From 6053b58336e8adace2b1a97ea8082883b7d530ba Mon Sep 17 00:00:00 2001
From: AJ Granowski <AJGranowski@users.noreply.github.com>
Date: Sat, 26 Oct 2024 06:26:06 -0700
Subject: [PATCH 1/3] Apply AppArmor patch for ubuntu-24.04

---
 .dictionary.txt |  3 +++
 action.yaml     | 24 ++++++++++++++++++++++++
 2 files changed, 27 insertions(+)

diff --git a/.dictionary.txt b/.dictionary.txt
index 91b235a..8c385c8 100644
--- a/.dictionary.txt
+++ b/.dictionary.txt
@@ -1 +1,4 @@
 Laven
+rootlesskit
+tunables
+userns
diff --git a/action.yaml b/action.yaml
index 8ad415e..52b3b70 100644
--- a/action.yaml
+++ b/action.yaml
@@ -28,6 +28,30 @@ runs:
       if: steps.rootless-docker.outputs.IN_USE != 'true'
       run: sudo systemctl stop docker.service
       shell: bash
+    - name: Check AppArmor version
+      id: apparmor
+      run: |
+        abi4_version="$(find /etc/apparmor.d/abi -maxdepth 1 -name '4.*' -printf '%f\n' | sort -nr | head -1)"
+        echo "$abi4_version"
+        echo "ABI4_VERSION=$abi4_version" >>"$GITHUB_OUTPUT"
+      shell: bash
+    - name: Configure AppArmor
+      if: steps.rootless-docker.outputs.INSTALLED != 'true' && steps.apparmor.outputs.ABI4_VERSION != ''
+      env:
+        ABI4_VERSION: ${{ steps.apparmor.outputs.ABI4_VERSION }}
+      run: |
+        filename=$(echo $HOME/bin/rootlesskit | sed -e s@^/@@ -e s@/@.@g)
+        cat <<EOF > ~/${filename}
+        abi <abi/${ABI4_VERSION}>,
+        include <tunables/global>
+        "$HOME/bin/rootlesskit" flags=(unconfined) {
+          userns,
+          include if exists <local/${filename}>
+        }
+        EOF
+        sudo mv ~/${filename} /etc/apparmor.d/${filename}
+        sudo systemctl restart apparmor.service
+      shell: bash
     - name: Install rootless Docker, start daemon, and wait until it's listening.
       if: steps.rootless-docker.outputs.INSTALLED != 'true'
       run: |

From b081890c6cd22ee5be8796fb65e88765975c897a Mon Sep 17 00:00:00 2001
From: AJ Granowski <AJGranowski@users.noreply.github.com>
Date: Sat, 26 Oct 2024 06:35:21 -0700
Subject: [PATCH 2/3] Re-add newlines to AppArmor config

---
 action.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/action.yaml b/action.yaml
index 52b3b70..09176f8 100644
--- a/action.yaml
+++ b/action.yaml
@@ -44,8 +44,10 @@ runs:
         cat <<EOF > ~/${filename}
         abi <abi/${ABI4_VERSION}>,
         include <tunables/global>
+
         "$HOME/bin/rootlesskit" flags=(unconfined) {
           userns,
+
           include if exists <local/${filename}>
         }
         EOF

From 4b5096d99e3c475fa770f286cb7cf3b19d9f0df0 Mon Sep 17 00:00:00 2001
From: AJ Granowski <AJGranowski@users.noreply.github.com>
Date: Sat, 26 Oct 2024 07:17:15 -0700
Subject: [PATCH 3/3] Remove abi4 echo

---
 action.yaml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/action.yaml b/action.yaml
index 09176f8..c9d412b 100644
--- a/action.yaml
+++ b/action.yaml
@@ -32,7 +32,6 @@ runs:
       id: apparmor
       run: |
         abi4_version="$(find /etc/apparmor.d/abi -maxdepth 1 -name '4.*' -printf '%f\n' | sort -nr | head -1)"
-        echo "$abi4_version"
         echo "ABI4_VERSION=$abi4_version" >>"$GITHUB_OUTPUT"
       shell: bash
     - name: Configure AppArmor