From bfd030290daee70829efb6599875bf16430f4e16 Mon Sep 17 00:00:00 2001
From: Derek Nola <derek.nola@suse.com>
Date: Fri, 10 Nov 2023 09:34:49 -0800
Subject: [PATCH] Add apparmor-parser support for SUSE

Signed-off-by: Derek Nola <derek.nola@suse.com>
---
 roles/prereq/tasks/main.yml | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/roles/prereq/tasks/main.yml b/roles/prereq/tasks/main.yml
index 93a5f9e..e5cb7dd 100644
--- a/roles/prereq/tasks/main.yml
+++ b/roles/prereq/tasks/main.yml
@@ -118,6 +118,25 @@
     - net.bridge.bridge-nf-call-iptables
     - net.bridge.bridge-nf-call-ip6tables
 
+- name: Check for Apparmor existence
+  ansible.builtin.stat:
+    path: /sys/module/apparmor/parameters/enabled
+  register: apparmor_enabled
+
+- name: Check if Apparmor is enabled
+  when: apparmor_enabled.stat.exists
+  ansible.builtin.command: cat /sys/module/apparmor/parameters/enabled
+  register: apparmor_status
+  changed_when: false
+
+- name: Install Apparmor Parser
+  when:
+    - apparmor_status.stdout == "Y"
+    - ansible_os_family == 'Suse'
+  ansible.builtin.package:
+    name: apparmor-parser
+    state: present
+
 - name: Add /usr/local/bin to sudo secure_path
   ansible.builtin.lineinfile:
     line: 'Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin'