From 6e8ef4cf2140a8f48485eb17820e5bb5bd66931c Mon Sep 17 00:00:00 2001
From: David Karlsson <35727626+dvdksn@users.noreply.github.com>
Date: Mon, 3 Nov 2025 10:11:42 +0100
Subject: [PATCH] engine: safer creation of rootlesskit apparmor profile

Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
---
 content/manuals/engine/security/rootless/troubleshoot.md | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/content/manuals/engine/security/rootless/troubleshoot.md b/content/manuals/engine/security/rootless/troubleshoot.md
index bb69bd6448b5..2a298a94eb50 100644
--- a/content/manuals/engine/security/rootless/troubleshoot.md
+++ b/content/manuals/engine/security/rootless/troubleshoot.md
@@ -25,8 +25,8 @@ weight: 30
   1. Create and install the currently logged-in user's AppArmor profile:
 
      ```console
-     $ filename=$(echo $HOME/bin/rootlesskit | sed -e s@^/@@ -e s@/@.@g)
-     $ cat <<EOF > ~/${filename}
+     $ filename=$(echo $HOME/bin/rootlesskit | sed -e 's@^/@@' -e 's@/@.@g')
+     $ [ ! -z "${filename}" ] && sudo cat <<EOF > /etc/apparmor.d/${filename}
      abi <abi/4.0>,
      include <tunables/global>
 
@@ -36,7 +36,6 @@ weight: 30
        include if exists <local/${filename}>
      }
      EOF
-     $ sudo mv ~/${filename} /etc/apparmor.d/${filename}
      ```
   2. Restart AppArmor.
 
@@ -382,4 +381,4 @@ remove the binary files under `~/bin`:
 ```console
 $ cd ~/bin
 $ rm -f containerd containerd-shim containerd-shim-runc-v2 ctr docker docker-init docker-proxy dockerd dockerd-rootless-setuptool.sh dockerd-rootless.sh rootlesskit rootlesskit-docker-proxy runc vpnkit
-```
\ No newline at end of file
+```