From dbb0d76e525d6126f6314ff9c43d433f2b0c68c0 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Wed, 20 Mar 2024 16:14:29 +0000
Subject: [PATCH] feat(abs): add the bash-strict.

---
 apparmor.d/abstractions/bash-strict | 35 +++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 apparmor.d/abstractions/bash-strict

diff --git a/apparmor.d/abstractions/bash-strict b/apparmor.d/abstractions/bash-strict
new file mode 100644
index 00000000..86e9fc50
--- /dev/null
+++ b/apparmor.d/abstractions/bash-strict
@@ -0,0 +1,35 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+# This abstraction is only required when an interactive shell is started.
+# Classic shell scripts do not need it.
+
+  /usr/share/bash-completion/{,**} r,
+  /usr/share/terminfo/{,**} r,
+
+  @{etc_ro}/profile.d/ r,
+  @{etc_ro}/profile.d/* r,
+  @{etc_ro}/profile.dos r,
+  @{etc_ro}/profile r,
+  @{etc_ro}/profile.d/ r,
+  @{etc_ro}/profile.d/* r,
+  /etc/bashrc r,
+  /etc/bash.bashrc r,
+  /etc/bash.bashrc.local r,
+  /etc/bash_completion r,
+  /etc/bash_completion.d/{,**} r,
+  /etc/inputrc r,
+  /etc/mtab r,
+
+  owner @{HOME}/.alias r,
+  owner @{HOME}/.bash_aliases r,
+  owner @{HOME}/.bash_history rw,
+  owner @{HOME}/.bash_profile r,
+  owner @{HOME}/.bashrc r,
+  owner @{HOME}/.i18n r,
+  owner @{HOME}/.profile r,
+
+  owner @{PROC}/@{pid}/mounts r,
+
+  include if exists <abstractions/bash-strict.d>