From 08a1aba39d11e04c4cad657078ded50cfe66c5c6 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Tue, 11 Jun 2024 00:01:46 +0100
Subject: [PATCH] feat(abs): bwrap: add special mount rule for debian.

---
 apparmor.d/abstractions/common/bwrap | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/apparmor.d/abstractions/common/bwrap b/apparmor.d/abstractions/common/bwrap
index f2e76bcd..4b961047 100644
--- a/apparmor.d/abstractions/common/bwrap
+++ b/apparmor.d/abstractions/common/bwrap
@@ -2,10 +2,9 @@
 # Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
-# Minimal set of rules for bwrap
-
+# A minimal set of rules for sandboxed programs using bwrap. 
 # A profile using this abstraction still needs to set:
-# - the attach_disconnected flag
+# - the flag: attach_disconnected
 # - bwrap execution: '@{bin}/bwrap rix,'
 
   # userns,
@@ -31,6 +30,9 @@
   umount /,
   umount /oldroot/,
 
+  #aa:only debian whonix
+  mount -> /newroot/{,**}, # Debian does not support the remount rule.
+
   pivot_root oldroot=/newroot/ /newroot/,
   pivot_root oldroot=/tmp/oldroot/ /tmp/,