# apparmor.d - Full set of apparmor profiles
# Copyright (C) 2026 Alexandre Pujol <alexandre@pujol.io>
# SPDX-License-Identifier: GPL-2.0-only
# NEEDS-VARIABLE: devtools

# Well known programs used in various development shells. Only programs that are
# safe to allow running from a shell dev environment are allowed here. Profile
# must exist, and may have more permissions than the shell it is coming from.

  abi <abi/4.0>,

  @{bin}/aa-log                  px,
  @{bin}/claude                  px,
  @{bin}/docker                 pux, # TODO: px,
  @{bin}/dpkg-query              px,
  @{bin}/git                     px,
  @{bin}/htop                    px,
  @{bin}/ip                      px,
  @{bin}/journalctl              px,
  @{bin}/lscpu                   px,
  @{bin}/man                     px,
  @{bin}/nproc                   px,
  @{bin}/podman                  px,
  @{bin}/ps                      px,
  @{bin}/ssh                     px,
  @{bin}/top                     px,
  @{bin}/uptime                  px,
  @{bin}/w                       px,

  # Well known shells tools
             @{bin}/starship pux,
  priority=1 @{user_cache_dirs}/gitstatus/gitstatusd{,-*} px,
  priority=1 /usr/share/zsh-theme-powerlevel{9,10}k/gitstatus/usrbin/gitstatusd{,-*} px,

  include if exists <abstractions/devrun.d>

# vim:syntax=apparmor
