Merge profiles: add profile for hostname

- Tested with different flags manually - apparmor.d also have a profile for `hostname` which includes `<abstractions/consoles>` but was not needed while testing for plucky MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1650 Approved-by: Maxime Bélair <maxime.belair@canonical.com> Approved-by: Ryan Lee <rlee287@yahoo.com> Merged-by: Maxime Bélair <maxime.belair@canonical.com>
2025-08-30 13:58:22 +00:00 · 2025-05-12 12:35:28 +00:00
parent 05237241cc 0429251776
commit 1ac569ca2b
1 changed files with 35 additions and 0 deletions
--- a/profiles/apparmor.d/hostname
+++ b/profiles/apparmor.d/hostname
@@ -0,0 +1,35 @@
+#------------------------------------------------------------------
+#    Copyright (C) 2025 Canonical Ltd.
+#
+#    This program is free software; you can redistribute it and/or
+#    modify it under the terms of version 2 of the GNU General Public
+#    License published by the Free Software Foundation.
+#------------------------------------------------------------------
+# vim: ft=apparmor
+#
+
+abi <abi/4.0>,
+
+include <tunables/global>
+
+@{bin}={/usr,}/bin
+@{exec}={hostname,domainname,ypdomainname,nisdomainname,dnsdomainname}
+
+profile hostname @{bin}/@{exec} {
+  include <abstractions/base>
+  include <abstractions/nameservice-strict>
+
+  # set hostname, -F
+  capability sys_admin,
+  
+  @{bin}/@{exec} mr,
+
+  network netlink raw,
+  network inet dgram,
+  network inet6 dgram,
+
+  file r /etc/hostname,
+
+  # Site-specific additions and overrides. See local/README for details.
+  include if exists <local/hostname>
+}