From 48a37bbf3431c4c79e4651229fbfad223d3f1003 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Thu, 1 May 2025 14:36:57 +0200
Subject: [PATCH] build: configure sbin value according to the target
 distribution.

---
 pkg/aa/apparmor.go                |  3 +--
 pkg/prebuild/builder/userspace.go | 10 ++++++++++
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/pkg/aa/apparmor.go b/pkg/aa/apparmor.go
index f0deaffc9..6119a0c91 100644
--- a/pkg/aa/apparmor.go
+++ b/pkg/aa/apparmor.go
@@ -33,7 +33,7 @@ func DefaultTunables() *AppArmorProfileFile {
 	return &AppArmorProfileFile{
 		Preamble: Rules{
 			&Variable{Name: "arch", Values: []string{"x86_64", "amd64", "i386"}, Define: true},
-			&Variable{Name: "bin", Values: []string{"/{,usr/}{,s}bin"}, Define: true},
+			&Variable{Name: "bin", Values: []string{"/{,usr/}bin"}, Define: true},
 			&Variable{Name: "c", Values: []string{"[0-9a-zA-Z]"}, Define: true},
 			&Variable{Name: "dpkg_script_ext", Values: []string{"config", "templates", "preinst", "postinst", "prerm", "postrm"}, Define: true},
 			&Variable{Name: "etc_ro", Values: []string{"/{,usr/}etc/"}, Define: true},
@@ -45,7 +45,6 @@ func DefaultTunables() *AppArmorProfileFile {
 			&Variable{Name: "multiarch", Values: []string{"*-linux-gnu*"}, Define: true},
 			&Variable{Name: "rand", Values: []string{"@{c}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}{@{c},}"}, Define: true}, // Up to 10 characters
 			&Variable{Name: "run", Values: []string{"/run/", "/var/run/"}, Define: true},
-			&Variable{Name: "sbin", Values: []string{"/{,usr/}sbin"}, Define: true},
 			&Variable{Name: "uid", Values: []string{"{[0-9],[1-9][0-9],[1-9][0-9][0-9],[1-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9],[1-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9],[1-4][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]}"}, Define: true},
 			&Variable{Name: "user_cache_dirs", Values: []string{"/home/*/.cache"}, Define: true},
 			&Variable{Name: "user_config_dirs", Values: []string{"/home/*/.config"}, Define: true},
diff --git a/pkg/prebuild/builder/userspace.go b/pkg/prebuild/builder/userspace.go
index 618b67c17..37bb3a978 100644
--- a/pkg/prebuild/builder/userspace.go
+++ b/pkg/prebuild/builder/userspace.go
@@ -40,6 +40,16 @@ func (b Userspace) Apply(opt *Option, profile string) (string, error) {
 	}
 
 	f := aa.DefaultTunables()
+	if prebuild.Distribution == "arch" {
+		f.Preamble = append(f.Preamble, &aa.Variable{
+			Name: "sbin", Values: []string{"/{,usr/}{,s}bin"}, Define: true,
+		})
+	} else {
+		f.Preamble = append(f.Preamble, &aa.Variable{
+			Name: "sbin", Values: []string{"/{,usr/}sbin"}, Define: true,
+		})
+	}
+
 	if _, err := f.Parse(profile); err != nil {
 		return "", err
 	}