build: separate the base-strict abs from the re-attach builder.

Enable the use of the base-strict abs on all setup.

apparmor.d/abstractions/attached/base

@@ -8,7 +8,7 @@
 
   abi <abi/4.0>,
 
-  include <abstractions/base-strict>
+  include <abstractions/base>
 
   @{att}/@{run}/systemd/journal/dev-log w,
   @{att}/@{run}/systemd/journal/socket w,

cmd/prebuild/main.go

@@ -32,8 +32,9 @@ func init() {
 
 	// Build tasks applied by default
 	builder.Register(
-		"userspace", // Resolve variable in profile attachments
+		"userspace",   // Resolve variable in profile attachments
-		"hotfix",    // Temporary fix for #74, #80 & #235
+		"hotfix",      // Temporary fix for #74, #80 & #235
+		"base-strict", // Use base-strict as base abstraction
 	)
 
 	// Matrix of ABI/Apparmor version to integrate with

pkg/prebuild/builder/attach.go

@@ -49,10 +49,7 @@ func (b ReAttach) Apply(opt *Option, profile string) (string, error) {
 
 	} else {
 		insert = "@{att} = /\n"
-		profile = strings.ReplaceAll(profile,
+
-			"include <abstractions/base>",
-			"include <abstractions/base-strict>",
-		)
 	}
 
 	return strings.Replace(profile, origin, insert+origin, 1), nil

pkg/prebuild/builder/base-strict.go

@@ -0,0 +1,32 @@
+// apparmor.d - Full set of apparmor profiles
+// Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
+// SPDX-License-Identifier: GPL-2.0-only
+
+package builder
+
+import (
+	"strings"
+
+	"github.com/roddhjav/apparmor.d/pkg/prebuild"
+)
+
+type BaseStrict struct {
+	prebuild.Base
+}
+
+func init() {
+	RegisterBuilder(&BaseStrict{
+		Base: prebuild.Base{
+			Keyword: "base-strict",
+			Msg:     "Feat: use 'base-strict' as base abstraction",
+		},
+	})
+}
+
+func (b BaseStrict) Apply(opt *Option, profile string) (string, error) {
+	profile = strings.ReplaceAll(profile,
+		"include <abstractions/base>",
+		"include <abstractions/base-strict>",
+	)
+	return profile, nil
+}