Rewrite the configure process.

- Install all
- Ignore a few
- Set flags on specific profile.

configure

@@ -49,24 +49,34 @@ initialise() {
 	_init
 	remove_files
 
-	mkdir "${ROOT:?}/apparmor.d/profiles"
-	mv "${ROOT:?}/apparmor.d/groups/"*/* "${ROOT:?}/apparmor.d/profiles/"
+	echo "Ignore profiles in profiles.ignore."
+    while read -r profile; do
+		[[ "$profile" =~ ^\# ]] && continue
+		if [[ "$profile" == */ ]]; then
+			find "$ROOT/apparmor.d" -iname "${profile////}" -type d -exec rm -r {} \; 
+		else
+			find "$ROOT/apparmor.d" -iname "$profile" -type f -exec rm {} \;
+		fi
+    done <profiles.ignore
+
+	echo "Synchronise all profiles."
+	mv "${ROOT:?}/apparmor.d/groups/"*/* "${ROOT:?}/apparmor.d/"
 	rm -rf "${ROOT:?}/apparmor.d/groups/"
 	for dir in profiles-a-l profiles-m-z; do
-		mv "${ROOT:?}/apparmor.d/$dir/"* "${ROOT:?}/apparmor.d/profiles/"
+		mv "${ROOT:?}/apparmor.d/$dir/"* "${ROOT:?}/apparmor.d/"
 		rm -rf "${ROOT:?}/apparmor.d/$dir"
 	done
 }
 
-# Generate the apparmor.d directory with profile from the manifest
-generate() {
-	echo "Generated apparmor.d directory: $ROOT"
+# Set flags on some profile
+setflags() {
+	echo "Set apparmor flags from profiles.flags"
     while read -r profile; do
         IFS=' ' read -r -a manifest <<< "$profile"
         profile="${manifest[0]}" flags="${manifest[1]}"
 
         [[ "$profile" =~ ^\# ]] && continue
-		path="${ROOT:?}/apparmor.d/profiles/$profile"
+		path="${ROOT:?}/apparmor.d/$profile"
         if [[ ! -f "$path" ]]; then
 			_warning "Profile $profile not found"
 			continue
@@ -80,11 +90,7 @@ generate() {
 				-i "$path"
         fi
 
-        mv "$path" "${ROOT:?}/apparmor.d/"
-
-    done <profiles.manifest
-
-    rm -rf "${ROOT:?}/apparmor.d/profiles"
+    done <profiles.flags
 }
 
 # Print help message
@@ -113,7 +119,7 @@ main() {
 
 	configure
 	initialise
-	generate
+	setflags
 
 	exit 0
 }

profiles.flags

@@ -1,89 +1,30 @@
-aa-notify
-accounts-daemon
-acpi
 acpid attach_disconnected,complain
-adb
-adduser
-amixer
+adb complain
+agetty complain
 arch-audit complain
 at-spi-bus-launcher attach_disconnected
-at-spi2-registryd
 auditd complain
 badblocks complain
 biosdecode complain
 blkid complain
 blockdev complain
-blueman
-blueman-mechanism
-blueman-rfcomm-watcher
-bluemoon
-bluetoothctl
-bluetoothd
 bootctl complain
 borg complain
-browserpass
 cfdisk complain
 cgdisk complain
-chage
-chfn
-child-lsb_release
-child-pager
-child-systemctl
 chrome-gnome-shell complain
-chromium
-chromium-chrome-sandbox
-chromium-chromium
-chsh
-colord
-colord-sane
-colord-session
-coredumpctl
-cpupower
-crda
 dbus-daemon attach_disconnected,complain
 dbus-daemon-launch-helper complain
 dbus-run-session complain
-dconf-editor
-dconf-service
-df
-dfc
-dhclient
-dig
-dirmngr
 dkms complain
-dmcrypt-get-device
 dmesg complain
-dmidecode
-dumpe2fs
 e2fsck complain
 e2image complain
-eject
-evolution-addressbook-factory
-evolution-alarm-notify
-evolution-calendar-factory
-evolution-source-registry
-exo-open
 fatlabel complain
 fc-cache complain
 fc-list complain
 fdisk complain
-ffmpeg
-ffplay
-ffprobe
-filecap
-firefox
-firefox-crashreporter
-firefox-minidump-analyzer
-firefox-pingsender
-firefox-plugin-container
-freefall
-fsck
-fsck-btrfs
 fsck-ext4 complain
-fsck-fat
-fuseiso
-fusermount
-gconfd
 gdisk complain
 gdk-pixbuf-query-loaders complain
 gdm attach_disconnected,complain
@@ -91,11 +32,8 @@ gdm-session-worker attach_disconnected,complain
 gdm-wayland-session complain
 gdm-x-session attach_disconnected,complain
 gdm-xsession complain
-gio-launch-desktop
 gio-querymodules complain
 git complain
-gitstatusd
-gjs-console
 glib-compile-resources complain
 glib-compile-schemas complain
 glib-genmarshal complain
@@ -115,18 +53,9 @@ gnome-shell attach_disconnected,complain
 gnome-shell-calendar-server complain
 gnome-shell-hotplug-sniffer complain
 gnome-tweak-tool-lid-inhibitor complain
-goa-daemon
-goa-identity-service
-gpasswd
-gpg-agent
-gpg-connect-agent
 gpgconf complain
 gpgsm complain
-groupadd
-groupdel
-groupmod
 groups complain
-grpck
 gsd-a11y-settings attach_disconnected,complain
 gsd-color attach_disconnected,complain
 gsd-datetime attach_disconnected,complain
@@ -145,79 +74,19 @@ gsd-sound attach_disconnected,complain
 gsd-usb-protection complain
 gsd-wacom attach_disconnected,complain
 gsd-xsettings attach_disconnected,complain
-gtk-update-icon-cache
-gvfs-afc-volume-monitor
-gvfs-goa-volume-monitor
-gvfs-gphoto2-volume-monitor
-gvfs-mtp-volume-monitor
-gvfs-udisks2-volume-monitor
-gvfsd
-gvfsd-admin
-gvfsd-afc
-gvfsd-afp
-gvfsd-afp-browse
-gvfsd-archive
-gvfsd-burn
-gvfsd-cdda
-gvfsd-computer
-gvfsd-dav
-gvfsd-dnssd
-gvfsd-ftp
-gvfsd-fuse
-gvfsd-google
-gvfsd-gphoto2
-gvfsd-http
-gvfsd-localtest
-gvfsd-metadata
-gvfsd-mtp
-gvfsd-network
-gvfsd-nfs
-gvfsd-recent
-gvfsd-sftp
-gvfsd-smb
-gvfsd-smb-browse
-gvfsd-trash
-haveged
-hostname
+gvfsd-dav complain
 hostnamectl complain
 htop complain
-ibus-daemon
-ibus-dconf
-ibus-engine-simple
-ibus-extension-gtk3
-ibus-portal
-ibus-x11
-id
-ifconfig
 install-info complain
-ip
-ipcalc
 kernel-install complain
 kmod complain
 last complain
 lastlog complain
-less
 libvirt-dbus complain
-libvirt/TEMPLATE.lxc
-libvirt/TEMPLATE.qemu
 localectl complain
-logrotate
-lsblk
-lscpu
-lspci
-lsusb
-mandb
-mimetype
-mke2fs
+mission-control complain
 mkinitcpio complain
-mkntfs
-mkswap
 mount complain
-nautilus
-netcap
-networkctl
-NetworkManager
-newgrp
 nft complain
 nm-dhcp-helper complain
 nm-dispatcher complain
@@ -229,23 +98,6 @@ nm-openvpn-service-openvpn-helper complain
 nmap complain
 ntfs-3g complain
 ntfs-3g-probe complain
-ntfscat
-ntfsclone
-ntfscluster
-ntfscmp
-ntfscp
-ntfsdecrypt
-ntfsfix
-ntfsinfo
-ntfslabel
-ntfsls
-ntfsrecover
-ntfsresize
-ntfssecaudit
-ntfstruncate
-ntfsundelete
-ntfsusermap
-ntfswipe
 obex-folder-listing complain
 obexautofs complain
 obexctl complain
@@ -253,137 +105,59 @@ obexd complain
 obexfs complain
 obexpush-atd complain
 obexpushd complain
-openvpn
 pacdiff complain
-pacman complain
 pacman-conf attach_disconnected,complain
 pacman-key complain
-pacmd
-pactl
-parted
-partprobe
-passwd
-pcscd
 pinentry-gtk-2 complain
-pinentry-qt
-pkexec
-polkit-agent-helper
-polkitd
-ps
-pscap
-pulseaudio
+pipewire complain
+pipewire-media-session complain
 pwck complain
 reflector attach_disconnected,complain
-resize2fs
-rfkill
-rngd
-rtkit-daemon
-rtkitctl
 run-parts complain
-runc complain
 runuser complain
-scdaemon
 seahorse complain
-sensors
-sensors-detect
-setpci
-setpriv
-sfdisk
-sgdisk
 ssh complain
-ssh-agent
-sshfs
+su complain
 sudo complain
 swaplabel complain
 swapoff complain
 swapon complain
-systemd-ac-power
 systemd-analyze complain
 systemd-ask-password complain
-systemd-backlight
 systemd-binfmt complain
-systemd-coredump
-systemd-detect-virt
 systemd-environment-d-generator complain
 systemd-escape complain
-systemd-fsck
-systemd-fsckd
-systemd-hostnamed
 systemd-hwdb complain
-systemd-journald
-systemd-localed
 systemd-logind complain
 systemd-machine-id-setup complain
 systemd-machined complain
-systemd-modules-load
 systemd-mount complain
-systemd-networkd
-systemd-networkd-wait-online
 systemd-notify complain
 systemd-path complain
 systemd-random-seed complain
 systemd-remount-fs complain
+systemd-resolve complain
 systemd-resolved complain
-systemd-rfkill
-systemd-shutdown
-systemd-sysctl
 systemd-sysusers complain
-systemd-timedated
-systemd-timesyncd
 systemd-tmpfiles complain
 systemd-tty-ask-password-agent complain
-systemd-udevd
 systemd-xdg-autostart-generator complain
 timedatectl complain
-top
 tracker-extract complain
-tracker-miner
-tune2fs
 udisksctl complain
 udisksd attach_disconnected,complain
 umount complain
 umount.udisks2 complain
-uname
-update-alternatives
 update-ca-trust complain
-update-desktop-database
 update-mime-database complain
 update-pciids complain
-upower
-upowerd
-uptime
-usb-devices
-usbguard
-usbguard-daemon
-usbguard-dbus
-usbguard-notifier
-useradd
-userdel
-usermod
-usr.bin.man
-usr.bin.tcpdump
-utmpdump
 virt-manager complain
+virtlogd complain
 vlc-cache-gen complain
-w
-whiptail
-who
-wpa_cli
-wpa-supplicant
 xbrlapi attach_disconnected,complain
 xclip complain
 xdg-dbus-proxy attach_disconnected,complain
-xdg-desktop-menu
-xdg-email
-xdg-icon-resource
-xdg-mime
-xdg-open
-xdg-screensaver
-xdg-settings
 xdg-user-dirs-update complain
-xhost
-xkbcomp
-xprop
-xrdb
+xhost complain
 xset complain
-xwayland
+systemd-update-utmp complain