From 479339b410ab6356b6bd5a48d9ba399a7e2d8ed1 Mon Sep 17 00:00:00 2001
From: Alex Hermann <gaaf@gmx.net>
Date: Tue, 4 Mar 2025 11:27:59 +0100
Subject: [PATCH 1/2] after-install.tpl: Fix detecting apparmor

Merely the presence of a config directory does not imply a functional apparmor installation. Instead, just ask apparmor itself if it is enabled.
---
 .../app-builder-lib/templates/linux/after-install.tpl     | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/packages/app-builder-lib/templates/linux/after-install.tpl b/packages/app-builder-lib/templates/linux/after-install.tpl
index a3e48256889..6cf860bd284 100644
--- a/packages/app-builder-lib/templates/linux/after-install.tpl
+++ b/packages/app-builder-lib/templates/linux/after-install.tpl
@@ -36,9 +36,9 @@ fi
 #
 # Unfortunately, at the moment AppArmor doesn't have a good story for backwards compatibility.
 # https://askubuntu.com/questions/1517272/writing-a-backwards-compatible-apparmor-profile
-APPARMOR_PROFILE_SOURCE='/opt/${sanitizedProductName}/resources/apparmor-profile'
-APPARMOR_PROFILE_TARGET='/etc/apparmor.d/${executable}'
-if test -d "/etc/apparmor.d"; then
+if apparmor_status --enabled > /dev/null 2>&1; then
+  APPARMOR_PROFILE_SOURCE='/opt/${sanitizedProductName}/resources/apparmor-profile'
+  APPARMOR_PROFILE_TARGET='/etc/apparmor.d/${executable}'
   if apparmor_parser --skip-kernel-load --debug "$APPARMOR_PROFILE_SOURCE" > /dev/null 2>&1; then
     cp -f "$APPARMOR_PROFILE_SOURCE" "$APPARMOR_PROFILE_TARGET"
 
@@ -54,4 +54,4 @@ if test -d "/etc/apparmor.d"; then
   else
     echo "Skipping the installation of the AppArmor profile as this version of AppArmor does not seem to support the bundled profile"
   fi
-fi
\ No newline at end of file
+fi

From 3735f8464ce9393abf8ef63cb0971a4fdfececc2 Mon Sep 17 00:00:00 2001
From: Mike Maietta <mmaietta@users.noreply.github.com>
Date: Tue, 4 Mar 2025 06:33:31 -0800
Subject: [PATCH 2/2] Create wise-apples-look.md

---
 .changeset/wise-apples-look.md | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 .changeset/wise-apples-look.md

diff --git a/.changeset/wise-apples-look.md b/.changeset/wise-apples-look.md
new file mode 100644
index 00000000000..e6809d10dce
--- /dev/null
+++ b/.changeset/wise-apples-look.md
@@ -0,0 +1,5 @@
+---
+"app-builder-lib": patch
+---
+
+fix: `after-install.tpl`: Detect if apparmor is enabled instead of just file-exists check