From 018e10bf2deb174b13d846f24455f928a2f36de3 Mon Sep 17 00:00:00 2001
From: rowezuniga <rowena.zuniga@gremlin.com>
Date: Mon, 30 Oct 2023 16:15:27 -0600
Subject: [PATCH 1/2] Clarify the capabilities for cert expiry

---
 gremlin/agent_apparmor.profile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gremlin/agent_apparmor.profile b/gremlin/agent_apparmor.profile
index 59ab0e8..ebd66b1 100644
--- a/gremlin/agent_apparmor.profile
+++ b/gremlin/agent_apparmor.profile
@@ -56,7 +56,7 @@ profile gremlin-agent flags=(attach_disconnected,mediate_deleted) {
   capability setgid,
   capability chown,
 
-  # Needed for Gremlin Service Discovery
+  # Needed for Gremlin Service Discovery and executing a certificate expiry attack
   capability dac_read_search,
   capability sys_ptrace,
 

From d2836892e97ef04afa71a9bd1ca692e82cd521d5 Mon Sep 17 00:00:00 2001
From: rowezuniga <rowena.zuniga@gremlin.com>
Date: Mon, 30 Oct 2023 20:00:15 -0600
Subject: [PATCH 2/2] experiment, not attack

---
 gremlin/agent_apparmor.profile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gremlin/agent_apparmor.profile b/gremlin/agent_apparmor.profile
index ebd66b1..d0ba3a4 100644
--- a/gremlin/agent_apparmor.profile
+++ b/gremlin/agent_apparmor.profile
@@ -56,7 +56,7 @@ profile gremlin-agent flags=(attach_disconnected,mediate_deleted) {
   capability setgid,
   capability chown,
 
-  # Needed for Gremlin Service Discovery and executing a certificate expiry attack
+  # Needed for Gremlin Service Discovery and executing a certificate expiry experiment
   capability dac_read_search,
   capability sys_ptrace,