Add AppArmor profile

.github/workflows/build.yml

@@ -457,11 +457,22 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
       - name: Get release info
         id: get_release_info
         uses: kaliber5/action-get-release@v1
         with:
           token: ${{ github.token }}
+      - name: Publish AppArmor profile
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+        with:
+          upload_url: ${{ steps.get_release_info.outputs.upload_url }}
+          asset_path: advantagescope.AppArmor
+          asset_name: advantagescope.AppArmor
+          asset_content_type: "text/plain"
       - name: Edit release
         uses: irongut/EditRelease@v1.2.0
         with:

README.md

@@ -26,6 +26,9 @@ Feedback, feature requests, and bug reports are welcome on the [issues page](htt
 1. Find the [latest release](https://github.com/Mechanical-Advantage/AdvantageScope/releases/latest) under "Releases".
 2. Download the appropriate build based on the OS & architecture. AdvantageScope supports Windows, macOS, and Linux on both x86 and ARM architectures.
 
+> [!IMPORTANT]
+> Before running AppImage builds on Ubuntu 23.10 or later, you must download the AppArmor profile from the releases page and copy it to `/etc/apparmor.d`.
+
 ## Building
 
 To install Node.js dependencies, run:

advantagescope.AppArmor

@@ -0,0 +1,12 @@
+# This profile allows everything and only exists to give the
+# application a name instead of having the label "unconfined"
+
+abi <abi/4.0>,
+include <tunables/global>
+
+profile advantagescope /home/**/advantagescope-*.AppImage flags=(unconfined) {
+  userns,
+
+  # Site-specific additions and overrides. See local/README for details.
+  include if exists <local/advantagescope>
+}