Add extra

Author: Edan-Hamilton

api/apparmorprofile/v1alpha1/apparmorprofile_types.go

@@ -82,6 +82,8 @@ type AppArmorAbstract struct {
 	Network *AppArmorNetworkRules `json:"network,omitempty"`
 	// Capability rules for Linux capabilities.
 	Capability *AppArmorCapabilityRules `json:"capability,omitempty"`
+	// Extra rules for other config.
+	Extra string `json:"extra,omitempty"`
 }
 
 // AppArmorProfileSpec defines the desired state of AppArmorProfile.

deploy/base-crds/crds/apparmorprofile.yaml

@@ -72,6 +72,8 @@ spec:
                           type: string
                         type: array
                     type: object
+                  extra:
+                    type: string
                   filesystem:
                     description: Filesystem rules for filesystem access.
                     properties:

deploy/helm/crds/crds.yaml

@@ -2262,6 +2262,8 @@ spec:
                           type: string
                         type: array
                     type: object
+                  extra:
+                    type: string
                   filesystem:
                     description: Filesystem rules for filesystem access.
                     properties:

deploy/namespace-operator.yaml

@@ -2262,6 +2262,8 @@ spec:
                           type: string
                         type: array
                     type: object
+                  extra:
+                    type: string
                   filesystem:
                     description: Filesystem rules for filesystem access.
                     properties:

deploy/openshift-dev.yaml

@@ -85,6 +85,8 @@ spec:
                           type: string
                         type: array
                     type: object
+                  extra:
+                    type: string
                   filesystem:
                     description: Filesystem rules for filesystem access.
                     properties:

deploy/openshift-downstream.yaml

@@ -2262,6 +2262,8 @@ spec:
                           type: string
                         type: array
                     type: object
+                  extra:
+                    type: string
                   filesystem:
                     description: Filesystem rules for filesystem access.
                     properties:

deploy/operator.yaml

@@ -2262,6 +2262,8 @@ spec:
                           type: string
                         type: array
                     type: object
+                  extra:
+                    type: string
                   filesystem:
                     description: Filesystem rules for filesystem access.
                     properties:

deploy/webhook-operator.yaml

@@ -85,6 +85,8 @@ spec:
                           type: string
                         type: array
                     type: object
+                  extra:
+                    type: string
                   filesystem:
                     description: Filesystem rules for filesystem access.
                     properties:

internal/pkg/daemon/apparmorprofile/crd2armor/crd2armor.go

@@ -80,6 +80,7 @@ profile {{.Name}} flags=({{.ProfileMode}},attach_disconnected,mediate_deleted) {
   {{end}}
 
   # Raw rules placeholder
+  {{.Abstract.Extra}}
 
   # Add default deny for known information leak/priv esc paths
   deny @{PROC}/* w,   # deny write for all files directly in /proc (not in a subdir)