From 9bde3c05aeb52d465d30689907d2e7d83ab74679 Mon Sep 17 00:00:00 2001
From: Simon Deziel <simon.deziel@canonical.com>
Date: Thu, 24 Oct 2024 14:24:35 -0400
Subject: [PATCH] snapcraft/commands/lxc: always escape Apparmor if enabled

Conditionally calling `aa-exec -p unconfined` was useful only when re-exec'ing
the whole wrapper script. It's not needed now that only the `${LXC}` binary is
executed unconfined.

Signed-off-by: Simon Deziel <simon.deziel@canonical.com>
---
 snapcraft/commands/lxc | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/snapcraft/commands/lxc b/snapcraft/commands/lxc
index 4e5bf134..99a274a6 100755
--- a/snapcraft/commands/lxc
+++ b/snapcraft/commands/lxc
@@ -42,10 +42,7 @@ fi
 
 # Run lxc itself outside of apparmor confinement
 if [ -d /sys/kernel/security/apparmor ]; then
-  label="$(while read -r l; do echo "$l"; done < /proc/self/attr/current)"
-  if [ "$label" != "unconfined" ] && [ -n "${label##*(unconfined)}" ]; then
-    exec /usr/bin/aa-exec -p unconfined -- "${LXC}" "$@"
-  fi
+  exec /usr/bin/aa-exec -p unconfined -- "${LXC}" "$@"
 fi
 
 # Run lxc itself