From 6dc990ac022748c98f185c26fa2fbdf0ba546c3e Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Sun, 19 Nov 2023 11:14:31 +0000
Subject: [PATCH] feat(full): set systemd profile name on build time.

---
 pkg/prebuild/prepare.go | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/pkg/prebuild/prepare.go b/pkg/prebuild/prepare.go
index 289c873b..2ed9e362 100644
--- a/pkg/prebuild/prepare.go
+++ b/pkg/prebuild/prepare.go
@@ -176,12 +176,25 @@ func SetFlags() error {
 // Set AppArmor for (experimental) full system policy.
 // See https://apparmor.pujol.io/development/structure/#full-system-policy
 func SetFullSystemPolicy() error {
+	// Install full system policy profiles
 	for _, name := range []string{"systemd", "systemd-user"} {
 		err := paths.New("apparmor.d/groups/_full/" + name).CopyTo(RootApparmord.Join(name))
 		if err != nil {
 			return err
 		}
 	}
+
+	// Set systemd profile name
+	path := paths.New("apparmor.d/tunables/multiarch.d/apparmor.d")
+	content, err := path.ReadFile()
+	if err != nil {
+		return err
+	}
+	res := strings.Replace(string(content), "@{systemd}=unconfined", "@{systemd}=systemd", -1)
+	if err := path.WriteFile([]byte(res)); err != nil {
+		return err
+	}
+
 	logging.Success("Configure AppArmor for full system policy")
 	return nil
 }