engine: safer creation of rootlesskit apparmor profile

dvdksn · dvdksn · commit eb9d59379259 · 2025-11-03T10:11:42.000+01:00
Signed-off-by: David Karlsson &lt;35727626+dvdksn@users.noreply.github.com&gt;
diff --git a/content/manuals/engine/security/rootless/troubleshoot.md b/content/manuals/engine/security/rootless/troubleshoot.md
@@ -25,7 +25,7 @@ weight: 30
   1. Create and install the currently logged-in user's AppArmor profile:
 
      ```console
-     $ filename=$(echo $HOME/bin/rootlesskit | sed -e s@^/@@ -e s@/@.@g)
+     $ export filename=$(echo $HOME/bin/rootlesskit | sed -e s@^/@@ -e s@/@.@g)
      $ cat <<EOF > ~/${filename}
      abi <abi/4.0>,
      include <tunables/global>
@@ -36,7 +36,7 @@ weight: 30
        include if exists <local/${filename}>
      }
      EOF
-     $ sudo mv ~/${filename} /etc/apparmor.d/${filename}
+     $ [ -f ~/"${filename}" ] && sudo mv ~/${filename} /etc/apparmor.d/${filename}
      ```
   2. Restart AppArmor.
 
@@ -382,4 +382,4 @@ remove the binary files under `~/bin`:
 ```console
 $ cd ~/bin
 $ rm -f containerd containerd-shim containerd-shim-runc-v2 ctr docker docker-init docker-proxy dockerd dockerd-rootless-setuptool.sh dockerd-rootless.sh rootlesskit rootlesskit-docker-proxy runc vpnkit
-```
+```
