# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
# LOGPROF-SUGGEST: no

# Add common attached path to the base abstraction.
#
# !!! warning
#
#     Do not use it manually, It automatically replaces the base abstraction in a
#     profile with the attach_disconnected flag set and the re-attached path enabled.
#

  abi <abi/4.0>,

  include <abstractions/base-strict>

  @{att}@{run}/systemd/journal/dev-log w,
  @{att}@{run}/systemd/journal/socket w,
  @{att}@{run}/systemd/journal/stdout rw,
  @{att}@{run}/systemd/notify w,

  @{att}/dev/null  rw,

  /apparmor/.null rw,
  @{att}/apparmor/.null rw,

  include if exists <abstractions/attached/base.d>

# vim:syntax=apparmor
