feat(tunable): add the new @{arch} variable.

apparmor.d/profiles-s-z/steam

@@ -21,7 +21,6 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{arch} = amd64 i386
 @{runtime} = SteamLinuxRuntime_sniper
 @{share_dirs} = @{user_share_dirs}/Steam @{HOME}/.steam/debian-installation
 @{lib_dirs} = @{share_dirs}/ubuntu@{int2}_{32,64}

apparmor.d/profiles-s-z/steam-fossilize

@@ -6,7 +6,6 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{arch} = amd64 i386
 @{runtime} = SteamLinuxRuntime_sniper
 @{share_dirs} = @{user_share_dirs}/Steam @{HOME}/.steam/debian-installation
 @{lib_dirs} = @{share_dirs}/ubuntu@{int2}_{32,64} @{share_dirs}/linux{32,64}

apparmor.d/profiles-s-z/steam-game-native

@@ -6,7 +6,6 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{arch} = amd64 i386
 @{runtime} = SteamLinuxRuntime_sniper
 @{share_dirs} = @{user_share_dirs}/Steam @{HOME}/.steam/debian-installation
 @{lib_dirs} = @{share_dirs}/ubuntu@{int2}_{32,64} @{share_dirs}/linux{32,64}

apparmor.d/profiles-s-z/steam-game-proton

@@ -6,7 +6,6 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{arch} = amd64 i386
 @{runtime} = SteamLinuxRuntime_sniper
 @{share_dirs} = @{user_share_dirs}/Steam @{HOME}/.steam/debian-installation
 @{lib_dirs} = @{share_dirs}/ubuntu@{int2}_{32,64} @{share_dirs}/linux{32,64}

apparmor.d/profiles-s-z/steam-gameoverlayui

@@ -6,7 +6,6 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{arch} = amd64 i386
 @{runtime} = SteamLinuxRuntime_sniper
 @{share_dirs} = @{user_share_dirs}/Steam @{HOME}/.steam/debian-installation
 @{lib_dirs} = @{share_dirs}/ubuntu@{int2}_{32,64} @{share_dirs}/linux{32,64}

apparmor.d/profiles-s-z/steam-launch

@@ -6,7 +6,6 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{arch} = amd64 i386
 @{runtime} = SteamLinuxRuntime_sniper
 @{share_dirs} = @{user_share_dirs}/Steam @{HOME}/.steam/debian-installation
 @{lib_dirs} = @{share_dirs}/ubuntu@{int2}_{32,64} @{share_dirs}/linux{32,64}

apparmor.d/profiles-s-z/steam-launcher

@@ -6,7 +6,6 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{arch} = amd64 i386
 @{runtime} = SteamLinuxRuntime_sniper
 @{share_dirs} = @{user_share_dirs}/Steam @{HOME}/.steam/debian-installation
 @{lib_dirs} = @{share_dirs}/ubuntu@{int2}_{32,64} @{share_dirs}/linux{32,64}

apparmor.d/profiles-s-z/steam-runtime

@@ -6,7 +6,6 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{arch} = amd64 i386
 @{runtime} = SteamLinuxRuntime_sniper
 @{share_dirs} = @{user_share_dirs}/Steam @{HOME}/.steam/debian-installation
 @{lib_dirs} = @{share_dirs}/ubuntu@{int2}_{32,64} @{share_dirs}/linux{32,64}

apparmor.d/profiles-s-z/steam-runtime-steam-remote

@@ -6,7 +6,6 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{arch} = amd64 i386
 @{runtime} = SteamLinuxRuntime_sniper
 @{share_dirs} = @{user_share_dirs}/Steam @{HOME}/.steam/debian-installation
 @{lib_dirs} = @{share_dirs}/ubuntu@{int2}_{32,64} @{share_dirs}/linux{32,64}

apparmor.d/profiles-s-z/steamerrorreporter

@@ -6,7 +6,6 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{arch} = amd64 i386
 @{runtime} = SteamLinuxRuntime_sniper
 @{share_dirs} = @{user_share_dirs}/Steam @{HOME}/.steam/debian-installation
 @{lib_dirs} = @{share_dirs}/ubuntu@{int2}_{32,64} @{share_dirs}/linux{32,64}

apparmor.d/tunables/multiarch.d/system

@@ -91,6 +91,9 @@
 @{dynamic}=23[4-9] 24[0-9] 25[0-4]                       # range 234 to 254
 @{dynamic}+=38[4-9] 39[0-9] 4[0-9][0-9] 50[0-9] 51[0-1]  # range 384 to 511
 
+# Common architecture names
+@{arch}=x86_64 amd64 i386 
+
 # OpenSUSE does not have the same multiarch structure
 @{multiarch}+=*-suse-linux*  #aa:only opensuse
 

pkg/aa/apparmor.go

@@ -32,6 +32,7 @@ func NewAppArmorProfile() *AppArmorProfileFile {
 func DefaultTunables() *AppArmorProfileFile {
 	return &AppArmorProfileFile{
 		Preamble: Rules{
+			&Variable{Name: "arch", Values: []string{"x86_64", "amd64", "i386"}, Define: true},
 			&Variable{Name: "bin", Values: []string{"/{,usr/}{,s}bin"}, Define: true},
 			&Variable{Name: "c", Values: []string{"[0-9a-zA-Z]"}, Define: true},
 			&Variable{Name: "etc_ro", Values: []string{"/{,usr/}etc/"}, Define: true},