From 587fd2dad49d8af3f31d06e29ff43c986d6f35c4 Mon Sep 17 00:00:00 2001
From: Noé Lopez <noelopez@free.fr>
Date: Mon, 8 Dec 2025 16:39:11 +0100
Subject: etc: Add AppArmor profile for the daemon.

* .gitignore: Add etc/apparmor.d/tunables/guix.
* Makefile.am (nodist_apparmor_profile_DATA)
(nodist_apparmor_profile_tunables_DATA): Define it.
* configure.ac: Generate etc/apparmor.d/tunables/guix. Add
--with-apparmor-profile-dir option.
* etc/apparmor.d/guix-daemon: New file.
* etc/apparmor.d/tunables/guix.in: New file.
* doc/guix.texi: Document AppArmor profiles.
* gnu/packages/package-management.scm (guix): Add future changes commented.

Change-Id: Iac7df9d642383cc46a2d450c3badef31199ab041
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
---
 Makefile.am | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'Makefile.am')

diff --git a/Makefile.am b/Makefile.am
index 106849e89f0..bf7d1556f0e 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -746,6 +746,13 @@ dist_fishcompletion_DATA = etc/completion/fish/guix.fish
 # SELinux policy
 nodist_selinux_policy_DATA = etc/guix-daemon.cil
 
+# AppArmor profiles.
+nodist_apparmor_profile_DATA =	\
+  etc/apparmor.d/guix-daemon
+
+nodist_apparmor_profile_tunables_DATA = \
+  etc/apparmor.d/tunables/guix
+
 EXTRA_DIST +=						\
   .dir-locals.el					\
   .guix-authorizations					\
-- 
cgit v1.3