update

apparmor.d/profiles-s-z/su

@@ -28,6 +28,7 @@ profile su @{exec_path} {
   signal (receive) set=(int,quit,term),
   signal (receive) set=(cont,hup)       peer=sudo,
 
+  # unknown, needs to be cleared up; TODO
   network netlink raw,
 
   @{exec_path} mr,
@@ -59,8 +60,6 @@ profile su @{exec_path} {
 
   /dev/{,pts/}ptmx rw,
 
-  /var/log/btmp wk,
-
   @{run}/dbus/system_bus_socket rw,
   @{run}/systemd/userdb/ r,
   @{run}/systemd/userdb/io.systemd.Machine rw,

apparmor.d/profiles-s-z/sudo

@@ -29,8 +29,8 @@ profile sudo @{exec_path} {
   capability sys_ptrace,
   capability sys_resource,
 
-  network netlink raw,
-  # dns query?
+  network netlink raw,   # PAM
+  # DNS query?
 #  network inet dgram,
 #  network inet6 dgram,
 
@@ -72,7 +72,7 @@ profile sudo @{exec_path} {
   owner /dev/tty[0-9]* rw,
   owner @{HOME}/.xsession-errors w,
 
-  /var/lib/sudo/lectured/user rw,
+  owner /var/lib/sudo/lectured/* rw,
 
   owner @{HOME}/.sudo_as_admin_successful rw,