--- {%- from "apparmor/map.jinja" import apparmor with context %} {%- if not salt['grains.get']('container') %} {%- if apparmor.enabled is defined and apparmor.enabled %} {%- for cfg in apparmor.configs %} apparmor-{{ cfg }}: file.managed: - name: /etc/apparmor.d/{{ cfg }} - source: salt://apparmor/templates/{{ cfg }}.j2 - user: root - group: root - mode: "0644" - template: jinja - watch_in: - service: apparmor-reload {%- endfor %} apparmor-reload: service.running: - name: apparmor - enable: true {%- endif %} {%- endif %}