From 36d0ceaf19d5c8afc194f89ef19bd4080f53f024 Mon Sep 17 00:00:00 2001
From: John Johansen <john.johansen@canonical.com>
Date: Wed, 10 Apr 2024 01:43:50 -0700
Subject: [PATCH] profiles: add unconfined foliate profile

Foliate is using user namespaces via bwrap. For now add an unconfined
profile to support it.

Fixes: https://github.com/johnfactotum/foliate/issues/1271
Signed-off-by: John Johansen <john.johansen@canonical.com>
---
 profiles/apparmor.d/foliate | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 profiles/apparmor.d/foliate

diff --git a/profiles/apparmor.d/foliate b/profiles/apparmor.d/foliate
new file mode 100644
index 000000000..efc3af14f
--- /dev/null
+++ b/profiles/apparmor.d/foliate
@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile foliate /usr/bin/foliate flags=(unconfined) {
+  userns,
+
+  # Site-specific additions and overrides. See local/README for details.
+  include if exists <local/foliate>
+}