From ceb60bde82a9e7c45057b19cf3ef40af07bcfc42 Mon Sep 17 00:00:00 2001
From: nobodysu <nobodysu@users.noreply.github.com>
Date: Sun, 20 Feb 2022 02:29:31 +0300
Subject: [PATCH] update

---
 apparmor.d/profiles-s-z/su | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/apparmor.d/profiles-s-z/su b/apparmor.d/profiles-s-z/su
index fa58fac7..3e9481e6 100644
--- a/apparmor.d/profiles-s-z/su
+++ b/apparmor.d/profiles-s-z/su
@@ -19,6 +19,9 @@ profile su @{exec_path} {
   capability setgid,
   capability setuid,
   capability dac_read_search,
+  capability sys_resource,
+  # No clear purpose, deny until needed
+  deny capability net_admin,
   #audit deny capability net_bind_service,
 
   signal (send)    set=(term,kill),
@@ -51,11 +54,6 @@ profile su @{exec_path} {
   @{PROC}/cmdline r,
   @{sys}/devices/virtual/tty/console/active r,
 
-  # Upstreaming
-  capability sys_resource,
-  # No clear purpose, deny until needed
-  deny capability net_admin,
-
   # pseudo-terminal
   capability chown,