Place unix-chkpwd AppArmor profile into complain mode

This is necessary when running Molecule tests against Fedora 40 and
41; otherwise, the privileged container cannot successfully sudo and
hence Ansible is unable to do anything.

Note that for security reasons this change is reverted after the
Molecule tests are run.

Author: jsf9k

.github/workflows/build.yml

@@ -238,11 +238,23 @@ jobs:
         uses: docker/setup-qemu-action@v3
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
+      # This is necessary when running Molecule tests against Fedora
+      # 40 and 41; otherwise, the privileged container cannot
+      # successfully sudo and hence Ansible is unable to do anything.
+      - name: Place unix-chkpwd AppArmor profile into complain mode
+        run: |
+          sudo apt-get update
+          sudo apt-get upgrade
+          sudo apt-get install apparmor-utils
+          sudo aa-complain /usr/sbin/unix_chkpwd
       - name: Run molecule tests
         run: >-
           molecule test
           --platform-name ${{ matrix.platform }}-${{ matrix.architecture }}
           --scenario-name ${{ matrix.scenario }}
+      - name: Place unix-chkpwd AppArmor profile into enforce mode
+        run: >-
+          sudo aa-enforce /usr/sbin/unix_chkpwd
       - name: Setup tmate debug session
         uses: mxschmitt/action-tmate@v3
         if: env.RUN_TMATE