feat(profile): add needrestart-vmlinuz-get-version & tests for needrestart.

apparmor.d/profiles-m-r/needrestart

@@ -35,11 +35,11 @@ profile needrestart @{exec_path} flags=(attach_disconnected) {
   @{bin}/stty                              rix,
   @{bin}/systemctl                         rCx -> systemctl,
   @{bin}/systemd-detect-virt               rPx,
-  @{bin}/udevadm                           rPx,
+  @{bin}/udevadm                           rCx -> udevadm,
   @{bin}/unix_chkpwd                       rPx,
   @{bin}/whiptail                          rPx,
   @{bin}/who                               rix,
-  @{lib}/needrestart/iucode-scan-versions  rPx,
+  @{lib}/needrestart/*                     rPx,
   /usr/share/debconf/frontend              rix,
 
   @{bin}/networkd-dispatcher r,
@@ -88,6 +88,13 @@ profile needrestart @{exec_path} flags=(attach_disconnected) {
     include if exists <local/needrestart_systemctl>
   }
 
+  profile udevadm {
+    include <abstractions/base>
+    include <abstractions/app/udevadm>
+
+    include if exists <local/needrestart_udevadm>
+  }
+
   include if exists <local/needrestart>
 }
 

apparmor.d/profiles-m-r/needrestart-vmlinuz-get-version

@@ -0,0 +1,30 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/4.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{lib}/needrestart/vmlinuz-get-version
+profile needrestart-vmlinuz-get-version @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/consoles>
+
+  @{exec_path} mr,
+
+  @{sh_path}                   rix,
+  @{bin}/grep                  rix,
+  @{bin}/mktemp                rix,
+  @{bin}/rm                    rix,
+  @{bin}/tr                    rix,
+  @{bin}/which{,.debianutils}  rix,
+
+  /boot/vmlinuz* r,
+
+  owner @{tmp}/tmp.@{rand10} rw,
+
+  include if exists <local/needrestart-vmlinuz-get-version>
+}
+
+# vim:syntax=apparmor

tests/bats/needrestart.bats

@@ -0,0 +1,34 @@
+#!/usr/bin/env bats
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+load common
+
+@test "needrestart: List outdated processes" {
+    needrestart
+}
+
+@test "needrestart: Interactively restart services" {
+    sudo needrestart
+}
+
+@test "needrestart: List outdated processes in verbose mode" {
+    needrestart -v
+}
+
+@test "needrestart: Check if the kernel is outdated" {
+    needrestart -k
+}
+
+@test "needrestart: Check if the CPU microcode is outdated" {
+    needrestart -w
+}
+
+@test "needrestart: List outdated processes in batch mode" {
+    needrestart -b
+}
+
+@test "needrestart: Display help" {
+    needrestart --help
+}