# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2022-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only

abi <abi/4.0>,

include <tunables/global>

@{lib_dirs} = @{lib}/ /snap/{snapd,core}/@{int}@{lib}

@{exec_path} = @{lib_dirs}/snapd/snap-failure
profile snap-failure @{exec_path} {
  include <abstractions/base>

  @{exec_path} mr,

  @{bin}/systemctl         rCx -> systemctl,
  @{lib_dirs}/snapd/snapd  rPx,

  /var/lib/snapd/sequence/snapd.json r,

  @{PROC}/cmdline r,

  profile systemctl {
    include <abstractions/base>
    include <abstractions/app/systemctl>
  
    include if exists <local/snap-failure_systemctl>
  }

  include if exists <local/snap-failure>
}

# vim:syntax=apparmor