From c07c5838e4855d97bf98f65496c302bbd305e71c Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Mon, 26 May 2025 01:00:08 +0200
Subject: [PATCH] build: add RBAC filter to the only/exclude directive.

---
 pkg/prebuild/cli/cli.go          | 1 +
 pkg/prebuild/directive/filter.go | 4 ++++
 pkg/prebuild/directories.go      | 3 +++
 3 files changed, 8 insertions(+)

diff --git a/pkg/prebuild/cli/cli.go b/pkg/prebuild/cli/cli.go
index 779cd5c0c..51636f848 100644
--- a/pkg/prebuild/cli/cli.go
+++ b/pkg/prebuild/cli/cli.go
@@ -80,6 +80,7 @@ func Configure() {
 	if full && paths.New("apparmor.d/groups/_full").Exist() {
 		prepare.Register("fsp")
 		builder.Register("fsp")
+		prebuild.RBAC = true
 	} else if prebuild.SystemdDir.Exist() {
 		prepare.Register("systemd-early")
 	}
diff --git a/pkg/prebuild/directive/filter.go b/pkg/prebuild/directive/filter.go
index a6513f37e..b6ec56816 100644
--- a/pkg/prebuild/directive/filter.go
+++ b/pkg/prebuild/directive/filter.go
@@ -39,6 +39,10 @@ func init() {
 }
 
 func filterRuleForUs(opt *Option) bool {
+	if prebuild.RBAC && slices.Contains(opt.ArgList, "RBAC") {
+		return true
+	}
+
 	abiStr := fmt.Sprintf("abi%d", prebuild.ABI)
 	if slices.Contains(opt.ArgList, abiStr) {
 		return true
diff --git a/pkg/prebuild/directories.go b/pkg/prebuild/directories.go
index d5d5a7266..37cbc69bc 100644
--- a/pkg/prebuild/directories.go
+++ b/pkg/prebuild/directories.go
@@ -13,6 +13,9 @@ var (
 	// AppArmor version
 	Version = 4.0
 
+	// Either or not RBAC is enabled
+	RBAC = false
+
 	// Pkgname is the name of the package
 	Pkgname = "apparmor.d"