# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2020-2022 Mikhail Morfikov
# Copyright (C) 2021-2024 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only

# Note: This profile does not specify an attachment path because it is
# intended to be used only via "px -> child-pager" exec transitions from
# other profiles. We want to confine the pager(1) utility when it
# is invoked from other confined applications, but not when it is used
# in regular (unconfined) shell scripts or run directly by the user.

abi <abi/4.0>,

include <tunables/global>

@{att} = /att/child-pager/
profile child-pager  flags=(attach_disconnected,attach_disconnected.path=@{att},complain) {
  include <abstractions/attached/base>
  include <abstractions/app/pager>

  include if exists <local/child-pager>
}

# vim:syntax=apparmor
