mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-02-20 08:55:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(aa): refractor template to allow multiple templates.

Browse source
This commit is contained in:
Alexandre Pujol 2024-04-17 18:02:41 +01:00
parent 890275fb22
commit 8ef858ad35
Failed to generate hash of commit
20 changed files with 347 additions and 214 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
pkg/aa/apparmor.go
View file

@ -44,7 +44,7 @@ func NewAppArmorProfile() *AppArmorProfileFile {
// String returns the formatted representation of a profile as a string
func (f *AppArmorProfileFile) String() string {
var res bytes.Buffer
err := tmplAppArmorProfile.Execute(&res, f)
err := tmpl["apparmor"].Execute(&res, f)
if err != nil {
return err.Error()
}

31
pkg/aa/template.go
View file

@ -6,6 +6,7 @@ package aa
import (
"embed"
"fmt"
"reflect"
"strings"
"text/template"
@ -26,8 +27,10 @@ var (
"overindent": indentDbus,
}
// The apparmor profile template
tmplAppArmorProfile = generateTemplate()
// The apparmor templates
tmpl = map[string]*template.Template{
"apparmor": generateTemplate("apparmor.j2"),
}
// convert apparmor requested mask to apparmor access mode
requestedMaskToAccess = map[string]string{
@ -96,9 +99,27 @@ var (
fileWeights = map[string]int{}
)
func generateTemplate() *template.Template {
res := template.New("file.j2").Funcs(tmplFunctionMap)
res = template.Must(res.ParseFS(tmplFiles, "templates/*.j2"))
func generateTemplate(name string) *template.Template {
res := template.New(name).Funcs(tmplFunctionMap)
switch name {
case "apparmor.j2":
res = template.Must(res.ParseFS(tmplFiles,
"templates/*.j2", "templates/rule/*.j2",
))
case "profile.j2":
res = template.Must(res.Parse("{{ template \"profile\" . }}"))
res = template.Must(res.ParseFS(tmplFiles,
"templates/profile.j2", "templates/rule/*.j2",
))
default:
res = template.Must(res.Parse(
fmt.Sprintf("{{ template \"%s\" . }}", name),
))
res = template.Must(res.ParseFS(tmplFiles,
fmt.Sprintf("templates/rule/%s.j2", name),
"templates/rule/qualifier.j2", "templates/rule/comment.j2",
))
}
return res
}

0
pkg/aa/templates/file.j2 → pkg/aa/templates/apparmor.j2
View file

228
pkg/aa/templates/profile.j2
View file

@ -18,13 +18,14 @@
{{- with .Flags -}}
{{ " flags=(" }}{{ join . }}{{ ")" }}
{{- end -}}
{{- "{\n" -}}
{{- " {\n" -}}
{{- end -}}
{{- $oldtype := "" -}}
{{- range .Rules -}}
{{- $type := typeof . -}}
{{- if eq $type "Rule" -}}
{{- template "comment" . -}}
{{- "\n" -}}
{{- continue -}}
{{- end -}}
@ -38,252 +39,63 @@
{{- end -}}
{{- if eq $type "Rlimit" -}}
{{ "set rlimit " }}{{ .Key }} {{ .Op }} {{ .Value }}{{ "," }}{{ template "comment" . }}
{{- template "rlimit" . -}}
{{- end -}}
{{- if eq $type "Userns" -}}
{{- if .Create -}}
{{ template "qualifier" . }}{{ "userns," }}{{ template "comment" . }}
{{- end -}}
{{- template "userns" . -}}
{{- end -}}
{{- if eq $type "Capability" -}}
{{ template "qualifier" . }}{{ "capability " }}{{ .Name }}{{ "," }}{{ template "comment" . }}
{{- template "capability" . -}}
{{- end -}}
{{- if eq $type "Network" -}}
{{- template "qualifier" . -}}
{{ "network" }}
{{- with .Domain -}}
{{ " " }}{{ . }}
{{- end -}}
{{- with .Type -}}
{{ " " }}{{ . }}
{{- else -}}
{{- with .Protocol -}}
{{ " " }}{{ . }}
{{- end -}}
{{- end -}}
{{- "," -}}
{{- template "comment" . -}}
{{- template "network" . -}}
{{- end -}}
{{- if eq $type "Mount" -}}
{{- template "qualifier" . -}}
{{- "mount" -}}
{{- with .FsType -}}
{{ " fstype=" }}{{ . }}
{{- end -}}
{{- with .Options -}}
{{ " options=(" }}{{ join . }}{{ ")" }}
{{- end -}}
{{- with .Source -}}
{{ " " }}{{ . }}
{{- end -}}
{{- with .MountPoint -}}
{{ " -> " }}{{ . }}
{{- end -}}
{{- "," -}}
{{- template "comment" . -}}
{{- end -}}
{{- if eq $type "Umount" -}}
{{- template "qualifier" . -}}
{{- "umount" -}}
{{- with .FsType -}}
{{ " fstype=" }}{{ . }}
{{- end -}}
{{- with .Options -}}
{{ " options=(" }}{{ join . }}{{ ")" }}
{{- end -}}
{{- with .MountPoint -}}
{{ " " }}{{ . }}
{{- end -}}
{{- "," -}}
{{- template "comment" . -}}
{{- template "mount" . -}}
{{- end -}}
{{- if eq $type "Remount" -}}
{{- template "qualifier" . -}}
{{- "remount" -}}
{{- with .FsType -}}
{{ " fstype=" }}{{ . }}
{{- end -}}
{{- with .Options -}}
{{ " options=(" }}{{ join . }}{{ ")" }}
{{- end -}}
{{- with .MountPoint -}}
{{ " " }}{{ . }}
{{- end -}}
{{- "," -}}
{{- template "comment" . -}}
{{- template "remount" . -}}
{{- end -}}
{{- if eq $type "Umount" -}}
{{- template "umount" . -}}
{{- end -}}
{{- if eq $type "PivotRoot" -}}
{{- template "qualifier" . -}}
{{- "pivot_root" -}}
{{- with .OldRoot -}}
{{ " oldroot=" }}{{ . }}
{{- end -}}
{{- with .NewRoot -}}
{{ " " }}{{ . }}
{{- end -}}
{{- with .TargetProfile -}}
{{ " -> " }}{{ . }}
{{- end -}}
{{- "," -}}
{{- template "comment" . -}}
{{- template "pivot_root" . -}}
{{- end -}}
{{- if eq $type "ChangeProfile" -}}
{{- template "qualifier" . -}}
{{- "change_profile" -}}
{{- with .ExecMode -}}
{{ " " }}{{ . }}
{{- end -}}
{{- with .Exec -}}
{{ " " }}{{ . }}
{{- end -}}
{{- with .ProfileName -}}
{{ " -> " }}{{ . }}
{{- end -}}
{{- "," -}}
{{- template "comment" . -}}
{{- template "change_profile" . -}}
{{- end -}}
{{- if eq $type "Mqueue" -}}
{{- template "qualifier" . -}}
{{- "mqueue" -}}
{{- with .Access -}}
{{ " " }}{{ . }}
{{- end -}}
{{- with .Type -}}
{{ " type=" }}{{ . }}
{{- end -}}
{{- with .Label -}}
{{ " label=" }}{{ . }}
{{- end -}}
{{- with .Name -}}
{{ " " }}{{ . }}
{{- end -}}
{{- "," -}}
{{- template "comment" . -}}
{{- template "mqueue" . -}}
{{- end -}}
{{- if eq $type "Unix" -}}
{{- template "qualifier" . -}}
{{- "unix" -}}
{{- with .Access -}}
{{ " (" }}{{ . }}{{ ")" }}
{{- end -}}
{{- with .Type -}}
{{ " type=" }}{{ . }}
{{- end -}}
{{- with .Protocol -}}
{{ " protocol=" }}{{ . }}
{{- end -}}
{{- with .Address -}}
{{ " addr=" }}{{ . }}
{{- end -}}
{{- with .Label -}}
{{ " label=" }}{{ . }}
{{- end -}}
{{- if and .PeerLabel .PeerAddr -}}
{{ " peer=(label=" }}{{ .PeerLabel }}{{ ", addr="}}{{ .PeerAddr }}{{ ")" }}
{{- else -}}
{{- with .PeerLabel -}}
{{ overindent "peer=(label=" }}{{ . }}{{ ")" }}
{{- end -}}
{{- with .PeerAddr -}}
{{ overindent "peer=(addr=" }}{{ . }}{{ ")" }}
{{- end -}}
{{- end -}}
{{- "," -}}
{{- template "comment" . -}}
{{- template "unix" . -}}
{{- end -}}
{{- if eq $type "Ptrace" -}}
{{- template "qualifier" . -}}
{{- "ptrace" -}}
{{- with .Access -}}
{{ " (" }}{{ . }}{{ ")" }}
{{- end -}}
{{- with .Peer -}}
{{ " peer=" }}{{ . }}
{{- end -}}
{{- "," -}}
{{- template "comment" . -}}
{{- template "ptrace" . -}}
{{- end -}}
{{- if eq $type "Signal" -}}
{{- template "qualifier" . -}}
{{- "signal" -}}
{{- with .Access -}}
{{ " (" }}{{ . }}{{ ")" }}
{{- end -}}
{{- with .Set -}}
{{ " set=(" }}{{ . }}{{ ")" }}
{{- end -}}
{{- with .Peer -}}
{{ " peer=" }}{{ . }}
{{- end -}}
{{- "," -}}
{{- template "comment" . -}}
{{- template "signal" . -}}
{{- end -}}
{{- if eq $type "Dbus" -}}
{{- template "qualifier" . -}}
{{- "dbus" -}}
{{- if eq .Access "bind" -}}
{{ " bind bus=" }}{{ .Bus }}{{ " name=" }}{{ .Name }}
{{- else -}}
{{- with .Access -}}
{{ " " }}{{ . }}
{{- end -}}
{{- with .Bus -}}
{{ " bus=" }}{{ . }}
{{- end -}}
{{- with .Path -}}
{{ " path=" }}{{ . }}
{{- end -}}
{{ "\n" }}
{{- with .Interface -}}
{{ overindent "interface=" }}{{ . }}{{ "\n" }}
{{- end -}}
{{- with .Member -}}
{{ overindent "member=" }}{{ . }}{{ "\n" }}
{{- end -}}
{{- if and .PeerName .PeerLabel -}}
{{ overindent "peer=(name=" }}{{ .PeerName }}{{ ", label="}}{{ .PeerLabel }}{{ ")" }}
{{- else -}}
{{- with .PeerName -}}
{{ overindent "peer=(name=" }}{{ . }}{{ ")" }}
{{- end -}}
{{- with .PeerLabel -}}
{{ overindent "peer=(label=" }}{{ . }}{{ ")" }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- "," -}}
{{- template "comment" . -}}
{{- template "dbus" . -}}
{{- end -}}
{{- if eq $type "File" -}}
{{- template "qualifier" . -}}
{{- if .Owner -}}
{{- "owner " -}}
{{- end -}}
{{- .Path -}}
{{- " " -}}
{{- with .Padding -}}
{{ . }}
{{- end -}}
{{- .Access -}}
{{- with .Target -}}
{{ " -> " }}{{ . }}
{{- end -}}
{{- "," -}}
{{- template "comment" . -}}
{{- template "file" . -}}
{{- end -}}
{{- if eq $type "Profile" -}}

7
pkg/aa/templates/rule/capability.j2 Normal file
View file

@ -0,0 +1,7 @@
{{- /* apparmor.d - Full set of apparmor profiles */ -}}
{{- /* Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io> */ -}}
{{- /* SPDX-License-Identifier: GPL-2.0-only */ -}}
{{- define "capability" -}}
{{ template "qualifier" . }}{{ "capability " }}{{ .Name }}{{ "," }}{{ template "comment" . }}
{{- end -}}

19
pkg/aa/templates/rule/change_profile.j2 Normal file
View file

@ -0,0 +1,19 @@
{{- /* apparmor.d - Full set of apparmor profiles */ -}}
{{- /* Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io> */ -}}
{{- /* SPDX-License-Identifier: GPL-2.0-only */ -}}
{{- define "change_profile" -}}
{{- template "qualifier" . -}}
{{- "change_profile" -}}
{{- with .ExecMode -}}
{{ " " }}{{ . }}
{{- end -}}
{{- with .Exec -}}
{{ " " }}{{ . }}
{{- end -}}
{{- with .ProfileName -}}
{{ " -> " }}{{ . }}
{{- end -}}
{{- "," -}}
{{- template "comment" . -}}
{{- end -}}

4
pkg/aa/templates/comment.j2 → pkg/aa/templates/rule/comment.j2
View file

@ -1,3 +1,7 @@
{{- /* apparmor.d - Full set of apparmor profiles */ -}}
{{- /* Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io> */ -}}
{{- /* SPDX-License-Identifier: GPL-2.0-only */ -}}
{{- define "comment" -}}
{{- if or .FileInherit .NoNewPrivs .Optional .Comment -}}
{{- " #" -}}

40
pkg/aa/templates/rule/dbus.j2 Normal file
View file

@ -0,0 +1,40 @@
{{- /* apparmor.d - Full set of apparmor profiles */ -}}
{{- /* Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io> */ -}}
{{- /* SPDX-License-Identifier: GPL-2.0-only */ -}}
{{- define "dbus" -}}
{{- template "qualifier" . -}}
{{- "dbus" -}}
{{- if eq .Access "bind" -}}
{{ " bind bus=" }}{{ .Bus }}{{ " name=" }}{{ .Name }}
{{- else -}}
{{- with .Access -}}
{{ " " }}{{ . }}
{{- end -}}
{{- with .Bus -}}
{{ " bus=" }}{{ . }}
{{- end -}}
{{- with .Path -}}
{{ " path=" }}{{ . }}
{{- end -}}
{{ "\n" }}
{{- with .Interface -}}
{{ overindent "interface=" }}{{ . }}{{ "\n" }}
{{- end -}}
{{- with .Member -}}
{{ overindent "member=" }}{{ . }}{{ "\n" }}
{{- end -}}
{{- if and .PeerName .PeerLabel -}}
{{ overindent "peer=(name=" }}{{ .PeerName }}{{ ", label="}}{{ .PeerLabel }}{{ ")" }}
{{- else -}}
{{- with .PeerName -}}
{{ overindent "peer=(name=" }}{{ . }}{{ ")" }}
{{- end -}}
{{- with .PeerLabel -}}
{{ overindent "peer=(label=" }}{{ . }}{{ ")" }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- "," -}}
{{- template "comment" . -}}
{{- end -}}

21
pkg/aa/templates/rule/file.j2 Normal file
View file

@ -0,0 +1,21 @@
{{- /* apparmor.d - Full set of apparmor profiles */ -}}
{{- /* Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io> */ -}}
{{- /* SPDX-License-Identifier: GPL-2.0-only */ -}}
{{- define "file" -}}
{{- template "qualifier" . -}}
{{- if .Owner -}}
{{- "owner " -}}
{{- end -}}
{{- .Path -}}
{{- " " -}}
{{- with .Padding -}}
{{ . }}
{{- end -}}
{{- .Access -}}
{{- with .Target -}}
{{ " -> " }}{{ . }}
{{- end -}}
{{- "," -}}
{{- template "comment" . -}}
{{- end -}}

4
pkg/aa/templates/include.j2 → pkg/aa/templates/rule/include.j2
View file

@ -1,3 +1,7 @@
{{- /* apparmor.d - Full set of apparmor profiles */ -}}
{{- /* Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io> */ -}}
{{- /* SPDX-License-Identifier: GPL-2.0-only */ -}}
{{- define "include" -}}
{{- "include" -}}
{{- if .IfExists -}}

54
pkg/aa/templates/rule/mount.j2 Normal file
View file

@ -0,0 +1,54 @@
{{- /* apparmor.d - Full set of apparmor profiles */ -}}
{{- /* Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io> */ -}}
{{- /* SPDX-License-Identifier: GPL-2.0-only */ -}}
{{- define "mount" -}}
{{- template "qualifier" . -}}
{{- "mount" -}}
{{- with .FsType -}}
{{ " fstype=" }}{{ . }}
{{- end -}}
{{- with .Options -}}
{{ " options=(" }}{{ join . }}{{ ")" }}
{{- end -}}
{{- with .Source -}}
{{ " " }}{{ . }}
{{- end -}}
{{- with .MountPoint -}}
{{ " -> " }}{{ . }}
{{- end -}}
{{- "," -}}
{{- template "comment" . -}}
{{- end -}}
{{- define "remount" -}}
{{- template "qualifier" . -}}
{{- "remount" -}}
{{- with .FsType -}}
{{ " fstype=" }}{{ . }}
{{- end -}}
{{- with .Options -}}
{{ " options=(" }}{{ join . }}{{ ")" }}
{{- end -}}
{{- with .MountPoint -}}
{{ " " }}{{ . }}
{{- end -}}
{{- "," -}}
{{- template "comment" . -}}
{{- end -}}
{{- define "umount" -}}
{{- template "qualifier" . -}}
{{- "umount" -}}
{{- with .FsType -}}
{{ " fstype=" }}{{ . }}
{{- end -}}
{{- with .Options -}}
{{ " options=(" }}{{ join . }}{{ ")" }}
{{- end -}}
{{- with .MountPoint -}}
{{ " " }}{{ . }}
{{- end -}}
{{- "," -}}
{{- template "comment" . -}}
{{- end -}}

22
pkg/aa/templates/rule/mqueue.j2 Normal file
View file

@ -0,0 +1,22 @@
{{- /* apparmor.d - Full set of apparmor profiles */ -}}
{{- /* Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io> */ -}}
{{- /* SPDX-License-Identifier: GPL-2.0-only */ -}}
{{- define "mqueue" -}}
{{- template "qualifier" . -}}
{{- "mqueue" -}}
{{- with .Access -}}
{{ " " }}{{ . }}
{{- end -}}
{{- with .Type -}}
{{ " type=" }}{{ . }}
{{- end -}}
{{- with .Label -}}
{{ " label=" }}{{ . }}
{{- end -}}
{{- with .Name -}}
{{ " " }}{{ . }}
{{- end -}}
{{- "," -}}
{{- template "comment" . -}}
{{- end -}}

20
pkg/aa/templates/rule/network.j2 Normal file
View file

@ -0,0 +1,20 @@
{{- /* apparmor.d - Full set of apparmor profiles */ -}}
{{- /* Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io> */ -}}
{{- /* SPDX-License-Identifier: GPL-2.0-only */ -}}
{{- define "network" -}}
{{- template "qualifier" . -}}
{{ "network" }}
{{- with .Domain -}}
{{ " " }}{{ . }}
{{- end -}}
{{- with .Type -}}
{{ " " }}{{ . }}
{{- else -}}
{{- with .Protocol -}}
{{ " " }}{{ . }}
{{- end -}}
{{- end -}}
{{- "," -}}
{{- template "comment" . -}}
{{- end -}}

19
pkg/aa/templates/rule/pivot_root.j2 Normal file
View file

@ -0,0 +1,19 @@
{{- /* apparmor.d - Full set of apparmor profiles */ -}}
{{- /* Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io> */ -}}
{{- /* SPDX-License-Identifier: GPL-2.0-only */ -}}
{{- define "pivot_root" -}}
{{- template "qualifier" . -}}
{{- "pivot_root" -}}
{{- with .OldRoot -}}
{{ " oldroot=" }}{{ . }}
{{- end -}}
{{- with .NewRoot -}}
{{ " " }}{{ . }}
{{- end -}}
{{- with .TargetProfile -}}
{{ " -> " }}{{ . }}
{{- end -}}
{{- "," -}}
{{- template "comment" . -}}
{{- end -}}

16
pkg/aa/templates/rule/ptrace.j2 Normal file
View file

@ -0,0 +1,16 @@
{{- /* apparmor.d - Full set of apparmor profiles */ -}}
{{- /* Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io> */ -}}
{{- /* SPDX-License-Identifier: GPL-2.0-only */ -}}
{{- define "ptrace" -}}
{{- template "qualifier" . -}}
{{- "ptrace" -}}
{{- with .Access -}}
{{ " (" }}{{ . }}{{ ")" }}
{{- end -}}
{{- with .Peer -}}
{{ " peer=" }}{{ . }}
{{- end -}}
{{- "," -}}
{{- template "comment" . -}}
{{- end -}}

4
pkg/aa/templates/qualifier.j2 → pkg/aa/templates/rule/qualifier.j2
View file

@ -1,3 +1,7 @@
{{- /* apparmor.d - Full set of apparmor profiles */ -}}
{{- /* Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io> */ -}}
{{- /* SPDX-License-Identifier: GPL-2.0-only */ -}}
{{- define "qualifier" -}}
{{- with .Prefix -}}
{{ . }}

7
pkg/aa/templates/rule/rlimit.j2 Normal file
View file

@ -0,0 +1,7 @@
{{- /* apparmor.d - Full set of apparmor profiles */ -}}
{{- /* Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io> */ -}}
{{- /* SPDX-License-Identifier: GPL-2.0-only */ -}}
{{- define "rlimit" -}}
{{ "set rlimit " }}{{ .Key }} {{ .Op }} {{ .Value }}{{ "," }}{{ template "comment" . }}
{{- end -}}

19
pkg/aa/templates/rule/signal.j2 Normal file
View file

@ -0,0 +1,19 @@
{{- /* apparmor.d - Full set of apparmor profiles */ -}}
{{- /* Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io> */ -}}
{{- /* SPDX-License-Identifier: GPL-2.0-only */ -}}
{{- define "signal" -}}
{{- template "qualifier" . -}}
{{- "signal" -}}
{{- with .Access -}}
{{ " (" }}{{ . }}{{ ")" }}
{{- end -}}
{{- with .Set -}}
{{ " set=(" }}{{ . }}{{ ")" }}
{{- end -}}
{{- with .Peer -}}
{{ " peer=" }}{{ . }}
{{- end -}}
{{- "," -}}
{{- template "comment" . -}}
{{- end -}}

35
pkg/aa/templates/rule/unix.j2 Normal file
View file

@ -0,0 +1,35 @@
{{- /* apparmor.d - Full set of apparmor profiles */ -}}
{{- /* Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io> */ -}}
{{- /* SPDX-License-Identifier: GPL-2.0-only */ -}}
{{- define "unix" -}}
{{- template "qualifier" . -}}
{{- "unix" -}}
{{- with .Access -}}
{{ " (" }}{{ . }}{{ ")" }}
{{- end -}}
{{- with .Type -}}
{{ " type=" }}{{ . }}
{{- end -}}
{{- with .Protocol -}}
{{ " protocol=" }}{{ . }}
{{- end -}}
{{- with .Address -}}
{{ " addr=" }}{{ . }}
{{- end -}}
{{- with .Label -}}
{{ " label=" }}{{ . }}
{{- end -}}
{{- if and .PeerLabel .PeerAddr -}}
{{ " peer=(label=" }}{{ .PeerLabel }}{{ ", addr="}}{{ .PeerAddr }}{{ ")" }}
{{- else -}}
{{- with .PeerLabel -}}
{{ overindent "peer=(label=" }}{{ . }}{{ ")" }}
{{- end -}}
{{- with .PeerAddr -}}
{{ overindent "peer=(addr=" }}{{ . }}{{ ")" }}
{{- end -}}
{{- end -}}
{{- "," -}}
{{- template "comment" . -}}
{{- end -}}

9
pkg/aa/templates/rule/userns.j2 Normal file
View file

@ -0,0 +1,9 @@
{{- /* apparmor.d - Full set of apparmor profiles */ -}}
{{- /* Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io> */ -}}
{{- /* SPDX-License-Identifier: GPL-2.0-only */ -}}
{{- define "userns" -}}
{{- if .Create -}}
{{ template "qualifier" . }}{{ "userns," }}{{ template "comment" . }}
{{- end -}}
{{- end -}}