From 1b8b3610b17ae31bc81c3827cea24bd09822a0e3 Mon Sep 17 00:00:00 2001
From: madaidan <50278627+madaidan@users.noreply.github.com>
Date: Mon, 28 Oct 2019 14:20:59 +0000
Subject: [PATCH] Create usr.lib.security-misc.pam_tally2-info

---
 .../usr.lib.security-misc.pam_tally2-info     | 33 +++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 etc/apparmor.d/usr.lib.security-misc.pam_tally2-info

diff --git a/etc/apparmor.d/usr.lib.security-misc.pam_tally2-info b/etc/apparmor.d/usr.lib.security-misc.pam_tally2-info
new file mode 100644
index 0000000..5082af7
--- /dev/null
+++ b/etc/apparmor.d/usr.lib.security-misc.pam_tally2-info
@@ -0,0 +1,33 @@
+#include <tunables/global>
+
+/usr/lib/security-misc/pam_tally2-info flags=(attach_disconnected) {
+  #include <abstractions/bash>
+
+  capability dac_override,
+  capability dac_read_search,
+
+  /bin/bash ix,
+  /bin/cat mrix,
+  /bin/grep mrix,
+  /usr/bin/cut mrix,
+  /usr/bin/tail mrix,
+  /sbin/pam_tally2 mrix,
+  /usr/lib/security-misc/pam_tally2-info r,
+
+  /etc/ld.so.cache r,
+  /etc/locale.alias r,
+
+  /{usr/,}lib{,32,64}/** mr,
+
+  owner /etc/nsswitch.conf r,
+  owner /etc/pam.d/* r,
+  owner /etc/passwd r,
+
+  owner /usr/share/zoneinfo/** r,
+  owner /var/log/tallylog rw,
+
+  /dev/tty rw,
+  owner /dev/pts/[0-9]* rw,
+  
+  #include <local/usr.lib.security-misc.pam_tally2-info>
+}