From 418c5d2aab3a5ceb5d57661d50f780a2cf3960d7 Mon Sep 17 00:00:00 2001
From: GloriousEggroll <gloriouseggroll@gmail.com>
Date: Mon, 14 Oct 2024 09:06:56 -0600
Subject: [PATCH] use upstream recommended bwrap apparmor profile

ship symlink to pre-existing apparmor profile instead of static file
---
 packaging/deb/debian/apparmor/bwrap                     | 9 ---------
 packaging/deb/debian/apparmor/bwrap-userns-restrict-umu | 1 +
 packaging/deb/debian/control                            | 3 ++-
 packaging/deb/debian/python3-umu-launcher.install       | 2 +-
 4 files changed, 4 insertions(+), 11 deletions(-)
 delete mode 100644 packaging/deb/debian/apparmor/bwrap
 create mode 120000 packaging/deb/debian/apparmor/bwrap-userns-restrict-umu

diff --git a/packaging/deb/debian/apparmor/bwrap b/packaging/deb/debian/apparmor/bwrap
deleted file mode 100644
index d2743478f..000000000
--- a/packaging/deb/debian/apparmor/bwrap
+++ /dev/null
@@ -1,9 +0,0 @@
-abi <abi/4.0>,
-include <tunables/global>
-
-profile bwrap /usr/bin/bwrap flags=(unconfined) {
-  userns,
-
-  # Site-specific additions and overrides. See local/README for details.
-  include if exists <local/bwrap>
-}
diff --git a/packaging/deb/debian/apparmor/bwrap-userns-restrict-umu b/packaging/deb/debian/apparmor/bwrap-userns-restrict-umu
new file mode 120000
index 000000000..9c2d83eec
--- /dev/null
+++ b/packaging/deb/debian/apparmor/bwrap-userns-restrict-umu
@@ -0,0 +1 @@
+/usr/share/apparmor/extra-profiles/bwrap-userns-restrict
\ No newline at end of file
diff --git a/packaging/deb/debian/control b/packaging/deb/debian/control
index cf6489606..be8878ea6 100644
--- a/packaging/deb/debian/control
+++ b/packaging/deb/debian/control
@@ -35,5 +35,6 @@ Depends:
  ${misc:Depends},
  python3,
  python3-xlib (>= 0.33),
- python3-filelock (>= 3.9.0)
+ python3-filelock (>= 3.9.0),
+ apparmor-profiles
 Description: A tool for launching non-steam games with proton.
diff --git a/packaging/deb/debian/python3-umu-launcher.install b/packaging/deb/debian/python3-umu-launcher.install
index 86db3b826..70421fb42 100644
--- a/packaging/deb/debian/python3-umu-launcher.install
+++ b/packaging/deb/debian/python3-umu-launcher.install
@@ -2,4 +2,4 @@ usr/bin/umu-run
 usr/share/man/*
 usr/share/steam/compatibilitytools.d/umu-launcher/
 usr/lib/python3/dist-packages/umu*
-debian/apparmor/bwrap etc/apparmor.d/
+debian/apparmor/bwrap-userns-restrict-umu etc/apparmor.d/