Add AppArmor support

CMakeLists.txt

 project(postsrsd C)
 
 option(GENERATE_SRS_SECRET "Generate a random SRS secret if none exists during install" ON)
+option(USE_APPARMOR "Enable AppArmor profile" OFF)
 
 set(CHROOT_DIR "${CMAKE_INSTALL_PREFIX}/lib/${PROJECT_NAME}" CACHE PATH "Chroot jail for daemon")
 
 
 get_target_property(POSTSRSD ${PROJECT_NAME} LOCATION)
 get_filename_component(POSTSRSD ${POSTSRSD} NAME_WE)
+set(APPARMOR_PROFILE "${CMAKE_INSTALL_PREFIX}/sbin/${POSTSRSD}")
+string(SUBSTRING "${APPARMOR_PROFILE}" 1 -1 APPARMOR_PROFILE)
+string(REPLACE "/" "." APPARMOR_PROFILE "${APPARMOR_PROFILE}")
 
 configure_file(${PROJECT_NAME}.init.in ${PROJECT_NAME}.init @ONLY)
 configure_file(${PROJECT_NAME}.upstart.in ${PROJECT_NAME}.upstart @ONLY)
+configure_file(${PROJECT_NAME}.apparmor.in ${PROJECT_NAME}.apparmor @ONLY)
 configure_file(postinstall.cmake.in postinstall.cmake @ONLY)
 
 if(HELP2MAN)
 install(FILES ${CMAKE_CURRENT_BINARY_DIR}/${PROJECT_NAME}.8 DESTINATION "share/man/man8")
 endif()
 
+if(USE_APPARMOR)
+	install(FILES ${CMAKE_CURRENT_BINARY_DIR}/${PROJECT_NAME}.apparmor DESTINATION "/etc/apparmor.d" RENAME "${APPARMOR_PROFILE}")
+endif()
+
 install(TARGETS ${PROJECT_NAME} DESTINATION "sbin")
 install(FILES README.md main.cf.ex DESTINATION "share/doc/${PROJECT_NAME}")
 install(SCRIPT "${CMAKE_CURRENT_BINARY_DIR}/postinstall.cmake")

postsrsd.apparmor.in

+#include <tunables/global>
+
+/usr/sbin/postsrsd {
+  #include <abstractions/base>
+  #include <abstractions/nameservice>
+
+  capability setuid,
+  capability sys_chroot,
+  /etc/postsrsd.secret r,
+  @CMAKE_INSTALL_PREFIX@/sbin/@POSTSRSD@ mr,
+}
+