Better tunables definitions.

apparmor.d/tunables/extend

@@ -0,0 +1,15 @@
+# apparmor.d - Full set of apparmor profiles
+# Extended systemd directories definition
+# Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+# To allow extended personalisation without breaking everything.
+# All apparmor profiles should always use the variables defined here.
+
+# Common mountpoints
+@{MOUNTS}=/media/ @{run}/media /mnt
+
+# Libexec path. Different in some distribution
+@{libexec}=/usr/lib
+
+include if exists  <tunables/extend.d>

apparmor.d/tunables/global

@@ -0,0 +1,24 @@
+# ------------------------------------------------------------------
+#
+#    Copyright (C) 2006-2009 Novell/SUSE
+#    Copyright (C) 2010-2014 Canonical Ltd.
+#
+#    This program is free software; you can redistribute it and/or
+#    modify it under the terms of version 2 of the GNU General Public
+#    License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+# All the tunables definitions that should be available to every profile
+# should be included here
+
+include <tunables/home>
+include <tunables/multiarch>
+include <tunables/proc>
+include <tunables/alias>
+include <tunables/kernelvars>
+include <tunables/xdg-user-dirs>
+include <tunables/share>
+include <tunables/etc>
+include <tunables/run>
+include <tunables/extend>

apparmor.d/tunables/xdg-user-dirs

@@ -1,5 +1,5 @@
 # apparmor.d - Full set of apparmor profiles
-# Extended XDG directories definition
+# Extended user XDG directories definition
 # Copyright (C) 2021 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
@@ -9,22 +9,16 @@
 # XDG_*_DIR variables are relative pathnames from the user home directory. 
 # user_*_dirs variables are absolute path.
 
-# The default values
+# Define the common set of XDG user directories (usually defined in
-# @{XDG_DESKTOP_DIR}="Desktop"
+# /etc/xdg/user-dirs.defaults)
-# @{XDG_DOWNLOAD_DIR}="Downloads"
+@{XDG_DESKTOP_DIR}="Desktop"
-# @{XDG_TEMPLATES_DIR}="Templates"
+@{XDG_DOWNLOAD_DIR}="Downloads"
-# @{XDG_PUBLICSHARE_DIR}="Public"
+@{XDG_TEMPLATES_DIR}="Templates"
-# @{XDG_DOCUMENTS_DIR}="Documents"
+@{XDG_PUBLICSHARE_DIR}="Public"
-# @{XDG_MUSIC_DIR}="Music"
+@{XDG_DOCUMENTS_DIR}="Documents"
-# @{XDG_PICTURES_DIR}="Pictures"
+@{XDG_MUSIC_DIR}="Music"
-# @{XDG_VIDEOS_DIR}="Videos"
+@{XDG_PICTURES_DIR}="Pictures"
-# @{user_share_dirs}=@{HOME}/.local/share
+@{XDG_VIDEOS_DIR}="Videos"
-
-# Common mountpoints
-@{MOUNTS}=/media/ @{run}/media /mnt
-
-# Libexec path. Different in some distribution
-@{libexec}=/usr/lib
 
 # Extra user personal directories
 @{XDG_PROJECTS_DIR}="Projects"
@@ -50,6 +44,10 @@
 @{user_lib_dirs}=@{HOME}/@{XDG_LIB_HOME}
 
 # User build directories and output
-@{user_build_dirs}="/tmp/build"
+@{user_build_dirs}="/tmp/"
 @{user_pkg_dirs}="/tmp/pkg/"
-@{user_tmp_dirs}="/run/user/@{uid}" "/tmp"
+@{user_tmp_dirs}=@{run}/user/@{uid} /tmp/
+
+# Also, include files in tunables/xdg-user-dirs.d for site-specific adjustments
+# to the various XDG directories
+include <tunables/xdg-user-dirs.d>