# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2025 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only

# Minimal set of rules for su/sudo based hat mapping.

  abi <abi/4.0>,

  capability audit_write,
  capability setgid,
  capability setuid,

  network netlink raw,

  @{etc_ro}/login.defs r,
  /etc/passwd r,

  include if exists <abstractions/mapping/sudo.d>

# vim:syntax=apparmor
