engine: safer creation of rootlesskit apparmor profile

dvdksn · dvdksn · commit 6e8ef4cf2140 · 2025-11-19T15:38:53.000+01:00
Signed-off-by: David Karlsson &lt;35727626+dvdksn@users.noreply.github.com&gt;
diff --git a/content/manuals/engine/security/rootless/troubleshoot.md b/content/manuals/engine/security/rootless/troubleshoot.md
@@ -25,8 +25,8 @@ weight: 30
   1. Create and install the currently logged-in user's AppArmor profile:
 
      ```console
-     $ filename=$(echo $HOME/bin/rootlesskit | sed -e s@^/@@ -e s@/@.@g)
-     $ cat <<EOF > ~/${filename}
+     $ filename=$(echo $HOME/bin/rootlesskit | sed -e 's@^/@@' -e 's@/@.@g')
+     $ [ ! -z "${filename}" ] && sudo cat <<EOF > /etc/apparmor.d/${filename}
      abi <abi/4.0>,
      include <tunables/global>
 
@@ -36,7 +36,6 @@ weight: 30
        include if exists <local/${filename}>
      }
      EOF
-     $ sudo mv ~/${filename} /etc/apparmor.d/${filename}
      ```
   2. Restart AppArmor.
 
@@ -382,4 +381,4 @@ remove the binary files under `~/bin`:
 ```console
 $ cd ~/bin
 $ rm -f containerd containerd-shim containerd-shim-runc-v2 ctr docker docker-init docker-proxy dockerd dockerd-rootless-setuptool.sh dockerd-rootless.sh rootlesskit rootlesskit-docker-proxy runc vpnkit
-```
+```
