From 8c80c5625219c4806ca3f375bb36253f9838f8da Mon Sep 17 00:00:00 2001
From: Christian Boltz <apparmor@cboltz.de>
Date: Sun, 6 Oct 2024 11:56:58 +0200
Subject: [PATCH] Check if all profiles and abstractions contain abi/4.0

... and add abi/4.0 where it was missing
---
 profiles/Makefile                                     | 6 ++++--
 profiles/apparmor.d/abstractions/groff                | 2 ++
 profiles/apparmor.d/abstractions/snap_browsers        | 2 ++
 profiles/apparmor.d/abstractions/transmission-common  | 2 ++
 profiles/apparmor.d/usr.lib.dovecot.director          | 2 ++
 profiles/apparmor.d/usr.lib.dovecot.doveadm-server    | 2 ++
 profiles/apparmor.d/usr.lib.dovecot.replicator        | 2 ++
 profiles/apparmor/profiles/extras/usr.bin.pyzorsocket | 2 ++
 profiles/apparmor/profiles/extras/usr.bin.razorsocket | 2 ++
 profiles/apparmor/profiles/extras/usr.sbin.clamd      | 2 ++
 profiles/apparmor/profiles/extras/usr.sbin.haproxy    | 2 ++
 11 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/profiles/Makefile b/profiles/Makefile
index a4ff96e51..d48d26974 100644
--- a/profiles/Makefile
+++ b/profiles/Makefile
@@ -154,11 +154,12 @@ check-logprof: test-dependencies
 
 .PHONY: check-abstractions.d
 check-abstractions.d:
-	@echo "*** Checking if all abstractions (with a few exceptions) contain 'include if exists <abstractions/*.d>'"
+	@echo "*** Checking if all abstractions (with a few exceptions) contain 'include if exists <abstractions/*.d>' and 'abi <abi/4.0>,'"
 	$(Q)for file in $$(find ${ABSTRACTIONS_SOURCE} ${EXTRAS_ABSTRACTIONS_SOURCE} -maxdepth 1 -type f) ; do \
 		case "$${file}" in */ubuntu-browsers | */ubuntu-helpers) continue ;; esac ; \
 		include="include if exists <abstractions/$$(basename $${file}).d>" ; \
 		grep -q "^  $${include}\$$" $${file} || { echo "$${file} does not contain '$${include}'"; exit 1; } ; \
+		grep -q "^ *abi <abi/4.0>," $${file} || { echo "$${file} does not contain 'abi <abi/4.0>,'"; exit 1; } ; \
 	done
 
 .PHONY: check-tunables.d
@@ -172,9 +173,10 @@ check-tunables.d:
 
 .PHONY: check-local
 check-local:
-	@echo "*** Checking if all profiles contain 'include if exists <local/*>'"
+	@echo "*** Checking if all profiles contain 'include if exists <local/*>' and 'abi <abi/4.0>,'"
 	$(Q)for file in $$(find ${PROFILES_SOURCE} ${EXTRAS_SOURCE} -maxdepth 1 -type f) ; do \
 		case "$${file}" in */README) continue ;; esac ; \
 		include="include if exists <local/$$(basename $${file})>" ; \
 		grep -q "^  *$${include}\$$" $${file} || { echo "$${file} does not contain '$${include}'"; exit 1; } ; \
+		grep -q "^ *abi <abi/4.0>," $${file} || { echo "$${file} does not contain 'abi <abi/4.0>,'"; exit 1; } ; \
 	done
diff --git a/profiles/apparmor.d/abstractions/groff b/profiles/apparmor.d/abstractions/groff
index 874fbb7ab..26b814cc5 100644
--- a/profiles/apparmor.d/abstractions/groff
+++ b/profiles/apparmor.d/abstractions/groff
@@ -10,6 +10,8 @@
 #
 # ------------------------------------------------------------------
 
+abi <abi/4.0>,
+
   # Note: executing groff and nroff themself is not included in this abstraction
   # so that you can choose to ix, Px or Cx them in your profile
 
diff --git a/profiles/apparmor.d/abstractions/snap_browsers b/profiles/apparmor.d/abstractions/snap_browsers
index b6ee4ee8f..40608a176 100644
--- a/profiles/apparmor.d/abstractions/snap_browsers
+++ b/profiles/apparmor.d/abstractions/snap_browsers
@@ -1,3 +1,5 @@
+abi <abi/4.0>,
+
 profile snap_browsers {
   include if exists <abstractions/snap_browsers.d>
   include <abstractions/base>
diff --git a/profiles/apparmor.d/abstractions/transmission-common b/profiles/apparmor.d/abstractions/transmission-common
index 038e65e29..3d5a31302 100644
--- a/profiles/apparmor.d/abstractions/transmission-common
+++ b/profiles/apparmor.d/abstractions/transmission-common
@@ -2,6 +2,8 @@
 # LOGPROF-SUGGEST: no
 # Author: Daniel Richard G. <skunk@iSKUNK.ORG>
 
+abi <abi/4.0>,
+
   include <abstractions/base>
   include <abstractions/freedesktop.org>
   include <abstractions/nameservice>
diff --git a/profiles/apparmor.d/usr.lib.dovecot.director b/profiles/apparmor.d/usr.lib.dovecot.director
index ec2295eaf..9de9b06fe 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.director
+++ b/profiles/apparmor.d/usr.lib.dovecot.director
@@ -9,6 +9,8 @@
 # ------------------------------------------------------------------
 # vim: ft=apparmor
 
+abi <abi/4.0>,
+
 include <tunables/global>
 
 profile dovecot-director /usr/lib*/dovecot/director flags=(attach_disconnected) {
diff --git a/profiles/apparmor.d/usr.lib.dovecot.doveadm-server b/profiles/apparmor.d/usr.lib.dovecot.doveadm-server
index bd2cdb1fe..d0f9f0352 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.doveadm-server
+++ b/profiles/apparmor.d/usr.lib.dovecot.doveadm-server
@@ -9,6 +9,8 @@
 # ------------------------------------------------------------------
 # vim: ft=apparmor
 
+abi <abi/4.0>,
+
 include <tunables/global>
 
 profile dovecot-doveadm-server /usr/lib*/dovecot/doveadm-server flags=(attach_disconnected) {
diff --git a/profiles/apparmor.d/usr.lib.dovecot.replicator b/profiles/apparmor.d/usr.lib.dovecot.replicator
index 743d43fb4..2fec8a1b0 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.replicator
+++ b/profiles/apparmor.d/usr.lib.dovecot.replicator
@@ -12,6 +12,8 @@
 # vim: ft=apparmor
 # for https://wiki.dovecot.org/Replication
 
+abi <abi/4.0>,
+
 include <tunables/dovecot>
 include <tunables/global>
 
diff --git a/profiles/apparmor/profiles/extras/usr.bin.pyzorsocket b/profiles/apparmor/profiles/extras/usr.bin.pyzorsocket
index 6ec9ede5b..01528f97d 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.pyzorsocket
+++ b/profiles/apparmor/profiles/extras/usr.bin.pyzorsocket
@@ -8,6 +8,8 @@
 #
 # ------------------------------------------------------------------
 
+abi <abi/4.0>,
+
 include <tunables/global>
 
 profile pyzorsocket /usr/bin/pyzorsocket {
diff --git a/profiles/apparmor/profiles/extras/usr.bin.razorsocket b/profiles/apparmor/profiles/extras/usr.bin.razorsocket
index 9748ebce4..8e40285b8 100644
--- a/profiles/apparmor/profiles/extras/usr.bin.razorsocket
+++ b/profiles/apparmor/profiles/extras/usr.bin.razorsocket
@@ -8,6 +8,8 @@
 #
 # ------------------------------------------------------------------
 
+abi <abi/4.0>,
+
 include <tunables/global>
 
 profile razorsocket /usr/bin/razorsocket {
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.clamd b/profiles/apparmor/profiles/extras/usr.sbin.clamd
index 917704689..92915e49c 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.clamd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.clamd
@@ -8,6 +8,8 @@
 #
 # ------------------------------------------------------------------
 
+abi <abi/4.0>,
+
 include <tunables/global>
 
 profile clamd /usr/sbin/clamd {
diff --git a/profiles/apparmor/profiles/extras/usr.sbin.haproxy b/profiles/apparmor/profiles/extras/usr.sbin.haproxy
index d99665687..998c6aa83 100644
--- a/profiles/apparmor/profiles/extras/usr.sbin.haproxy
+++ b/profiles/apparmor/profiles/extras/usr.sbin.haproxy
@@ -8,6 +8,8 @@
 #
 # ------------------------------------------------------------------
 
+abi <abi/4.0>,
+
 include <tunables/global>
 
 profile haproxy /usr/sbin/haproxy {