From c67061c64f6c2e95ff6f8713b98ad6cf690e55f7 Mon Sep 17 00:00:00 2001
From: Jorge Sancho Larraz <jorge.sancho.larraz@canonical.com>
Date: Wed, 5 Feb 2025 16:31:03 +0100
Subject: [PATCH] profiles/a/frr: clean up rules only needed by topotests

---
 profiles/apparmor.d/abstractions/frr | 12 ++----------
 1 file changed, 2 insertions(+), 10 deletions(-)

diff --git a/profiles/apparmor.d/abstractions/frr b/profiles/apparmor.d/abstractions/frr
index 75b413d49..b42b17357 100644
--- a/profiles/apparmor.d/abstractions/frr
+++ b/profiles/apparmor.d/abstractions/frr
@@ -23,6 +23,7 @@
   capability dac_override,
   capability dac_read_search,
 
+  / r,
   @{run}/frr/ r,
   @{run}/frr/zserv.api rw,
   @{run}/frr/@{profile_name}.pid rwk,
@@ -39,7 +40,7 @@
 
   # Daemon config
   /etc/frr/ r, 
-  /etc/frr/@{profile_name}.conf{,.*} rwl,
+  /etc/frr/@{profile_name}.conf rw,
 
   # Log file
   /var/log/frr/ w,
@@ -51,13 +52,4 @@
   owner /var/tmp/frr/@{profile_name}.@{pid}/crashlog w,
   owner /var/tmp/frr/@{profile_name}.@{pid}/logbuf.@{tid} rw,
 
-  # Program output (working directory)
-  owner / r,
-  owner /tmp/ r,
-  owner /tmp/topotests/ r,
-  owner /tmp/topotests/** rw,
-
-  # Tests for staticd, bgpd, ospfd
-  owner /tmp/*.log w,
-
   include if exists <abstractions/frr.d>