# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
# LOGPROF-SUGGEST: no

  # Do not use it manually, It automatically replaces the base abstraction in a
  # profile with the attach_disconnected flag set and the re-attached path enabled.

  abi <abi/4.0>,

  include <abstractions/base-strict>

  @{att}@{run}/systemd/journal/dev-log w,
  @{att}@{run}/systemd/journal/socket w,
  @{att}@{run}/systemd/journal/stdout rw,

  @{att}/dev/null  rw,

  /apparmor/.null rw,
  @{att}/apparmor/.null rw,

  include if exists <abstractions/attached/base.d>

# vim:syntax=apparmor
