As the maintainer of forgejo, I would also love to know about how we should do this. I don't mind changing how I package forgejo. Was also debating about abolishing apparmor, as I am already on selinux, and "recently" noticed that the apparmor profile had a mistake in it, which made it unusable. But as nobody complained, I can almost assume that nobody uses it anyway.
After some discussions with the team, I added to the wiki page that we strongly advise to talk to us to get your custom module added to the main selinux-policy package [0]. So that means for the forgejo specifically, if you would like to get the selinux policy module added to the main policy, please drop us an email privately and we can discuss this. For the general AppArmor + SELinux custom module in the same package, if would really like to ship both (not advised), you can use the way as described in my previous email :) [0] https://build.opensuse.org/package/show/openSUSE:Factory/selinux-policy -- Cathy Hu <cahu@suse.de> SELinux Security Engineer GPG: 5873 CFD1 8C0E A6D4 9CBB F6C4 062A 1016 1505 A08A SUSE Software Solutions Germany GmbH Frankenstrasse 146 90461 Nürnberg Geschäftsführer: Ivo Totev, Andrew McDonald, Werner Knoblich (HRB 36809, AG Nürnberg)