## Do not modify this file. Changes may be undone during upgrades. 
## To play around, create a copy with a different profile name and
## put it in: /etc/apparmor.d/

profile testprofile {

	#include <abstractions/base>
	#include <abstractions/nameservice>

	change_profile -> testprofile,

	capability kill,
	capability net_bind_service,
	capability setgid,
	capability setuid,
	capability sys_tty_config,

	/ rw,
	/** mrwlkix,

	audit deny /etc/passwd rwx,

	^testhat {

		#include <abstractions/base>
		#include <abstractions/nameservice>
	
		capability kill,
		capability net_bind_service,
		capability setgid,
		capability setuid,
		capability sys_tty_config,

		/ rw,
		/** mrwlkix,
		
		audit deny /etc/passwd rwx,
		audit deny /etc/group rwx,		
	}
}
