/etc/apparmor.d/usr.bin.systemcheck:
User reported, that adding the following was required in context of using a user other than user user.
owner /run/sudo/ts/tux rwk,
tux is probably a user chosen account name. Any suggestions on correct sudo related AppArmor rules in that profile?
usr.bin.systemcheck already has owner /run/sudo/ts/user rw,, therefore is make senses to have owner /run/sudo/ts/* rw,, to support any username.
With apparmor.d installed a more stable solution would be:
owner @{run}/sudo/ts/@{user} rwk,
Also the systemcheck profile should probably be updated. For example abstractions/app/sudo handles all sudo accesses.
BTW, I removed any go build deps from apparmor.d, therefore you should be able to build it without issues.
1 Like