Revert "apparmor: Allow version-specific bits in profiles"

This reverts commit 19eb8abc9a4d15190852d644b773a2348f11c9da.

There is no longer any need to dynamically generate version specific
rules. This revert can be reverted, if the need ever arises again
in the future.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

diff --git a/src/security/apparmor/meson.build b/src/security/apparmor/meson.build
index 356951c7f1cfcc191aacbaa494139c27af1e42d1..18968677df7deedae6aa569433546fa5fa681218 100644 (file)
--- a/src/security/apparmor/meson.build
+++ b/src/security/apparmor/meson.build
@@ -14,41 +14,9 @@ apparmor_gen_profiles_conf = configuration_data({
 
 apparmor_dir = sysconfdir / 'apparmor.d'
 
-# Our profiles use some features that only work well on AppArmor 3.x,
-# specifically the 'include if exists' directive. In order to keep
-# supporting AppArmor 2.x, the bits that are version-specific are
-# enclosed in special markers and we decide which ones to include
-# based on the AppArmor version detected on the host.
-#
-# TODO: drop the additional complexity once we no longer target
-#       distros that ship AppArmor 2.x (Debian 11, Ubuntu 20.04)
-if conf.has('WITH_APPARMOR_3')
-  apparmor_gen_cmd = [
-    'sed',
-    '-e', '/[@]BEGIN_APPARMOR_3[@]/d',
-    '-e', '/[@]END_APPARMOR_3[@]/d',
-    '-e', '/[@]BEGIN_APPARMOR_2[@]/,/[@]END_APPARMOR_2[@]/d',
-    '@INPUT@'
-  ]
-else
-  apparmor_gen_cmd = [
-    'sed',
-    '-e', '/[@]BEGIN_APPARMOR_3[@]/,/[@]END_APPARMOR_3[@]/d',
-    '-e', '/[@]BEGIN_APPARMOR_2[@]/d',
-    '-e', '/[@]END_APPARMOR_2[@]/d',
-    '@INPUT@'
-  ]
-endif
-
 foreach name : apparmor_gen_profiles
-  tmp = configure_file(
-    input: '@0@.in'.format(name),
-    output: '@0@.tmp'.format(name),
-    command: apparmor_gen_cmd,
-    capture: true,
-  )
   configure_file(
-    input: tmp,
+    input: '@0@.in'.format(name),
     output: name,
     configuration: apparmor_gen_profiles_conf,
     install: true,