From 3b42cc0ca736bffbc5b1d356dbbb3d3626ec2d25 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Sat, 11 Nov 2023 20:25:27 +0000
Subject: [PATCH] build: update full system policy setup.

---
 pkg/prebuild/prepare.go | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/pkg/prebuild/prepare.go b/pkg/prebuild/prepare.go
index 4d54cbec..289c873b 100644
--- a/pkg/prebuild/prepare.go
+++ b/pkg/prebuild/prepare.go
@@ -173,11 +173,10 @@ func SetFlags() error {
 	return nil
 }
 
-// Set AppArmor for full system policy
-// See https://gitlab.com/apparmor/apparmor/-/wikis/FullSystemPolicy
-// https://gitlab.com/apparmor/apparmor/-/wikis/AppArmorInSystemd#early-policy-loads
+// Set AppArmor for (experimental) full system policy.
+// See https://apparmor.pujol.io/development/structure/#full-system-policy
 func SetFullSystemPolicy() error {
-	for _, name := range []string{"init", "systemd"} {
+	for _, name := range []string{"systemd", "systemd-user"} {
 		err := paths.New("apparmor.d/groups/_full/" + name).CopyTo(RootApparmord.Join(name))
 		if err != nil {
 			return err