diff --git a/apparmor.d/profiles-s-z/steam b/apparmor.d/profiles-s-z/steam index d8e0a50c..0828786d 100644 --- a/apparmor.d/profiles-s-z/steam +++ b/apparmor.d/profiles-s-z/steam @@ -21,7 +21,6 @@ abi , include -@{arch} = amd64 i386 @{runtime} = SteamLinuxRuntime_sniper @{share_dirs} = @{user_share_dirs}/Steam @{HOME}/.steam/debian-installation @{lib_dirs} = @{share_dirs}/ubuntu@{int2}_{32,64} diff --git a/apparmor.d/profiles-s-z/steam-fossilize b/apparmor.d/profiles-s-z/steam-fossilize index b33c90d8..1786a5e4 100644 --- a/apparmor.d/profiles-s-z/steam-fossilize +++ b/apparmor.d/profiles-s-z/steam-fossilize @@ -6,7 +6,6 @@ abi , include -@{arch} = amd64 i386 @{runtime} = SteamLinuxRuntime_sniper @{share_dirs} = @{user_share_dirs}/Steam @{HOME}/.steam/debian-installation @{lib_dirs} = @{share_dirs}/ubuntu@{int2}_{32,64} @{share_dirs}/linux{32,64} diff --git a/apparmor.d/profiles-s-z/steam-game-native b/apparmor.d/profiles-s-z/steam-game-native index 2817006f..4246f787 100644 --- a/apparmor.d/profiles-s-z/steam-game-native +++ b/apparmor.d/profiles-s-z/steam-game-native @@ -6,7 +6,6 @@ abi , include -@{arch} = amd64 i386 @{runtime} = SteamLinuxRuntime_sniper @{share_dirs} = @{user_share_dirs}/Steam @{HOME}/.steam/debian-installation @{lib_dirs} = @{share_dirs}/ubuntu@{int2}_{32,64} @{share_dirs}/linux{32,64} diff --git a/apparmor.d/profiles-s-z/steam-game-proton b/apparmor.d/profiles-s-z/steam-game-proton index 95eec5ab..8f1939bd 100644 --- a/apparmor.d/profiles-s-z/steam-game-proton +++ b/apparmor.d/profiles-s-z/steam-game-proton @@ -6,7 +6,6 @@ abi , include -@{arch} = amd64 i386 @{runtime} = SteamLinuxRuntime_sniper @{share_dirs} = @{user_share_dirs}/Steam @{HOME}/.steam/debian-installation @{lib_dirs} = @{share_dirs}/ubuntu@{int2}_{32,64} @{share_dirs}/linux{32,64} diff --git a/apparmor.d/profiles-s-z/steam-gameoverlayui b/apparmor.d/profiles-s-z/steam-gameoverlayui index d6680ac6..ae01bf5d 100644 --- a/apparmor.d/profiles-s-z/steam-gameoverlayui +++ b/apparmor.d/profiles-s-z/steam-gameoverlayui @@ -6,7 +6,6 @@ abi , include -@{arch} = amd64 i386 @{runtime} = SteamLinuxRuntime_sniper @{share_dirs} = @{user_share_dirs}/Steam @{HOME}/.steam/debian-installation @{lib_dirs} = @{share_dirs}/ubuntu@{int2}_{32,64} @{share_dirs}/linux{32,64} diff --git a/apparmor.d/profiles-s-z/steam-launch b/apparmor.d/profiles-s-z/steam-launch index b1d820d8..975e432a 100644 --- a/apparmor.d/profiles-s-z/steam-launch +++ b/apparmor.d/profiles-s-z/steam-launch @@ -6,7 +6,6 @@ abi , include -@{arch} = amd64 i386 @{runtime} = SteamLinuxRuntime_sniper @{share_dirs} = @{user_share_dirs}/Steam @{HOME}/.steam/debian-installation @{lib_dirs} = @{share_dirs}/ubuntu@{int2}_{32,64} @{share_dirs}/linux{32,64} diff --git a/apparmor.d/profiles-s-z/steam-launcher b/apparmor.d/profiles-s-z/steam-launcher index 45fa3024..2605c15f 100644 --- a/apparmor.d/profiles-s-z/steam-launcher +++ b/apparmor.d/profiles-s-z/steam-launcher @@ -6,7 +6,6 @@ abi , include -@{arch} = amd64 i386 @{runtime} = SteamLinuxRuntime_sniper @{share_dirs} = @{user_share_dirs}/Steam @{HOME}/.steam/debian-installation @{lib_dirs} = @{share_dirs}/ubuntu@{int2}_{32,64} @{share_dirs}/linux{32,64} diff --git a/apparmor.d/profiles-s-z/steam-runtime b/apparmor.d/profiles-s-z/steam-runtime index 6fde5418..add024de 100644 --- a/apparmor.d/profiles-s-z/steam-runtime +++ b/apparmor.d/profiles-s-z/steam-runtime @@ -6,7 +6,6 @@ abi , include -@{arch} = amd64 i386 @{runtime} = SteamLinuxRuntime_sniper @{share_dirs} = @{user_share_dirs}/Steam @{HOME}/.steam/debian-installation @{lib_dirs} = @{share_dirs}/ubuntu@{int2}_{32,64} @{share_dirs}/linux{32,64} diff --git a/apparmor.d/profiles-s-z/steam-runtime-steam-remote b/apparmor.d/profiles-s-z/steam-runtime-steam-remote index 4f256ef2..1a6dd406 100644 --- a/apparmor.d/profiles-s-z/steam-runtime-steam-remote +++ b/apparmor.d/profiles-s-z/steam-runtime-steam-remote @@ -6,7 +6,6 @@ abi , include -@{arch} = amd64 i386 @{runtime} = SteamLinuxRuntime_sniper @{share_dirs} = @{user_share_dirs}/Steam @{HOME}/.steam/debian-installation @{lib_dirs} = @{share_dirs}/ubuntu@{int2}_{32,64} @{share_dirs}/linux{32,64} diff --git a/apparmor.d/profiles-s-z/steamerrorreporter b/apparmor.d/profiles-s-z/steamerrorreporter index 3e206e89..1d55e59a 100644 --- a/apparmor.d/profiles-s-z/steamerrorreporter +++ b/apparmor.d/profiles-s-z/steamerrorreporter @@ -6,7 +6,6 @@ abi , include -@{arch} = amd64 i386 @{runtime} = SteamLinuxRuntime_sniper @{share_dirs} = @{user_share_dirs}/Steam @{HOME}/.steam/debian-installation @{lib_dirs} = @{share_dirs}/ubuntu@{int2}_{32,64} @{share_dirs}/linux{32,64} diff --git a/apparmor.d/tunables/multiarch.d/system b/apparmor.d/tunables/multiarch.d/system index b2e1a3b0..9684cba1 100644 --- a/apparmor.d/tunables/multiarch.d/system +++ b/apparmor.d/tunables/multiarch.d/system @@ -91,6 +91,9 @@ @{dynamic}=23[4-9] 24[0-9] 25[0-4] # range 234 to 254 @{dynamic}+=38[4-9] 39[0-9] 4[0-9][0-9] 50[0-9] 51[0-1] # range 384 to 511 +# Common architecture names +@{arch}=x86_64 amd64 i386 + # OpenSUSE does not have the same multiarch structure @{multiarch}+=*-suse-linux* #aa:only opensuse diff --git a/pkg/aa/apparmor.go b/pkg/aa/apparmor.go index ad391598..a887d4b9 100644 --- a/pkg/aa/apparmor.go +++ b/pkg/aa/apparmor.go @@ -32,6 +32,7 @@ func NewAppArmorProfile() *AppArmorProfileFile { func DefaultTunables() *AppArmorProfileFile { return &AppArmorProfileFile{ Preamble: Rules{ + &Variable{Name: "arch", Values: []string{"x86_64", "amd64", "i386"}, Define: true}, &Variable{Name: "bin", Values: []string{"/{,usr/}{,s}bin"}, Define: true}, &Variable{Name: "c", Values: []string{"[0-9a-zA-Z]"}, Define: true}, &Variable{Name: "etc_ro", Values: []string{"/{,usr/}etc/"}, Define: true},