build: improve support for aa 5.0

dists/overwrite

@@ -6,6 +6,7 @@
 brave
 chrome
 chromium
+cockpit-desktop
 element-desktop
 epiphany
 firefox
@@ -29,8 +30,8 @@ unix-chkpwd
 
 # Overwrite some profiles recently added in apparmor while being already present in apparmor.d for a while
 # They can be multiple justification for keeping our profiles here, or or the contrary using upstream ones:
-# - Keep ours: If they use abstractions, tunable, rules, and integration with apparmor.d that would break if using the upstream profile
+# - Keep ours: If we/they use abstractions, tunable, rules, and integration with apparmor.d that would break if using the upstream profile
-# - Drop ours: when upstream profiles is better
+# - Drop ours: when upstream profiles is better (see pkg/prebuild/prepare/configure.go)
 fusermount3
 lsblk
 lsusb

pkg/prebuild/prepare/configure.go

@@ -6,6 +6,7 @@ package prepare
 
 import (
 	"fmt"
+	"strings"
 
 	"github.com/roddhjav/apparmor.d/pkg/prebuild"
 )
@@ -92,6 +93,15 @@ func (p Configure) Apply() ([]string, error) {
 		if err := removeFiles(remove); err != nil {
 			return res, err
 		}
+
+		// @{pci_bus} was upstreamed in 5.0
+		path := prebuild.RootApparmord.Join("tunables/multiarch.d/system")
+		out, err := path.ReadFileAsString()
+		if err != nil {
+			return res, err
+		}
+		out = strings.ReplaceAll(out, "@{pci_bus}=pci@{hex4}:@{hex2}", "")
+		return res, path.WriteFile([]byte(out))
 	}
 	return res, nil
 }