinfo/@{int} r, + @{PROC}/locks r, + owner @{PROC}/@{pid}/ r, + owner @{PROC}/@{pid}/mountinfo r, + + include if exists +} + +# vim:syntax=apparmor diff --git a/tests/integration/utils/lslocks.bats b/tests/integration/utils/lslocks.bats new file mode 100644 index 000000000..042834cae --- /dev/null +++ b/tests/integration/utils/lslocks.bats @@ -0,0 +1,22 @@ +#!/usr/bin/env bats +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2024 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +load ../common + +@test "lslocks: List all local system locks" { + sudo lslocks +} + +@test "lslocks: List locks producing a raw output (no columns), and without column headers" { + sudo lslocks --raw --noheadings +} + +@test "lslocks: List locks by PID input" { + sudo lslocks --pid "$(sudo lslocks --raw --noheadings --output PID | head -1)" +} + +@test "lslocks: List locks with JSON output to stdout" { + lslocks --json +}