build: separate the base-strict abs from the re-attach builder.

Enable the use of the base-strict abs on all setup.
2025-09-01 15:07:01 +02:00 · 2025-09-01 15:07:01 +02:00 · 4f9d2703d4
commit 4f9d2703d4
parent a1ba00bec3
4 changed files with 37 additions and 7 deletions
--- a/pkg/prebuild/builder/attach.go
+++ b/pkg/prebuild/builder/attach.go
@ -49,10 +49,7 @@ func (b ReAttach) Apply(opt *Option, profile string) (string, error) {

 	} else {
 		insert = "@{att} = /\n"
-		profile = strings.ReplaceAll(profile,
-			"include <abstractions/base>",
-			"include <abstractions/base-strict>",
-		)
+
 	}

 	return strings.Replace(profile, origin, insert+origin, 1), nil
--- a/pkg/prebuild/builder/base-strict.go
+++ b/pkg/prebuild/builder/base-strict.go
@ -0,0 +1,32 @@
+// apparmor.d - Full set of apparmor profiles
+// Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
+// SPDX-License-Identifier: GPL-2.0-only
+
+package builder
+
+import (
+	"strings"
+
+	"github.com/roddhjav/apparmor.d/pkg/prebuild"
+)
+
+type BaseStrict struct {
+	prebuild.Base
+}
+
+func init() {
+	RegisterBuilder(&BaseStrict{
+		Base: prebuild.Base{
+			Keyword: "base-strict",
+			Msg:     "Feat: use 'base-strict' as base abstraction",
+		},
+	})
+}
+
+func (b BaseStrict) Apply(opt *Option, profile string) (string, error) {
+	profile = strings.ReplaceAll(profile,
+		"include <abstractions/base>",
+		"include <abstractions/base-strict>",
+	)
+	return profile, nil
+}