From e490a11c1a2ecfadd2cbc0759d77f4706bc2ee61 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Sun, 20 Jul 2025 14:25:41 +0200 Subject: [PATCH] feat(profile): add hwclock. --- apparmor.d/groups/utils/hwclock | 30 ++++++++++++++++++++++++++++ tests/integration/utils/hwclock.bats | 6 +++--- tests/requirements.sh | 3 ++- 3 files changed, 35 insertions(+), 4 deletions(-) create mode 100644 apparmor.d/groups/utils/hwclock diff --git a/apparmor.d/groups/utils/hwclock b/apparmor.d/groups/utils/hwclock new file mode 100644 index 000000000..d1433a605 --- /dev/null +++ b/apparmor.d/groups/utils/hwclock @@ -0,0 +1,30 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2025 Alexandre Pujol +# SPDX-License-Identifier: GPL-2.0-only + +abi , + +include + +@{exec_path} = @{sbin}/hwclock +profile hwclock @{exec_path} { + include + include + + capability audit_write, + capability sys_time, + + network netlink raw, + + @{exec_path} mr, + + /etc/adjtime rw, + + @{sys}/devices/pnp@{int}/*/rtc/rtc@{int}/{,*} r, + + /dev/rtc@{int} r, + + include if exists +} + +# vim:syntax=apparmor diff --git a/tests/integration/utils/hwclock.bats b/tests/integration/utils/hwclock.bats index 88c981c31..4a1bc0f83 100644 --- a/tests/integration/utils/hwclock.bats +++ b/tests/integration/utils/hwclock.bats @@ -6,14 +6,14 @@ load ../common @test "hwclock: Display the current time as reported by the hardware clock" { - hwclock + sudo hwclock } @test "hwclock: Write the current software clock time to the hardware clock (sometimes used during system setup)" { - hwclock --systohc + sudo hwclock --systohc } @test "hwclock: Write the current hardware clock time to the software clock" { - hwclock --hctosys + sudo hwclock --hctosys } diff --git a/tests/requirements.sh b/tests/requirements.sh index 52d7cb36b..085ad8c7c 100644 --- a/tests/requirements.sh +++ b/tests/requirements.sh @@ -21,7 +21,8 @@ debian | ubuntu | whonix) sudo apt update -y sudo apt install -y \ bats bats-support \ - cpuid dfc systemd-userdbd systemd-homed tlp network-manager flatpak + cpuid dfc systemd-userdbd systemd-homed tlp network-manager flatpak \ + util-linux-extra ;; opensuse*) ;;