feat: prefix variables that refer to a profile

2024-04-02 13:41:08 +01:00 · 2024-04-02 13:41:08 +01:00 · 6dd0c36e9a
commit 6dd0c36e9a
parent 751bc683d9
39 changed files with 57 additions and 49 deletions
--- a/apparmor.d/tunables/multiarch.d/profiles
+++ b/apparmor.d/tunables/multiarch.d/profiles
@ -0,0 +1,12 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+# Define some variables for some commonly used profile. They may be used in 
+# other profiles peer label.
+
+# All variables that refer to a profile should be prefixed with `p_`
+
+# Name of the systemd profiles. Can be `unconfined` or `systemd`, `systemd-user`
+@{p_systemd}=unconfined
+@{p_systemd_user}=unconfined
--- a/apparmor.d/tunables/multiarch.d/system
+++ b/apparmor.d/tunables/multiarch.d/system
@ -56,10 +56,6 @@
@{bin}=/{,usr/}{,s}bin
@{lib}=/{,usr/}lib{,exec,32,64}

-# Name of the systemd profiles: unconfined || systemd
-@{systemd}=unconfined
-@{systemd_user}=unconfined
-
 # Udev data dynamic assignment ranges
@{dynamic}=23[4-9] 24[0-9] 25[0-4]                       # range 234 to 254
@{dynamic}+=38[4-9] 39[0-9] 4[0-9][0-9] 50[0-9] 51[0-1]  # range 384 to 511