-
intrigeri authoredtunables/home is loaded by tunables/global before tunables/alias, so without this change, at least some of the rules that use @{HOME} or @{HOMEDIRS} would not get the aliases applied. For example, this rule from abstractions/evince would not propagate to /lib/live/mount/overlay/rw/home/amnesia/.gnupg/: audit deny @{HOME}/.gnupg/{,**} mrwkl, refs #19689fe91092e