From 85e7832f0bce704b7e9e9763852f3de380154111 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Sun, 23 Jul 2023 16:37:09 +0100
Subject: [PATCH] feat: do not set autostart or read access to log by default

These settings are legitimate however:
- Start aa-notify only applies to desktop, and it is already enabled by default in some distribution.
- Allow the user to read the apparmor log is out of the scope of this project.
---
 root/etc/xdg/autostart/apparmor-notify.desktop | 8 --------
 root/usr/lib/sysusers.d/apparmor.d.conf        | 2 --
 2 files changed, 10 deletions(-)
 delete mode 100644 root/etc/xdg/autostart/apparmor-notify.desktop
 delete mode 100644 root/usr/lib/sysusers.d/apparmor.d.conf

diff --git a/root/etc/xdg/autostart/apparmor-notify.desktop b/root/etc/xdg/autostart/apparmor-notify.desktop
deleted file mode 100644
index 74c714e2a..000000000
--- a/root/etc/xdg/autostart/apparmor-notify.desktop
+++ /dev/null
@@ -1,8 +0,0 @@
-[Desktop Entry]
-Type=Application
-Name=AppArmor Notify
-Comment=Receive on screen notifications of AppArmor denials
-TryExec=aa-notify
-Exec=aa-notify --poll --since-days 1 --wait 60 --file /var/log/audit/audit.log
-StartupNotify=false
-NoDisplay=true
diff --git a/root/usr/lib/sysusers.d/apparmor.d.conf b/root/usr/lib/sysusers.d/apparmor.d.conf
deleted file mode 100644
index c5bd12714..000000000
--- a/root/usr/lib/sysusers.d/apparmor.d.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-# Allow the user to read the apparmor log
-g audit -