From 53ee5d0c83ec73f57b2d170e89bf62a17bfedb1f Mon Sep 17 00:00:00 2001
From: nobodysu <nobodysu@users.noreply.github.com>
Date: Mon, 21 Feb 2022 21:46:55 +0300
Subject: [PATCH] update

---
 apparmor.d/profiles-s-z/su   | 5 ++---
 apparmor.d/profiles-s-z/sudo | 6 +++---
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/apparmor.d/profiles-s-z/su b/apparmor.d/profiles-s-z/su
index 3e9481e6..166a3553 100644
--- a/apparmor.d/profiles-s-z/su
+++ b/apparmor.d/profiles-s-z/su
@@ -26,8 +26,9 @@ profile su @{exec_path} {
 
   signal (send)    set=(term,kill),
   signal (receive) set=(int,quit,term),
-  signal (receive) set=(cont,hup) peer=sudo,
+  signal (receive) set=(cont,hup)       peer=sudo,
 
+  # unknown, needs to be cleared up; TODO
   network netlink raw,
 
   @{exec_path} mr,
@@ -59,8 +60,6 @@ profile su @{exec_path} {
 
   /dev/{,pts/}ptmx rw,
 
-  /var/log/btmp wk,
-
   @{run}/dbus/system_bus_socket rw,
   @{run}/systemd/userdb/ r,
   @{run}/systemd/userdb/io.systemd.Machine rw,
diff --git a/apparmor.d/profiles-s-z/sudo b/apparmor.d/profiles-s-z/sudo
index 6cd58bb3..637047c8 100644
--- a/apparmor.d/profiles-s-z/sudo
+++ b/apparmor.d/profiles-s-z/sudo
@@ -29,8 +29,8 @@ profile sudo @{exec_path} {
   capability sys_ptrace,
   capability sys_resource,
 
-  network netlink raw,
-  # dns query?
+  network netlink raw,   # PAM
+  # DNS query?
 #  network inet dgram,
 #  network inet6 dgram,
 
@@ -72,7 +72,7 @@ profile sudo @{exec_path} {
   owner /dev/tty[0-9]* rw,
   owner @{HOME}/.xsession-errors w,
 
-  /var/lib/sudo/lectured/user rw,
+  owner /var/lib/sudo/lectured/* rw,
 
   owner @{HOME}/.sudo_as_admin_successful rw,