From 0bbbe71422e906c4cedda0e8e95ee62b7b7e8f25 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Thu, 2 May 2024 21:42:33 +0100
Subject: [PATCH] feat(tunable): add the new @{tmp} variable

Mostly used to handle libpam-tmpdir. See #318 #320
---
 apparmor.d/tunables/multiarch.d/system | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/apparmor.d/tunables/multiarch.d/system b/apparmor.d/tunables/multiarch.d/system
index 68efe0b7..330d4fee 100644
--- a/apparmor.d/tunables/multiarch.d/system
+++ b/apparmor.d/tunables/multiarch.d/system
@@ -56,6 +56,9 @@
 @{bin}=/{,usr/}{,s}bin
 @{lib}=/{,usr/}lib{,exec,32,64}
 
+# Common places for temporary files
+@{tmp}=/tmp/ /tmp/user/@{uid}/
+
 # Udev data dynamic assignment ranges
 @{dynamic}=23[4-9] 24[0-9] 25[0-4]                       # range 234 to 254
 @{dynamic}+=38[4-9] 39[0-9] 4[0-9][0-9] 50[0-9] 51[0-1]  # range 384 to 511