From dc8134589dcf3f2e41c9864ba4263972d27fb9f3 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Tue, 24 Jan 2023 20:17:00 +0000
Subject: [PATCH] build: initial build support for full system policy.

---
 configure                | 14 +++++++++++++-
 dists/ignore/main.ignore |  2 ++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/configure b/configure
index eb2c9cff0..59c2e919d 100755
--- a/configure
+++ b/configure
@@ -158,7 +158,19 @@ complain() {
 # Set AppArmor for full system policy
 # See https://gitlab.com/apparmor/apparmor/-/wikis/FullSystemPolicy
 full() {
-	cp -a apparmor.d/groups/_full/* "$ROOT/apparmor.d/"
+	cp -a apparmor.d/groups/_full/init "$ROOT/apparmor.d/"
+	cp -a apparmor.d/groups/_full/systemd "$ROOT/apparmor.d/"
+	case "$DISTRIBUTION" in
+		arch|endeavouros|cachyos|manjarolinux)
+			cp -r root/usr/lib/initcpio root/usr/lib/systemd/ "$ROOT/root/"
+			;;
+
+		debian|ubuntu|whonix)
+			cp -r root/etc/initramfs-tools "$ROOT/root/"
+			;;
+
+		*) _die "$DISTRIBUTION is not a supported distribution." ;;
+	esac
 }
 
 # Print help message
diff --git a/dists/ignore/main.ignore b/dists/ignore/main.ignore
index 8ea02b664..74fa9ec25 100644
--- a/dists/ignore/main.ignore
+++ b/dists/ignore/main.ignore
@@ -5,6 +5,8 @@
 # when ./configure is given the --full option
 apparmor.d/groups/_full
 root/etc/initramfs-tools
+root/usr/lib/initcpio
+root/usr/lib/systemd/
 
 apparmor.d/groups/apps