From 96e79d9d88fca8ebd534b0db3e97eb2a4ff3035d Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Sat, 15 Mar 2025 00:26:47 +0100
Subject: [PATCH] build: add filter for apparmor version.

---
 apparmor.d/tunables/multiarch.d/profiles | 7 ++++++-
 pkg/prebuild/directive/filter.go         | 4 ++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/apparmor.d/tunables/multiarch.d/profiles b/apparmor.d/tunables/multiarch.d/profiles
index 8917c88d8..1140f36af 100644
--- a/apparmor.d/tunables/multiarch.d/profiles
+++ b/apparmor.d/tunables/multiarch.d/profiles
@@ -12,9 +12,14 @@
 @{p_systemd_user}=unconfined
 
 # Name of the dbus daemon profiles
+@{p_dbus_accessibility}=dbus-accessibility
+#aa:only apparmor4.1
+@{p_dbus_system}=dbus-system//&unconfined
+@{p_dbus_session}=dbus-session//&unconfined
+
+#aa:exclude apparmor4.1
 @{p_dbus_system}=dbus-system
 @{p_dbus_session}=dbus-session
-@{p_dbus_accessibility}=dbus-accessibility
 
 @{p_at_spi2_registryd}=at-spi2-registryd
 @{p_colord}=colord
diff --git a/pkg/prebuild/directive/filter.go b/pkg/prebuild/directive/filter.go
index 2fe46e6f2..7ab28841e 100644
--- a/pkg/prebuild/directive/filter.go
+++ b/pkg/prebuild/directive/filter.go
@@ -43,6 +43,10 @@ func filterRuleForUs(opt *Option) bool {
 	if slices.Contains(opt.ArgList, abiStr) {
 		return true
 	}
+	versionStr := fmt.Sprintf("apparmor%s", prebuild.Version)
+	if slices.Contains(opt.ArgList, versionStr) {
+		return true
+	}
 	return slices.Contains(opt.ArgList, prebuild.Distribution) || slices.Contains(opt.ArgList, prebuild.Family)
 }