From 4e17001ce2b2d4c27aadd45083c2fe48b284e855 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Thu, 5 Sep 2024 14:08:08 +0100
Subject: [PATCH] feat(tunable): add the new python_path & python_name
 variables.

---
 apparmor.d/tunables/multiarch.d/paths    | 3 +++
 apparmor.d/tunables/multiarch.d/programs | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/apparmor.d/tunables/multiarch.d/paths b/apparmor.d/tunables/multiarch.d/paths
index a98f28ae..35bf0c58 100644
--- a/apparmor.d/tunables/multiarch.d/paths
+++ b/apparmor.d/tunables/multiarch.d/paths
@@ -13,6 +13,9 @@
 # Coreutils programs that should not have dedicated profile
 @{coreutils_path} = @{bin}/@{coreutils}
 
+# Python interpreters
+@{python_path} = @{bin}/@{python_name}
+
 # Browsers
 @{brave_path} =  @{brave_lib_dirs}/@{brave_name}
 @{chrome_path} =  @{opera_lib_dirs}/@{chrome_name}
diff --git a/apparmor.d/tunables/multiarch.d/programs b/apparmor.d/tunables/multiarch.d/programs
index e8c6b902..9c0c4d30 100644
--- a/apparmor.d/tunables/multiarch.d/programs
+++ b/apparmor.d/tunables/multiarch.d/programs
@@ -25,6 +25,9 @@
 @{coreutils} += sort split stat stdbuf stty sum sync tac tail tee test timeout touch tr true
 @{coreutils} += truncate tsort tty uname unexpand uniq unlink updatedb vdir wc who whoami xargs yes
 
+# Python interpreters
+@{python_name} = python{,3,3.[0-9],3.1[0-9]}
+
 # Browsers
 
 @{brave_name} = brave{,-beta,-dev,-bin}