diff --git a/apparmor.d/groups/apps/dropbox b/apparmor.d/groups/apps/dropbox index e420b166..073d2ce4 100644 --- a/apparmor.d/groups/apps/dropbox +++ b/apparmor.d/groups/apps/dropbox @@ -74,7 +74,7 @@ profile dropbox @{exec_path} { # What's this for? @{bin}/mount mrix, - @{sys}/devices/virtual/block/dm-[0-9]*/dm/name r, + @{sys}/devices/virtual/block/dm-@{int}/dm/name r, @{sys}/devices/virtual/block/loop[0-9]/ r, @{sys}/devices/virtual/block/loop[0-9]/loop/{autoclear,backing_file} r, @{run}/mount/utab r, diff --git a/apparmor.d/groups/apps/filezilla b/apparmor.d/groups/apps/filezilla index 120541f4..20f90561 100644 --- a/apparmor.d/groups/apps/filezilla +++ b/apparmor.d/groups/apps/filezilla @@ -49,9 +49,9 @@ profile filezilla @{exec_path} { # Creating new files on FTP /tmp/ r, - owner /tmp/fz[0-9]temp-[0-9]*/ rw, - owner /tmp/fz[0-9]temp-[0-9]*/fz*-lockfile rwk, - owner /tmp/fz[0-9]temp-[0-9]*/empty_file_* rw, + owner /tmp/fz[0-9]temp-@{int}/ rw, + owner /tmp/fz[0-9]temp-@{int}/fz*-lockfile rwk, + owner /tmp/fz[0-9]temp-@{int}/empty_file_* rw, # External apps @{lib}/firefox/firefox rPUx, diff --git a/apparmor.d/groups/apps/signal-desktop b/apparmor.d/groups/apps/signal-desktop index a9ff75a4..be146e77 100644 --- a/apparmor.d/groups/apps/signal-desktop +++ b/apparmor.d/groups/apps/signal-desktop @@ -49,7 +49,7 @@ profile signal-desktop @{exec_path} { @{lib_dirs}/libnode.so mr, @{lib_dirs}/resources/app.asar.unpacked/node_modules/**.node mr, @{lib_dirs}/resources/app.asar.unpacked/node_modules/**.so mr, - @{lib_dirs}/resources/app.asar.unpacked/node_modules/**.so.[0-9]* mr, + @{lib_dirs}/resources/app.asar.unpacked/node_modules/**.so.@{int} mr, /var/lib/dbus/machine-id r, /etc/machine-id r, diff --git a/apparmor.d/groups/apt/apt-listbugs-aptcleanup b/apparmor.d/groups/apt/apt-listbugs-aptcleanup index f7eb41ef..bb3d9ba1 100644 --- a/apparmor.d/groups/apt/apt-listbugs-aptcleanup +++ b/apparmor.d/groups/apt/apt-listbugs-aptcleanup @@ -14,7 +14,7 @@ profile apt-listbugs-aptcleanup @{exec_path} { include @{exec_path} r, - @{bin}/ruby2.[0-9]* rix, + @{bin}/ruby2.@{int} rix, include if exists } diff --git a/apparmor.d/groups/apt/apt-systemd-daily b/apparmor.d/groups/apt/apt-systemd-daily index 557641c2..1115525f 100644 --- a/apparmor.d/groups/apt/apt-systemd-daily +++ b/apparmor.d/groups/apt/apt-systemd-daily @@ -58,8 +58,8 @@ profile apt-systemd-daily @{exec_path} { /var/backups/ r, /var/backups/apt.extended_states rw, - /var/backups/apt.extended_states.[0-9]* rw, - /var/backups/apt.extended_states.[0-9]*.gz w, + /var/backups/apt.extended_states.@{int} rw, + /var/backups/apt.extended_states.@{int}.gz w, /var/cache/apt/ r, /var/cache/apt/archives/ r, diff --git a/apparmor.d/groups/apt/reportbug b/apparmor.d/groups/apt/reportbug index 54afbc1f..1a38e534 100644 --- a/apparmor.d/groups/apt/reportbug +++ b/apparmor.d/groups/apt/reportbug @@ -82,7 +82,7 @@ profile reportbug @{exec_path} { owner @{PROC}/@{pid}/mounts r, owner /tmp/* rw, - owner /tmp/reportbug-*-[0-9]*-@{pid}-* rw, + owner /tmp/reportbug-*-@{int}-@{pid}-* rw, owner /var/tmp/*.bug{,~} rw, @{sys}/module/apparmor/parameters/enabled r, diff --git a/apparmor.d/groups/cron/cron-popularity-contest b/apparmor.d/groups/cron/cron-popularity-contest index 8b68895e..0a0d2840 100644 --- a/apparmor.d/groups/cron/cron-popularity-contest +++ b/apparmor.d/groups/cron/cron-popularity-contest @@ -48,7 +48,7 @@ profile cron-popularity-contest @{exec_path} { /var/log/ r, /var/log/popularity-contest{,.new} rw, /var/log/popularity-contest{,.new}.gpg rw, - /var/log/popularity-contest.[0-9]* rw, + /var/log/popularity-contest.@{int} rw, # Store last successful http submission timestamp /var/lib/popularity-contest/ rw, @@ -78,8 +78,8 @@ profile cron-popularity-contest @{exec_path} { @{sh_path} rix, /var/log/ r, - /var/log/popularity-contest.[0-9]*.gz rw, - /var/log/popularity-contest.[0-9]* rw, + /var/log/popularity-contest.@{int}.gz rw, + /var/log/popularity-contest.@{int} rw, /var/log/popularity-contest rw, # file_inherit @@ -121,8 +121,8 @@ profile cron-popularity-contest @{exec_path} { /var/log/popularity-contest.new r, /var/log/popularity-contest.new.gpg rw, - /var/log/popularity-contest.[0-9]* r, - /var/log/popularity-contest.[0-9]*.gpg rw, + /var/log/popularity-contest.@{int} r, + /var/log/popularity-contest.@{int}.gpg rw, owner /tmp/tmp.*/** rwkl -> /tmp/tmp.*/**, @@ -149,7 +149,7 @@ profile cron-popularity-contest @{exec_path} { /var/log/ r, /var/log/popularity-contest.new.gpg r, - /var/log/popularity-contest.[0-9]*.gpg r, + /var/log/popularity-contest.@{int}.gpg r, # file_inherit owner /tmp/#@{int} rw, diff --git a/apparmor.d/groups/freedesktop/at-spi-bus-launcher b/apparmor.d/groups/freedesktop/at-spi-bus-launcher index c7c3436d..969699a3 100644 --- a/apparmor.d/groups/freedesktop/at-spi-bus-launcher +++ b/apparmor.d/groups/freedesktop/at-spi-bus-launcher @@ -43,7 +43,7 @@ profile at-spi-bus-launcher @{exec_path} flags=(attach_disconnected) { /var/lib/gdm{3,}/.config/dconf/user r, /var/lib/gdm{3,}/greeter-dconf-defaults r, /var/lib/lightdm/.Xauthority r, - /var/log/lightdm/seat[0-9]*-greeter.log w, + /var/log/lightdm/seat@{int}-greeter.log w, @{run}/systemd/users/@{uid} r, owner @{run}/user/@{uid}/at-spi/ rw, diff --git a/apparmor.d/groups/freedesktop/colord-sane b/apparmor.d/groups/freedesktop/colord-sane index 5bf93352..f8c8b62e 100644 --- a/apparmor.d/groups/freedesktop/colord-sane +++ b/apparmor.d/groups/freedesktop/colord-sane @@ -37,11 +37,11 @@ profile colord-sane @{exec_path} flags=(attach_disconnected) { @{sys}/bus/scsi/devices/ r, @{sys}/devices/@{pci}/{vendor,model,type} r, - @{PROC}/sys/dev/parport/parport[0-9]*/base-addr r, - @{PROC}/sys/dev/parport/parport[0-9]*/irq r, @{PROC}/sys/dev/parport/ r, + @{PROC}/sys/dev/parport/parport@{int}/base-addr r, + @{PROC}/sys/dev/parport/parport@{int}/irq r, - /dev/parport[0-9]* r, + /dev/parport@{int} r, include if exists } diff --git a/apparmor.d/groups/freedesktop/fc-cache b/apparmor.d/groups/freedesktop/fc-cache index 648f350a..5150755a 100644 --- a/apparmor.d/groups/freedesktop/fc-cache +++ b/apparmor.d/groups/freedesktop/fc-cache @@ -19,8 +19,8 @@ profile fc-cache @{exec_path} { @{exec_path} mr, /var/cache/fontconfig/{,**} rw, - /var/cache/fontconfig/*.cache-[0-9]* rwk, - /var/cache/fontconfig/*.cache-[0-9]*.LCK rwl, + /var/cache/fontconfig/*.cache-@{int} rwk, + /var/cache/fontconfig/*.cache-@{int}.LCK rwl, /var/cache/fontconfig/CACHEDIR.TAG.LCK rwl, /var/tmp/mkinitramfs_*/{**,} rwl, diff --git a/apparmor.d/groups/freedesktop/pipewire b/apparmor.d/groups/freedesktop/pipewire index 49c3c45e..40bb05c4 100644 --- a/apparmor.d/groups/freedesktop/pipewire +++ b/apparmor.d/groups/freedesktop/pipewire @@ -54,7 +54,7 @@ profile pipewire @{exec_path} flags=(attach_disconnected) { owner @{user_config_dirs}/pipewire/pipewire-pulse.conf r, owner @{user_config_dirs}/pipewire/pipewire.conf r, - owner /tmp/librnnoise-[0-9]*.so rm, + owner /tmp/librnnoise-@{int}.so rm, owner @{run}/user/@{uid}/pipewire-@{int} rw, owner @{run}/user/@{uid}/pipewire-@{int}.lock rwk, owner @{run}/user/@{uid}/pipewire-@{int}-manager.lock rwk, diff --git a/apparmor.d/groups/freedesktop/pipewire-pulse b/apparmor.d/groups/freedesktop/pipewire-pulse index d1a54803..c66af3fb 100644 --- a/apparmor.d/groups/freedesktop/pipewire-pulse +++ b/apparmor.d/groups/freedesktop/pipewire-pulse @@ -33,7 +33,7 @@ profile pipewire-pulse @{exec_path} flags=(attach_disconnected) { /var/lib/gdm{3,}/.config/pulse/cookie rwk, owner @{run}/user/@{uid}/pulse/pid w, - owner /tmp/librnnoise-[0-9]*.so rm, + owner /tmp/librnnoise-@{int}.so rm, @{sys}/devices/virtual/dmi/id/product_name r, @{sys}/devices/virtual/dmi/id/sys_vendor r, diff --git a/apparmor.d/groups/gnome/gnome-control-center-goa-helper b/apparmor.d/groups/gnome/gnome-control-center-goa-helper index c04193db..740c189e 100644 --- a/apparmor.d/groups/gnome/gnome-control-center-goa-helper +++ b/apparmor.d/groups/gnome/gnome-control-center-goa-helper @@ -59,7 +59,7 @@ profile gnome-control-center-goa-helper @{exec_path} { owner @{run}/user/@{uid}/webkitgtk/{,**} rw, - owner @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/user@@{uid}.service/app.slice/app-gnome-org.gnome.Settings-[0-9]*.scope/memory.* r, + owner @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/user@@{uid}.service/app.slice/app-gnome-org.gnome.Settings-@{int}.scope/memory.* r, @{PROC}/sys/net/ipv6/conf/all/disable_ipv6 r, @{PROC}/zoneinfo r, diff --git a/apparmor.d/groups/gnome/gnome-photos-thumbnailer b/apparmor.d/groups/gnome/gnome-photos-thumbnailer index c35c9b53..7489c21f 100644 --- a/apparmor.d/groups/gnome/gnome-photos-thumbnailer +++ b/apparmor.d/groups/gnome/gnome-photos-thumbnailer @@ -22,7 +22,7 @@ profile gnome-photos-thumbnailer @{exec_path} { owner @{user_cache_dirs}/gnome-photos/thumbnails/{,**} rw, owner @{user_share_dirs}/gegl-*/{,**} r, - owner /dev/shm/DzlCounters-[0-9]* rw, + owner /dev/shm/DzlCounters-@{int} rw, include if exists } \ No newline at end of file diff --git a/apparmor.d/groups/gnome/gnome-system-monitor b/apparmor.d/groups/gnome/gnome-system-monitor index 87776e5f..d91a2542 100644 --- a/apparmor.d/groups/gnome/gnome-system-monitor +++ b/apparmor.d/groups/gnome/gnome-system-monitor @@ -43,7 +43,7 @@ profile gnome-system-monitor @{exec_path} flags=(attach_disconnected) { @{sys}/devices/@{pci}/usb@{int}/**/net/*/statistics/collisions r, @{sys}/devices/@{pci}/usb@{int}/**/net/*/statistics/rx_{bytes,errors,packets} r, @{sys}/devices/@{pci}/usb@{int}/**/net/*/statistics/tx_{bytes,errors,packets} r, - @{sys}/devices/@{pci}/virtio[0-9]*/**/stat r, + @{sys}/devices/@{pci}/virtio@{int}/**/stat r, @{sys}/devices/virtual/net/*/statistics/collisions r, @{sys}/devices/virtual/net/*/statistics/rx_{bytes,errors,packets} r, @{sys}/devices/virtual/net/*/statistics/tx_{bytes,errors,packets} r, diff --git a/apparmor.d/groups/grub/grub-mkrelpath b/apparmor.d/groups/grub/grub-mkrelpath index 85b9d1b6..6ef296f4 100644 --- a/apparmor.d/groups/grub/grub-mkrelpath +++ b/apparmor.d/groups/grub/grub-mkrelpath @@ -25,7 +25,7 @@ profile grub-mkrelpath @{exec_path} { /tmp/grub-btrfs.*/@snapshots/@{int}/snapshot/boot/ r, /tmp/grub-btrfs.*/@/.snapshots/@{int}/snapshot/boot/ r, - /tmp/grub-btrfs.*/@_backup_[0-9]*/boot/ r, + /tmp/grub-btrfs.*/@_backup_@{int}/boot/ r, /tmp/grub-btrfs.*/ r, @{PROC}/@{pids}/mountinfo r, diff --git a/apparmor.d/groups/kde/kde-powerdevil b/apparmor.d/groups/kde/kde-powerdevil index 08d70f45..ca17640a 100644 --- a/apparmor.d/groups/kde/kde-powerdevil +++ b/apparmor.d/groups/kde/kde-powerdevil @@ -44,20 +44,22 @@ profile kde-powerdevil @{exec_path} flags=(attach_disconnected mediate_deleted) @{run}/systemd/inhibit/*.ref rw, @{run}/udev/data/c189:@{int} r, # for /dev/bus/usb/** - owner @{run}/user/@{uid}kcrash_[0-9]* rw, + owner @{run}/user/@{uid}kcrash_@{int} rw, @{sys}/bus/ r, + @{sys}/bus/i2c/devices/ r, @{sys}/class/ r, @{sys}/class/drm/ r, @{sys}/class/i2c-dev/ r, @{sys}/class/usbmisc/ r, + @{sys}/devices/ r, @{sys}/devices/@{pci}/drm/card@{int}/*/edid r, @{sys}/devices/@{pci}/drm/card@{int}/*/enabled r, @{sys}/devices/@{pci}/drm/card@{int}/*/status r, - @{sys}/devices/@{pci}/i2c-[0-9]*/name r, + @{sys}/devices/@{pci}/i2c-@{int}/name r, @{sys}/devices/**/ r, - @{sys}/devices/i2c-[0-9]*/name r, - @{sys}/devices/platform/*/i2c-[0-9]*/name r, + @{sys}/devices/i2c-@{int}/name r, + @{sys}/devices/platform/*/i2c-@{int}/name r, @{PROC}/@{pid}/mounts r, @{PROC}/sys/kernel/core_pattern r, diff --git a/apparmor.d/groups/kde/kwin_x11 b/apparmor.d/groups/kde/kwin_x11 index c9b68720..b3b6becd 100644 --- a/apparmor.d/groups/kde/kwin_x11 +++ b/apparmor.d/groups/kde/kwin_x11 @@ -57,7 +57,7 @@ profile kwin_x11 @{exec_path} { owner /tmp/#@{int} rw, owner /tmp/kwin.@{rand6} rwl, - owner @{run}/user/@{uid}/kcrash_[0-9]* rw, + owner @{run}/user/@{uid}/kcrash_@{int} rw, @{sys}/devices/system/node/ r, @{sys}/devices/system/node/node@{int}/meminfo r, diff --git a/apparmor.d/groups/network/ModemManager b/apparmor.d/groups/network/ModemManager index 1ad75cd9..f6755e48 100644 --- a/apparmor.d/groups/network/ModemManager +++ b/apparmor.d/groups/network/ModemManager @@ -28,8 +28,8 @@ profile ModemManager @{exec_path} flags=(attach_disconnected) { @{run}/udev/data/+pci:* r, @{run}/udev/data/+platform:* r, @{run}/udev/data/+usb:* r, - @{run}/udev/data/c16[6,7]:[0-9]* r, # USB modems - @{run}/udev/data/c18[0,8,9]:[0-9]* r, # USB devices & USB serial converters + @{run}/udev/data/c16[6,7]:@{int} r, # USB modems + @{run}/udev/data/c18[0,8,9]:@{int} r, # USB devices & USB serial converters @{run}/udev/data/c4:@{int} r, # for /dev/tty[0-9]* @{run}/udev/data/c5:@{int} r, # for /dev/tty, /dev/console, /dev/ptmx @{run}/udev/data/n@{int} r, diff --git a/apparmor.d/groups/pacman/pacman b/apparmor.d/groups/pacman/pacman index f341c803..dd3779b2 100644 --- a/apparmor.d/groups/pacman/pacman +++ b/apparmor.d/groups/pacman/pacman @@ -144,8 +144,8 @@ profile pacman @{exec_path} { owner /var/lib/pacman/{,**} rwl, owner /tmp/alpm_*/{,**} rw, - owner /tmp/checkup-db-[0-9]*/sync/{,*.db*} rw, - owner /tmp/checkup-db-[0-9]*/db.lck rw, + owner /tmp/checkup-db-@{int}/sync/{,*.db*} rw, + owner /tmp/checkup-db-@{int}/db.lck rw, @{PROC}/@{pids}/ r, @{PROC}/@{pids}/cgroup r, diff --git a/apparmor.d/groups/pacman/pacman-hook-perl b/apparmor.d/groups/pacman/pacman-hook-perl index fcf43adc..d4be0eb1 100644 --- a/apparmor.d/groups/pacman/pacman-hook-perl +++ b/apparmor.d/groups/pacman/pacman-hook-perl @@ -21,7 +21,7 @@ profile pacman-hook-perl @{exec_path} { @{bin}/pacman rPx, @{bin}/sed rix, - @{lib}/perl[0-9]*/{,**} r, + @{lib}/perl@{int}/{,**} r, /dev/tty rw, /dev/tty@{int} rw, diff --git a/apparmor.d/groups/ssh/ssh b/apparmor.d/groups/ssh/ssh index 97c00cc6..796a405a 100644 --- a/apparmor.d/groups/ssh/ssh +++ b/apparmor.d/groups/ssh/ssh @@ -43,7 +43,7 @@ profile ssh @{exec_path} { owner @{user_projects_dirs}/**/ssh/{,*} r, owner @{user_projects_dirs}/**/config r, - owner /tmp/ssh-*/{,agent.[0-9]*} rwkl, + owner /tmp/ssh-*/{,agent.@{int}} rwkl, owner @{run}/user/@{uid}/keyring/ssh rw, diff --git a/apparmor.d/groups/systemd/systemd-ac-power b/apparmor.d/groups/systemd/systemd-ac-power index a143dd79..0cdd2183 100644 --- a/apparmor.d/groups/systemd/systemd-ac-power +++ b/apparmor.d/groups/systemd/systemd-ac-power @@ -17,8 +17,8 @@ profile systemd-ac-power @{exec_path} { @{sys}/class/power_supply/ r, - @{sys}/devices/**/power_supply/{AC,BAT[0-9]*}/ r, - @{sys}/devices/**/power_supply/{AC,BAT[0-9]*}/{type,online} r, + @{sys}/devices/**/power_supply/{AC,BAT@{int}}/ r, + @{sys}/devices/**/power_supply/{AC,BAT@{int}}/{type,online} r, include if exists } diff --git a/apparmor.d/groups/systemd/systemd-dissect b/apparmor.d/groups/systemd/systemd-dissect index 99b9992b..483c82b5 100644 --- a/apparmor.d/groups/systemd/systemd-dissect +++ b/apparmor.d/groups/systemd/systemd-dissect @@ -32,7 +32,7 @@ profile systemd-dissect @{exec_path} { owner /tmp/dissect-*/{,**} rw, - @{sys}/devices/virtual/block/loop[0-9]*/{,**} r, + @{sys}/devices/virtual/block/loop@{int}/{,**} r, @{sys}/kernel/uevent_seqnum r, @{PROC}/@{pids}/cgroup r, diff --git a/apparmor.d/groups/systemd/systemd-homed b/apparmor.d/groups/systemd/systemd-homed index 33235f39..1593502e 100644 --- a/apparmor.d/groups/systemd/systemd-homed +++ b/apparmor.d/groups/systemd/systemd-homed @@ -34,7 +34,7 @@ profile systemd-homed @{exec_path} flags=(attach_disconnected) { network netlink raw, mount options=(rw, rslave) -> @{run}/, - mount /dev/dm-[0-9]* -> @{run}/systemd/user-home-mount/, + mount /dev/dm-@{int} -> @{run}/systemd/user-home-mount/, # dbus: own bus=system name=org.freedesktop.home1 @@ -77,7 +77,7 @@ profile systemd-homed @{exec_path} flags=(attach_disconnected) { owner @{PROC}/@{pid}/uid_map w, /dev/loop-control rwk, - /dev/loop[0-9]* rw, + /dev/loop@{int} rw, /dev/mapper/control rw, /dev/mqueue/ r, /dev/shm/ r, diff --git a/apparmor.d/groups/systemd/systemd-journald b/apparmor.d/groups/systemd/systemd-journald index 043e7e9d..3ffdf8be 100644 --- a/apparmor.d/groups/systemd/systemd-journald +++ b/apparmor.d/groups/systemd/systemd-journald @@ -46,7 +46,7 @@ profile systemd-journald @{exec_path} { @{run}/udev/data/+acpi:* r, @{run}/udev/data/+bluetooth:* r, - @{run}/udev/data/+hid:* r, + @{run}/udev/data/+hid:* r, # for HID-Compliant Keyboard @{run}/udev/data/+input:input@{int} r, # for mouse, keyboard, touchpad @{run}/udev/data/+pci:* r, @{run}/udev/data/+platform:* r, @@ -61,8 +61,8 @@ profile systemd-journald @{exec_path} { @{run}/udev/data/c4:@{int} r, # For TTY devices @{run}/udev/data/c10:@{int} r, # For non-serial mice, misc features @{run}/udev/data/c108:@{int} r, # For /dev/ppp - @{run}/udev/data/c18[8-9]:[0-9]* r, # USB devices & USB serial converters - @{run}/udev/data/c29:[0-9]* r, # For CD-ROM + @{run}/udev/data/c18[8-9]:@{int} r, # USB devices & USB serial converters + @{run}/udev/data/c29:@{int} r, # For CD-ROM @{run}/udev/data/c@{dynamic}:@{int} r, # For dynamic assignment range 234 to 254, 384 to 511 @{sys}/devices/**/uevent r, diff --git a/apparmor.d/groups/systemd/systemd-logind b/apparmor.d/groups/systemd/systemd-logind index 33447191..ad6ca5d9 100644 --- a/apparmor.d/groups/systemd/systemd-logind +++ b/apparmor.d/groups/systemd/systemd-logind @@ -78,9 +78,9 @@ profile systemd-logind @{exec_path} flags=(attach_disconnected,complain) { @{run}/udev/data/c13:@{int} r, # For /dev/input/* @{run}/udev/data/c14:@{int} r, # Open Sound System (OSS) @{run}/udev/data/c21:@{int} r, # Generic SCSI access - @{run}/udev/data/c29:[0-9]* r, # For /dev/fb[0-9]* + @{run}/udev/data/c29:@{int} r, # For /dev/fb[0-9]* @{run}/udev/data/c81:@{int} r, # For video4linux - @{run}/udev/data/c89:[0-9]* r, # For I2C bus interface + @{run}/udev/data/c89:@{int} r, # For I2C bus interface @{run}/udev/data/c116:@{int} r, # For ALSA @{run}/udev/data/c226:@{int} r, # For /dev/dri/card* @{run}/udev/data/c@{dynamic}:@{int} r, # For dynamic assignment range 234 to 254, 384 to 511 diff --git a/apparmor.d/groups/systemd/systemd-rfkill b/apparmor.d/groups/systemd/systemd-rfkill index 4746de48..235d68e5 100644 --- a/apparmor.d/groups/systemd/systemd-rfkill +++ b/apparmor.d/groups/systemd/systemd-rfkill @@ -24,7 +24,7 @@ profile systemd-rfkill @{exec_path} { @{run}/systemd/notify rw, @{run}/udev/data/+rfkill:* r, - @{sys}/devices/**/rfkill[0-9]*/{uevent,name} r, + @{sys}/devices/**/rfkill@{int}/{uevent,name} r, /dev/rfkill rw, diff --git a/apparmor.d/groups/systemd/zram-generator b/apparmor.d/groups/systemd/zram-generator index 087e541c..4cc42c0d 100644 --- a/apparmor.d/groups/systemd/zram-generator +++ b/apparmor.d/groups/systemd/zram-generator @@ -19,13 +19,13 @@ profile zram-generator @{exec_path} { /etc/systemd/zram-generator.conf r, - @{sys}/devices/virtual/block/zram[0-9]*/{disksize,reset,comp_algorithm} rw, - @{sys}/block/zram[0-9]*/{disksize,reset} rw, - owner @{run}/systemd/generator/{,*/}var-cache-makepkg.mount rw, - owner @{run}/systemd/generator/dev-zram[0-9]*.swap rw, - owner @{run}/systemd/generator/swap.target.wants/{,dev-zram[0-9]*.swap} rw, - owner @{run}/systemd/generator/systemd-zram-setup@zram[0-9]*.service.d/{,*.conf} rw, + owner @{run}/systemd/generator/dev-zram@{int}.swap rw, + owner @{run}/systemd/generator/swap.target.wants/{,dev-zram@{int}.swap} rw, + owner @{run}/systemd/generator/systemd-zram-setup@zram@{int}.service.d/{,*.conf} rw, + + @{sys}/devices/virtual/block/zram@{int}/{disksize,reset,comp_algorithm} rw, + @{sys}/block/zram@{int}/{disksize,reset} rw, @{PROC}/crypto r, diff --git a/apparmor.d/groups/ubuntu/subiquity-console-conf b/apparmor.d/groups/ubuntu/subiquity-console-conf index 3a1a7774..3b6cbe22 100644 --- a/apparmor.d/groups/ubuntu/subiquity-console-conf +++ b/apparmor.d/groups/ubuntu/subiquity-console-conf @@ -66,11 +66,11 @@ profile subiquity-console-conf @{exec_path} { @{run}/udev/data/c1:@{int} r, # For RAM disk @{run}/udev/data/c4:@{int} r, # For TTY devices @{run}/udev/data/c5:@{int} r, # For /dev/tty, /dev/console, /dev/ptmx - @{run}/udev/data/c7:[0-9]* r, # For Virtual console capture devices + @{run}/udev/data/c7:@{int} r, # For Virtual console capture devices @{run}/udev/data/c10:@{int} r, # For non-serial mice, misc features @{run}/udev/data/c13:@{int} r, # For /dev/input/* - @{run}/udev/data/c29:[0-9]* r, # For /dev/fb[0-9]* - @{run}/udev/data/c89:[0-9]* r, # For I2C bus interface + @{run}/udev/data/c29:@{int} r, # For /dev/fb[0-9]* + @{run}/udev/data/c89:@{int} r, # For I2C bus interface @{run}/udev/data/c108:@{int} r, # For /dev/ppp @{run}/udev/data/c116:@{int} r, # For ALSA @{run}/udev/data/c226:@{int} r, # For /dev/dri/card* diff --git a/apparmor.d/groups/virt/cni-calico b/apparmor.d/groups/virt/cni-calico index 70927159..faad3b47 100644 --- a/apparmor.d/groups/virt/cni-calico +++ b/apparmor.d/groups/virt/cni-calico @@ -31,7 +31,7 @@ profile cni-calico @{exec_path} flags=(attach_disconnected) { /var/lib/calico/{,**} r, /var/log/calico/cni/ r, /var/log/calico/cni/cni.log rw, - /var/log/calico/cni/cni-@{date}T@{time}.[0-9]*.log rw, + /var/log/calico/cni/cni-@{date}T@{time}.@{int}.log rw, /usr/share/mime/globs2 r, diff --git a/apparmor.d/groups/virt/containerd b/apparmor.d/groups/virt/containerd index afc823ba..f52e19d4 100644 --- a/apparmor.d/groups/virt/containerd +++ b/apparmor.d/groups/virt/containerd @@ -32,13 +32,13 @@ profile containerd @{exec_path} flags=(attach_disconnected) { network netlink raw, mount fstype=tmpfs options in (rw, nosuid, nodev, noexec) -> @{run}/containerd/io.containerd.grpc.v1.cri/sandboxes/@{hex}/shm/, - mount -> /var/lib/containerd/tmpmounts/containerd-mount[0-9]*/, - mount -> /tmp/ctd-volume[0-9]*/, + mount -> /var/lib/containerd/tmpmounts/containerd-mount@{int}/, + mount -> /tmp/ctd-volume@{int}/, mount options in (rw, bind, nosuid, nodev, noexec) -> @{run}/netns/cni-@{uuid}, umount @{run}/containerd/io.containerd.grpc.v1.cri/sandboxes/@{hex}/shm/, - umount /var/lib/containerd/tmpmounts/containerd-mount[0-9]*/, - umount /tmp/ctd-volume[0-9]*/, + umount /var/lib/containerd/tmpmounts/containerd-mount@{int}/, + umount /tmp/ctd-volume@{int}/, umount @{run}/netns/cni-@{uuid}, signal (receive) set=term peer={dockerd,k3s}, @@ -72,7 +72,7 @@ profile containerd @{exec_path} flags=(attach_disconnected) { /var/lib/cni/results/cni-loopback-[0-9a-z]*-lo wl, /var/lib/cni/results/k8s-pod-network-[0-9a-z]*-eth0 wl, /var/lib/containerd/{,**} rwk, - /var/lib/containerd/tmpmounts/containerd-mount[0-9]*/** l, + /var/lib/containerd/tmpmounts/containerd-mount@{int}/** l, /var/lib/docker/containerd/{,**} rwk, /var/lib/kubelet/seccomp/{,**} r, /var/lib/security-profiles-operator/{,**} r, @@ -86,10 +86,10 @@ profile containerd @{exec_path} flags=(attach_disconnected) { @{run}/netns/cni-@{uuid} rw, @{run}/systemd/notify w, - owner /var/tmp/** rwkl, + /tmp/cri-containerd.apparmor.d@{int} rwl, + /tmp/ctd-volume@{int}/{,**} rw, owner /tmp/** rwkl, - /tmp/cri-containerd.apparmor.d[0-9]* rwl, - /tmp/ctd-volume[0-9]*/{,**} rw, + owner /var/tmp/** rwkl, @{sys}/fs/cgroup/kubepods/** r, @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, @@ -97,11 +97,11 @@ profile containerd @{exec_path} flags=(attach_disconnected) { @{sys}/module/apparmor/parameters/enabled r, @{PROC}/@{pid}/task/@{tid}/ns/net rw, + @{PROC}/sys/net/core/somaxconn r, owner @{PROC}/@{pids}/attr/current r, owner @{PROC}/@{pids}/cgroup r, - owner @{PROC}/@{pids}/uid_map r, owner @{PROC}/@{pids}/mountinfo r, - @{PROC}/sys/net/core/somaxconn r, + owner @{PROC}/@{pids}/uid_map r, /dev/bsg/ r, /dev/bus/ r, diff --git a/apparmor.d/groups/virt/containerd-shim-runc-v2 b/apparmor.d/groups/virt/containerd-shim-runc-v2 index fc29cbf6..58190db6 100644 --- a/apparmor.d/groups/virt/containerd-shim-runc-v2 +++ b/apparmor.d/groups/virt/containerd-shim-runc-v2 @@ -32,9 +32,9 @@ profile containerd-shim-runc-v2 @{exec_path} flags=(attach_disconnected) { @{bin}/runc rPUx, - /tmp/runc-process[0-9]* rw, - /tmp/pty[0-9]*/ rw, - /tmp/pty[0-9]*/pty.sock rw, + /tmp/runc-process@{int} rw, + /tmp/pty@{int}/ rw, + /tmp/pty@{int}/pty.sock rw, @{run}/containerd/{,containerd.sock.ttrpc} rw, @{run}/containerd/io.containerd.grpc.v1.cri/containers/@{hex}/io/@{int}/@{hex}-{stdin,stdout,stderr} rw, diff --git a/apparmor.d/groups/virt/dockerd b/apparmor.d/groups/virt/dockerd index c2f1c41c..47e26a1f 100644 --- a/apparmor.d/groups/virt/dockerd +++ b/apparmor.d/groups/virt/dockerd @@ -34,16 +34,16 @@ profile dockerd @{exec_path} flags=(attach_disconnected) { mount /var/lib/docker/overlay2/**/, mount options=(rw, bind) -> /run/docker/netns/*, - mount options=(rw, rbind) -> /var/lib/docker/tmp/docker-builder[0-9]*/, - mount options=(rw, rprivate) -> /.pivot_root[0-9]*/, + mount options=(rw, rbind) -> /var/lib/docker/tmp/docker-builder@{int}/, + mount options=(rw, rprivate) -> /.pivot_root@{int}/, mount options=(rw, rslave) -> /, - umount /.pivot_root[0-9]*/, + umount /.pivot_root@{int}/, umount /run/docker/netns/*, umount /var/lib/docker/overlay*/**/, - pivot_root oldroot=/var/lib/docker/overlay*/**/.pivot_root[0-9]*/ /var/lib/docker/overlay2/**/, - pivot_root oldroot=/var/lib/docker/tmp/**/.pivot_root[0-9]*/ /var/lib/docker/tmp/**/, + pivot_root oldroot=/var/lib/docker/overlay*/**/.pivot_root@{int}/ /var/lib/docker/overlay2/**/, + pivot_root oldroot=/var/lib/docker/tmp/**/.pivot_root@{int}/ /var/lib/docker/tmp/**/, ptrace (read) peer=docker-*, ptrace (read) peer=unconfined, @@ -70,7 +70,7 @@ profile dockerd @{exec_path} flags=(attach_disconnected) { owner @{lib}/docker/overlay2/*/work/{,**} rw, owner /var/lib/docker/{,**} rwk, - owner /var/lib/docker/tmp/qemu-check[0-9]*/check rix, + owner /var/lib/docker/tmp/qemu-check@{int}/check rix, @{sys}/fs/cgroup/cgroup.controllers r, @{sys}/fs/cgroup/cpuset.cpus.effective r, @@ -88,7 +88,7 @@ profile dockerd @{exec_path} flags=(attach_disconnected) { @{PROC}/sys/net/bridge/bridge-nf-call-ip*tables r, @{PROC}/sys/net/core/somaxconn r, @{PROC}/sys/net/ipv{4,6}/conf/all/disable_ipv{4,6} rw, - @{PROC}/sys/net/ipv{4,6}/conf/docker[0-9]*/accept_ra rw, + @{PROC}/sys/net/ipv{4,6}/conf/docker@{int}/accept_ra rw, @{PROC}/sys/net/ipv{4,6}/ip_forward rw, @{PROC}/sys/net/ipv{4,6}/ip_local_port_range r, owner @{PROC}/@{pids}/attr/current r, diff --git a/apparmor.d/groups/virt/k3s b/apparmor.d/groups/virt/k3s index 20a1b055..f8cc5b7f 100644 --- a/apparmor.d/groups/virt/k3s +++ b/apparmor.d/groups/virt/k3s @@ -160,7 +160,7 @@ profile k3s @{exec_path} flags=(attach_disconnected) { @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/ r, @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/user-runtime-dir@@{uid}.service/ r, @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/user@@{uid}.service/{,**/} r, - @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/session-[0-9]*.scope/{,**/} r, + @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/session-@{int}.scope/{,**/} r, @{sys}/kernel/mm/hugepages/ r, @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, diff --git a/apparmor.d/groups/virt/libvirtd b/apparmor.d/groups/virt/libvirtd index 1ba9582a..6f855c3d 100644 --- a/apparmor.d/groups/virt/libvirtd +++ b/apparmor.d/groups/virt/libvirtd @@ -154,7 +154,7 @@ profile libvirtd @{exec_path} flags=(attach_disconnected) { @{run}/libvirt/ rw, @{run}/libvirt/** rwk, @{run}/libvirtd.pid wk, - @{run}/lock/LCK.._pts_[0-9]* rw, + @{run}/lock/LCK.._pts_@{int} rw, @{run}/systemd/inhibit/[0-9]*.ref rw, @{run}/systemd/notify w, @{run}/utmp rk, diff --git a/apparmor.d/groups/virt/virtiofsd b/apparmor.d/groups/virt/virtiofsd index 423a5751..46b12194 100644 --- a/apparmor.d/groups/virt/virtiofsd +++ b/apparmor.d/groups/virt/virtiofsd @@ -46,7 +46,7 @@ profile virtiofsd @{exec_path} { @{exec_path} mr, / r, - /var/lib/libvirt/qemu/*/fs[0-9]*-fs.sock rw, + /var/lib/libvirt/qemu/*/fs@{int}-fs.sock rw, @{user_publicshare_dirs}/{,**} r, @{user_vm_dirs}/{,**} r, diff --git a/apparmor.d/groups/virt/virtnodedevd b/apparmor.d/groups/virt/virtnodedevd index fd318529..0f34b03f 100644 --- a/apparmor.d/groups/virt/virtnodedevd +++ b/apparmor.d/groups/virt/virtnodedevd @@ -61,7 +61,7 @@ profile virtnodedevd @{exec_path} flags=(attach_disconnected) { @{run}/udev/data/c10:@{int} r, # For non-serial mice, misc features @{run}/udev/data/c13:@{int} r, # For /dev/input/* @{run}/udev/data/c21:@{int} r, # Generic SCSI access - @{run}/udev/data/c29:[0-9]* r, # For /dev/fb[0-9]* + @{run}/udev/data/c29:@{int} r, # For /dev/fb[0-9]* @{run}/udev/data/c90:@{int} r, # For RAM, ROM, Flash @{run}/udev/data/c116:@{int} r, # For ALSA @{run}/udev/data/c202:@{int} r, # CPU model-specific registers diff --git a/apparmor.d/profiles-a-f/adb b/apparmor.d/profiles-a-f/adb index c24120e9..be97ad46 100644 --- a/apparmor.d/profiles-a-f/adb +++ b/apparmor.d/profiles-a-f/adb @@ -24,10 +24,10 @@ profile adb @{exec_path} { /usr/share/scrcpy/scrcpy-server r, - owner /tmp/adb.[0-9]*.log rw, + owner /tmp/adb.@{int}.log rw, owner @{HOME}/.android/ rw, - owner @{HOME}/.android/adb.[0-9]* rw, + owner @{HOME}/.android/adb.@{int} rw, owner @{HOME}/.android/adbkey rw, include if exists diff --git a/apparmor.d/profiles-a-f/apparmor_parser b/apparmor.d/profiles-a-f/apparmor_parser index be6d386a..a099e94a 100644 --- a/apparmor.d/profiles-a-f/apparmor_parser +++ b/apparmor.d/profiles-a-f/apparmor_parser @@ -29,14 +29,14 @@ profile apparmor_parser @{exec_path} flags=(attach_disconnected) { /usr/share/apparmor-features/{,**} r, /usr/share/apparmor/{,**} r, - owner /snap/core[0-9]*/@{int}/etc/apparmor.d/{,**} r, - owner /snap/core[0-9]*/@{int}/etc/apparmor/* r, + owner /snap/core@{int}/@{int}/etc/apparmor.d/{,**} r, + owner /snap/core@{int}/@{int}/etc/apparmor/* r, owner /var/cache/apparmor/{,**} rw, - owner /var/lib/docker/tmp/docker-default[0-9]* r, + owner /var/lib/docker/tmp/docker-default@{int} r, owner /var/lib/snapd/apparmor/{,**} r, owner /var/snap/lxd/common/lxd/security/apparmor/{,**} rw, - owner /tmp/cri-containerd.apparmor.d[0-9]* r, + owner /tmp/cri-containerd.apparmor.d@{int} r, @{sys}/kernel/security/apparmor/{,**} r, owner @{sys}/kernel/security/apparmor/.{remove,replace,load,access} rw, diff --git a/apparmor.d/profiles-a-f/arduino-ctags b/apparmor.d/profiles-a-f/arduino-ctags index b71abd3d..144783ca 100644 --- a/apparmor.d/profiles-a-f/arduino-ctags +++ b/apparmor.d/profiles-a-f/arduino-ctags @@ -15,7 +15,7 @@ profile arduino-ctags @{exec_path} { owner /tmp/tags.* rw, - owner /tmp/arduino_build_[0-9]*/** r, + owner /tmp/arduino_build_@{int}/** r, include if exists } diff --git a/apparmor.d/profiles-a-f/blueman b/apparmor.d/profiles-a-f/blueman index 190a8b08..38c7ac0e 100644 --- a/apparmor.d/profiles-a-f/blueman +++ b/apparmor.d/profiles-a-f/blueman @@ -48,11 +48,11 @@ profile blueman @{exec_path} flags=(attach_disconnected) { owner @{HOME}/bluetooth*/ r, owner @{HOME}/bluetooth*/* rw, - owner @{user_cache_dirs}/blueman-tray-[0-9]* rw, - owner @{user_cache_dirs}/blueman-services-[0-9]* rw, - owner @{user_cache_dirs}/blueman-adapters-[0-9]* rw, - owner @{user_cache_dirs}/blueman-manager-[0-9]* rw, - owner @{user_cache_dirs}/blueman-applet-[0-9]* rw, + owner @{user_cache_dirs}/blueman-tray-@{int} rw, + owner @{user_cache_dirs}/blueman-services-@{int} rw, + owner @{user_cache_dirs}/blueman-adapters-@{int} rw, + owner @{user_cache_dirs}/blueman-manager-@{int} rw, + owner @{user_cache_dirs}/blueman-applet-@{int} rw, owner @{user_cache_dirs}/obexd/ rw, owner @{user_cache_dirs}/obexd/* rw, diff --git a/apparmor.d/profiles-a-f/bluetoothd b/apparmor.d/profiles-a-f/bluetoothd index 80453c6c..b98b4bc2 100644 --- a/apparmor.d/profiles-a-f/bluetoothd +++ b/apparmor.d/profiles-a-f/bluetoothd @@ -35,7 +35,7 @@ profile bluetoothd @{exec_path} flags=(attach_disconnected) { @{run}/sdp rw, @{run}/udev/data/+hid:* r, # for HID-Compliant Keyboard - @{sys}/devices/@{pci}/rfkill[0-9]*/name r, + @{sys}/devices/@{pci}/rfkill@{int}/name r, @{sys}/devices/@{pci}/bluetooth/**/{uevent,name} r, @{sys}/devices/platform/**/rfkill/**/name r, @{sys}/devices/virtual/dmi/id/chassis_type r, diff --git a/apparmor.d/profiles-a-f/boltd b/apparmor.d/profiles-a-f/boltd index 750f9cdf..58ab646a 100644 --- a/apparmor.d/profiles-a-f/boltd +++ b/apparmor.d/profiles-a-f/boltd @@ -34,12 +34,12 @@ profile boltd @{exec_path} flags=(attach_disconnected) { @{sys}/bus/wmi/devices/ r, @{sys}/class/ r, @{sys}/devices/@{pci}/device r, - @{sys}/devices/@{pci}/domain[0-9]*/{security,uevent} r, - @{sys}/devices/@{pci}/domain[0-9]*/**/ r, - @{sys}/devices/@{pci}/domain[0-9]*/**/{authorized,generation} r, - @{sys}/devices/@{pci}/domain[0-9]*/**/{uevent,unique_id} r, - @{sys}/devices/@{pci}/domain[0-9]*/**/{vendor,device}_name r, - @{sys}/devices/@{pci}/domain[0-9]*/iommu_dma_protection r, + @{sys}/devices/@{pci}/domain@{int}/{security,uevent} r, + @{sys}/devices/@{pci}/domain@{int}/**/ r, + @{sys}/devices/@{pci}/domain@{int}/**/{authorized,generation} r, + @{sys}/devices/@{pci}/domain@{int}/**/{uevent,unique_id} r, + @{sys}/devices/@{pci}/domain@{int}/**/{vendor,device}_name r, + @{sys}/devices/@{pci}/domain@{int}/iommu_dma_protection r, @{sys}/devices/platform/**/uevent r, @{sys}/devices/platform/*/wmi_bus/wmi_bus-*/@{uuid}/force_power rw, @{sys}/devices/virtual/dmi/id/{sys_vendor,product_version,product_name} r, diff --git a/apparmor.d/profiles-a-f/browserpass b/apparmor.d/profiles-a-f/browserpass index 4e64f491..a8ab5468 100644 --- a/apparmor.d/profiles-a-f/browserpass +++ b/apparmor.d/profiles-a-f/browserpass @@ -22,8 +22,8 @@ profile browserpass @{exec_path} flags=(attach_disconnected) { owner @{HOME}/.mozilla/firefox/[0-9a-z]*.*/extensions/* r, owner @{user_cache_dirs}/mozilla/firefox/[0-9a-z]*.*/startupCache/scriptCache-*.bin r, owner @{user_cache_dirs}/mozilla/firefox/[0-9a-z]*.*/startupCache/startupCache.*.little r, - owner @{user_cache_dirs}/mozilla/firefox/[0-9a-z]*.*/safebrowsing-updating/google[0-9]/goog-phish-proto-[0-9]*.vlpset rw, - owner /tmp/mozilla-temp-[0-9]* r, + owner @{user_cache_dirs}/mozilla/firefox/[0-9a-z]*.*/safebrowsing-updating/google[0-9]/goog-phish-proto-@{int}.vlpset rw, + owner /tmp/mozilla-temp-@{int} r, @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, diff --git a/apparmor.d/profiles-a-f/cawbird b/apparmor.d/profiles-a-f/cawbird index 41c218aa..bead485c 100644 --- a/apparmor.d/profiles-a-f/cawbird +++ b/apparmor.d/profiles-a-f/cawbird @@ -40,7 +40,7 @@ profile cawbird @{exec_path} { owner @{user_cache_dirs}/ rw, owner @{user_cache_dirs}/cawbird-* rw, - /usr/share/xml/iso-codes/iso_[0-9]*-[0-9]*.xml r, + /usr/share/xml/iso-codes/{,**} r, /var/lib/dbus/machine-id r, /etc/machine-id r, diff --git a/apparmor.d/profiles-a-f/claws-mail b/apparmor.d/profiles-a-f/claws-mail index 91d1a68c..c474fcf0 100644 --- a/apparmor.d/profiles-a-f/claws-mail +++ b/apparmor.d/profiles-a-f/claws-mail @@ -49,9 +49,9 @@ profile claws-mail @{exec_path} flags=(complain) { owner @{user_mail_dirs}/ rw, owner @{user_mail_dirs}/** rwl -> @{user_mail_dirs}/**, - owner /tmp/claws-mail-[0-9]*/ rw, - owner /tmp/claws-mail-[0-9]*/@{hex} rw, - owner /tmp/claws-mail-[0-9]*/@{hex}.lock rwk, + owner /tmp/claws-mail-@{int}/ rw, + owner /tmp/claws-mail-@{int}/@{hex} rw, + owner /tmp/claws-mail-@{int}/@{hex}.lock rwk, owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/mountinfo r, diff --git a/apparmor.d/profiles-a-f/code b/apparmor.d/profiles-a-f/code index 9f64a6e7..793bb8ea 100644 --- a/apparmor.d/profiles-a-f/code +++ b/apparmor.d/profiles-a-f/code @@ -53,7 +53,7 @@ profile code flags=(attach_disconnected) { @{code_config_dirs}/extensions/** rPUx, @{HOME}/.go/bin/* rPUx, @{lib}/go/bin/* rPUx, - @{bin}/python[0-9]* rUx + @{bin}/python3.@{int} rUx, /etc/shells r, /etc/lsb-release r, diff --git a/apparmor.d/profiles-a-f/conky b/apparmor.d/profiles-a-f/conky index 83821994..48ce6cc0 100644 --- a/apparmor.d/profiles-a-f/conky +++ b/apparmor.d/profiles-a-f/conky @@ -129,8 +129,8 @@ profile conky @{exec_path} { # Temperatures and Fans @{bin}/sensors rPUx, - @{sys}/devices/**/hwmon@{int}/temp[0-9]*_input r, - @{sys}/devices/**/hwmon/hwmon@{int}/temp[0-9]*_input r, + @{sys}/devices/**/hwmon@{int}/temp@{int}_input r, + @{sys}/devices/**/hwmon/hwmon@{int}/temp@{int}_input r, @{sys}/class/hwmon/ r, @{PROC}/acpi/ibm/fan r, @@ -142,7 +142,7 @@ profile conky @{exec_path} { @{PROC}/@{pid}/net/route r, - owner /tmp/xauth-[0-9]*-_[0-9] r, + owner /tmp/xauth-@{int}-_[0-9] r, /usr/share/X11/XErrorDB r, diff --git a/apparmor.d/profiles-a-f/downloadhelper b/apparmor.d/profiles-a-f/downloadhelper index 4f84bf46..49d88b22 100644 --- a/apparmor.d/profiles-a-f/downloadhelper +++ b/apparmor.d/profiles-a-f/downloadhelper @@ -32,7 +32,7 @@ profile downloadhelper @{exec_path} { owner @{HOME}/.mozilla/firefox/[0-9a-z]*.*/extensions/* r, owner @{user_cache_dirs}/mozilla/firefox/[0-9a-z]*.*/startupCache/scriptCache-*.bin r, owner @{user_cache_dirs}/mozilla/firefox/[0-9a-z]*.*/startupCache/startupCache.*.little r, - owner @{user_cache_dirs}/mozilla/firefox/[0-9a-z]*.*/safebrowsing-updating/google[0-9]/goog-phish-proto-[0-9]*.vlpset rw, + owner @{user_cache_dirs}/mozilla/firefox/[0-9a-z]*.*/safebrowsing-updating/google@{int}/goog-phish-proto-@{int}.vlpset rw, owner /tmp/vdh-*.tmp rw, diff --git a/apparmor.d/profiles-a-f/flatpak-session-helper b/apparmor.d/profiles-a-f/flatpak-session-helper index 00b5865c..d290ed29 100644 --- a/apparmor.d/profiles-a-f/flatpak-session-helper +++ b/apparmor.d/profiles-a-f/flatpak-session-helper @@ -26,7 +26,7 @@ profile flatpak-session-helper @{exec_path} flags=(attach_disconnected) { /var/lib/flatpak/app/*/**/@{lib}/** rPx -> flatpak-app, owner @{run}/user/@{uid}/.flatpak-helper/{,**} rw, - owner @{run}/user/@{uid}/.flatpak-helper/pkcs11-flatpak-[0-9]* rw, + owner @{run}/user/@{uid}/.flatpak-helper/pkcs11-flatpak-@{int} rw, owner @{PROC}/@{pids}/fd/ r, diff --git a/apparmor.d/profiles-a-f/fprintd b/apparmor.d/profiles-a-f/fprintd index 33c5586b..0ca64bbf 100644 --- a/apparmor.d/profiles-a-f/fprintd +++ b/apparmor.d/profiles-a-f/fprintd @@ -32,8 +32,8 @@ profile fprintd @{exec_path} flags=(attach_disconnected) { @{run}/udev/data/c@{dynamic}:@{int} r, # For dynamic assignment range 234 to 254, 384 to 511 @{sys}/class/hidraw/ r, - @{sys}/devices/@{pci}/hidraw/hidraw[0-9]*/uevent r, - @{sys}/devices/virtual/**/hidraw/hidraw[0-9]*/uevent r, + @{sys}/devices/@{pci}/hidraw/hidraw@{int}/uevent r, + @{sys}/devices/virtual/**/hidraw/hidraw@{int}/uevent r, include if exists } diff --git a/apparmor.d/profiles-a-f/fritzing b/apparmor.d/profiles-a-f/fritzing index 2de04e5b..5464c1d5 100644 --- a/apparmor.d/profiles-a-f/fritzing +++ b/apparmor.d/profiles-a-f/fritzing @@ -62,7 +62,7 @@ profile fritzing @{exec_path} { @{run}/udev/data/c4:@{int} r, # for /dev/tty[0-9]* @{run}/udev/data/c5:@{int} r, # for /dev/tty, /dev/console, /dev/ptmx - @{run}/udev/data/c166:[0-9]* r, # for /dev/ttyACM[0-9]* + @{run}/udev/data/c166:@{int} r, # for /dev/ttyACM[0-9]* /dev/ttyS@{int} rw, /dev/ttyACM@{int} rw, diff --git a/apparmor.d/profiles-g-l/gajim b/apparmor.d/profiles-g-l/gajim index f8f3d1ea..78cf77c8 100644 --- a/apparmor.d/profiles-g-l/gajim +++ b/apparmor.d/profiles-g-l/gajim @@ -85,7 +85,7 @@ profile gajim @{exec_path} { /etc/fstab r, - /usr/share/xml/iso-codes/iso_[0-9]*-[0-9]*.xml r, + /usr/share/xml/iso-codes/{,**} r, # TMP files locations (first in /tmp/ , /var/tmp/ and @{HOME}/) /var/tmp/ r, diff --git a/apparmor.d/profiles-g-l/git b/apparmor.d/profiles-g-l/git index 400e554a..e58d2a75 100644 --- a/apparmor.d/profiles-g-l/git +++ b/apparmor.d/profiles-g-l/git @@ -147,7 +147,7 @@ profile git @{exec_path} { owner @{HOME}/@{XDG_SSH_DIR}/known_hosts{,.*} rw, owner @{HOME}/@{XDG_SSH_DIR}/known_hosts.old rwl, - owner /tmp/git@*:[0-9]* rwl -> /tmp/git@*:[0-9]*.*, + owner /tmp/git@*:@{int} rwl -> /tmp/git@*:@{int}.*, owner @{PROC}/@{pid}/fd/ r, @@ -182,7 +182,7 @@ profile git @{exec_path} { /etc/vim/{,**} r, owner @{user_projects_dirs}/**/ r, - owner @{user_projects_dirs}/**/.git/[0-9]* rw, + owner @{user_projects_dirs}/**/.git/@{int} rw, owner @{user_projects_dirs}/**/.git/*MSG rw, owner @{HOME}/.selected_editor r, diff --git a/apparmor.d/profiles-g-l/gpa b/apparmor.d/profiles-g-l/gpa index f98cfb58..5f3fbdb0 100644 --- a/apparmor.d/profiles-g-l/gpa +++ b/apparmor.d/profiles-g-l/gpa @@ -43,7 +43,7 @@ profile gpa @{exec_path} { # Files to verify owner /**.tar.gz r, - owner /tmp/xauth-[0-9]*-_[0-9] r, + owner /tmp/xauth-@{int}-_[0-9] r, # External apps @{lib}/firefox/firefox rPUx, diff --git a/apparmor.d/profiles-g-l/hardinfo b/apparmor.d/profiles-g-l/hardinfo index a008ab91..807c703d 100644 --- a/apparmor.d/profiles-g-l/hardinfo +++ b/apparmor.d/profiles-g-l/hardinfo @@ -40,7 +40,6 @@ profile hardinfo @{exec_path} { @{bin}/locale rix, @{bin}/make rix, @{bin}/perl rix, - @{bin}/python2.[0-9]* rix, @{bin}/python3.@{int} rix, @{bin}/route rix, @{bin}/ruby[0-9].@{int} rix, @@ -71,8 +70,8 @@ profile hardinfo @{exec_path} { @{sys}/devices/system/cpu/** r, @{sys}/devices/virtual/dmi/id/* r, - @{sys}/devices/virtual/thermal/thermal_zone[0-9]/hwmon[0-9]/temp* r, - @{sys}/devices/virtual/thermal/thermal_zone[0-9]/temp* r, + @{sys}/devices/virtual/thermal/thermal_zone@{int}/hwmon@{int}/temp* r, + @{sys}/devices/virtual/thermal/thermal_zone@{int}/temp* r, @{sys}/devices/platform/**/hwmon/hwmon@{int}/temp* r, @{sys}/devices/platform/**/hwmon/hwmon@{int}/fan* r, @{sys}/devices/@{pci}/eeprom r, diff --git a/apparmor.d/profiles-g-l/htop b/apparmor.d/profiles-g-l/htop index c9c30197..d7776e0c 100644 --- a/apparmor.d/profiles-g-l/htop +++ b/apparmor.d/profiles-g-l/htop @@ -97,14 +97,14 @@ profile htop @{exec_path} { @{sys}/devices/**/hwmon/**/{name,temp*} r, @{sys}/devices/**/power_supply/**/{uevent,type,online} r, @{sys}/devices/*/name r, - @{sys}/devices/i2c-[0-9]*/name r, - @{sys}/devices/@{pci}/i2c-[0-9]*/name r, - @{sys}/devices/platform/*/i2c-[0-9]*/name r, + @{sys}/devices/i2c-@{int}/name r, + @{sys}/devices/@{pci}/i2c-@{int}/name r, + @{sys}/devices/platform/*/i2c-@{int}/name r, @{sys}/devices/system/cpu/cpu@{int}/online r, @{sys}/devices/system/cpu/cpufreq/policy@{int}/cpuinfo_{cur,min,max}_freq r, @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_{cur,min,max}_freq r, - @{sys}/devices/virtual/block/zram[0-9]*/{disksize,mm_stat} r, - @{sys}/devices/virtual/thermal/thermal_zone[0-9]*/temp r, + @{sys}/devices/virtual/block/zram@{int}/{disksize,mm_stat} r, + @{sys}/devices/virtual/thermal/thermal_zone@{int}/temp r, @{sys}/kernel/mm/hugepages/ r, @{sys}/kernel/mm/hugepages/hugepages-*/nr_hugepages r, diff --git a/apparmor.d/profiles-g-l/hugo b/apparmor.d/profiles-g-l/hugo index 66d01135..724c1784 100644 --- a/apparmor.d/profiles-g-l/hugo +++ b/apparmor.d/profiles-g-l/hugo @@ -39,7 +39,7 @@ profile hugo @{exec_path} { owner @{user_cache_dirs}/hugo_cache/{,**} rwkl, owner /tmp/hugo_cache/{,**} rwkl, - owner /tmp/go-codehost-[0-9]* rw, + owner /tmp/go-codehost-@{int} rw, @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, diff --git a/apparmor.d/profiles-g-l/hwinfo b/apparmor.d/profiles-g-l/hwinfo index 64a91e05..599f8939 100644 --- a/apparmor.d/profiles-g-l/hwinfo +++ b/apparmor.d/profiles-g-l/hwinfo @@ -60,7 +60,7 @@ profile hwinfo @{exec_path} { @{sys}/bus/{,**/} r, @{sys}/class/*/ r, - @{sys}/devices/pci[0-9]*/** r, + @{sys}/devices/@{pci_bus}/** r, @{sys}/devices/**/input/**/dev r, @{sys}/devices/**/{modalias,uevent} r, @{sys}/devices/virtual/net/*/{type,carrier,address} r, diff --git a/apparmor.d/profiles-g-l/irqbalance b/apparmor.d/profiles-g-l/irqbalance index c76c0182..49f0dd90 100644 --- a/apparmor.d/profiles-g-l/irqbalance +++ b/apparmor.d/profiles-g-l/irqbalance @@ -21,14 +21,14 @@ profile irqbalance @{exec_path} flags=(attach_disconnected) { / r, - @{run}/irqbalance/irqbalance[0-9]*.sock w, + @{run}/irqbalance/irqbalance@{int}.sock w, @{sys}/bus/pci/devices/ r, @{sys}/devices/@{pci}/{class,numa_node,local_cpus,irq} r, @{sys}/devices/@{pci}/{vendor,device,subsystem_vendor,subsystem_device} r, @{sys}/devices/@{pci}/msi_irqs/ r, @{sys}/devices/system/cpu/cpu@{int}/ r, - @{sys}/devices/system/cpu/cpu@{int}/cache/index[0-9]*/shared_cpu_map r, + @{sys}/devices/system/cpu/cpu@{int}/cache/index@{int}/shared_cpu_map r, @{sys}/devices/system/cpu/cpu@{int}/topology/{,**} r, @{sys}/devices/system/cpu/isolated r, @{sys}/devices/system/node/ r, diff --git a/apparmor.d/profiles-g-l/jdownloader b/apparmor.d/profiles-g-l/jdownloader index 8b5aead2..fa98950e 100644 --- a/apparmor.d/profiles-g-l/jdownloader +++ b/apparmor.d/profiles-g-l/jdownloader @@ -49,7 +49,7 @@ profile jdownloader @{exec_path} { owner @{JD_INSTALLDIR}/jre/lib/*/jli/libjli.so mrw, owner @{JD_INSTALLDIR}/jre/lib/*/server/libjvm.so mrw, owner @{JD_INSTALLDIR}/jre/lib/*/*.so mrw, - owner @{JD_INSTALLDIR}/tmp/jna/jna[0-9]*.tmp mrw, + owner @{JD_INSTALLDIR}/tmp/jna/jna@{int}.tmp mrw, owner @{JD_INSTALLDIR}/tmp/7zip/SevenZipJBinding-*/lib7-Zip-JBinding.so mrw, owner @{HOME}/.oracle_jre_usage/@{hex}.timestamp rw, @@ -67,10 +67,10 @@ profile jdownloader @{exec_path} { owner /tmp/SevenZipJBinding-*/ rw, owner /tmp/SevenZipJBinding-*/lib7-Zip-JBinding.so mrw, # For auto updates - owner /tmp/lastChanceSrc[0-9]*lch rw, - owner /tmp/lastChanceDst[0-9]*.jar rw, - owner /tmp/i4j_log_jd2_[0-9]*.log rw, - owner /tmp/install4jError[0-9]*.log rw, + owner /tmp/lastChanceSrc@{int}lch rw, + owner /tmp/lastChanceDst@{int}.jar rw, + owner /tmp/i4j_log_jd2_@{int}.log rw, + owner /tmp/install4jError@{int}.log rw, owner @{HOME}/.Xauthority r, diff --git a/apparmor.d/profiles-g-l/jmtpfs b/apparmor.d/profiles-g-l/jmtpfs index bb6b5e85..68330c96 100644 --- a/apparmor.d/profiles-g-l/jmtpfs +++ b/apparmor.d/profiles-g-l/jmtpfs @@ -25,7 +25,7 @@ profile jmtpfs @{exec_path} { owner @{HOME}/*/ r, owner @{HOME}/*/*/ r, - owner @{user_cache_dirs}/*/mtp{,-[0-9]*}/ rw, + owner @{user_cache_dirs}/*/mtp{,-@{int}}/ rw, mount fstype={fuse,fuse.jmtpfs} -> @{HOME}/*/, mount fstype={fuse,fuse.jmtpfs} -> @{HOME}/*/*/, diff --git a/apparmor.d/profiles-g-l/kodi b/apparmor.d/profiles-g-l/kodi index 8dae5000..3a725fca 100644 --- a/apparmor.d/profiles-g-l/kodi +++ b/apparmor.d/profiles-g-l/kodi @@ -44,7 +44,7 @@ profile kodi @{exec_path} { owner @{HOME}/.kodi/** rwk, owner @{HOME}/core w, - owner @{HOME}/kodi_crashlog-[0-9]*_[0-9]*.log w, + owner @{HOME}/kodi_crashlog-@{int}_@{int}.log w, owner @{HOME}/.icons/default/index.theme r, @@ -68,7 +68,7 @@ profile kodi @{exec_path} { @{sys}/devices/system/node/ r, @{sys}/devices/system/node/node@{int}/meminfo r, @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_cur_freq r, - @{sys}/devices/virtual/thermal/thermal_zone[0-9]*/temp r, + @{sys}/devices/virtual/thermal/thermal_zone@{int}/temp r, @{run}/udev/data/* r, @@ -84,7 +84,7 @@ profile kodi @{exec_path} { # file_inherit /usr/share/kodi/** r, - /sys/devices/virtual/thermal/thermal_zone[0-9]*/temp r, + /sys/devices/virtual/thermal/thermal_zone@{int}/temp r, /sys/devices/system/cpu/cpufreq/policy@{int}/scaling_cur_freq r, /home/morfik/.kodi/temp/kodi.log w, diff --git a/apparmor.d/profiles-g-l/last b/apparmor.d/profiles-g-l/last index 5cbd647c..91a78e0e 100644 --- a/apparmor.d/profiles-g-l/last +++ b/apparmor.d/profiles-g-l/last @@ -24,7 +24,7 @@ profile last @{exec_path} { @{PROC}/@{pids}/loginuid r, /var/log/wtmp r, - /var/log/btmp{,.[0-9]*} r, + /var/log/btmp{,.@{int}} r, include if exists } diff --git a/apparmor.d/profiles-g-l/localepurge b/apparmor.d/profiles-g-l/localepurge index 9ee25683..53e3fd93 100644 --- a/apparmor.d/profiles-g-l/localepurge +++ b/apparmor.d/profiles-g-l/localepurge @@ -42,8 +42,8 @@ profile localepurge @{exec_path} { /usr/share/cups/{templates,locale,doc-root}/{,**/} r, /usr/share/cups/{templates,locale,doc-root}/**/** w, /usr/share/vim/ r, - /usr/share/vim/vim[0-9]*/lang/{,**/} r, - /usr/share/vim/vim[0-9]*/lang/**/** w, + /usr/share/vim/vim@{int}/lang/{,**/} r, + /usr/share/vim/vim@{int}/lang/**/** w, /usr/share/X11/locale/**/** w, /etc/locale.nopurge r, diff --git a/apparmor.d/profiles-g-l/login b/apparmor.d/profiles-g-l/login index ec7f68be..e26f82aa 100644 --- a/apparmor.d/profiles-g-l/login +++ b/apparmor.d/profiles-g-l/login @@ -52,7 +52,7 @@ profile login @{exec_path} flags=(attach_disconnected) { /etc/security/pam_env.conf r, /etc/shells r, - /var/log/btmp{,.[0-9]*} r, + /var/log/btmp{,.@{int}} r, owner @{user_cache_dirs}/motd.legal-displayed rw, diff --git a/apparmor.d/profiles-m-r/mandb b/apparmor.d/profiles-m-r/mandb index af2115e6..74cef286 100644 --- a/apparmor.d/profiles-m-r/mandb +++ b/apparmor.d/profiles-m-r/mandb @@ -30,7 +30,7 @@ profile mandb @{exec_path} flags=(complain) { /usr/{,share/}man/{,**} r, /usr/local/{,share/}man/{,**} r, - /usr/share/**/man/man[0-9]*/*.[0-9]*.gz r, + /usr/share/**/man/man@{int}/*.@{int}.gz r, owner @{user_share_dirs}/man/** rwk, diff --git a/apparmor.d/profiles-m-r/mke2fs b/apparmor.d/profiles-m-r/mke2fs index f1762dd4..4fc5c9d0 100644 --- a/apparmor.d/profiles-m-r/mke2fs +++ b/apparmor.d/profiles-m-r/mke2fs @@ -29,7 +29,7 @@ profile mke2fs @{exec_path} { owner @{user_img_dirs}/{,**} rwk, # For virt-resize - owner /var/tmp/.guestfs-[0-9]*/** rwk, + owner /var/tmp/.guestfs-@{int}/** rwk, owner @{run}/blkid/blkid.tab{,-@{rand6}} rw, owner @{run}/blkid/blkid.tab.old rwl -> @{run}/blkid/blkid.tab, diff --git a/apparmor.d/profiles-m-r/monitorix b/apparmor.d/profiles-m-r/monitorix index 0c536a6f..56bcc21e 100644 --- a/apparmor.d/profiles-m-r/monitorix +++ b/apparmor.d/profiles-m-r/monitorix @@ -95,7 +95,7 @@ profile monitorix @{exec_path} { @{PROC}/@{pids}/io r, @{sys}/class/i2c-adapter/ r, - @{sys}/devices/@{pci}/i2c-[0-9]*/name r, + @{sys}/devices/@{pci}/i2c-@{int}/name r, @{sys}/class/hwmon/ r, @{sys}/devices/**/thermal*/{,**} r, @{sys}/devices/**/hwmon*/{,**} r, diff --git a/apparmor.d/profiles-m-r/mount b/apparmor.d/profiles-m-r/mount index 59dc6666..339fc084 100644 --- a/apparmor.d/profiles-m-r/mount +++ b/apparmor.d/profiles-m-r/mount @@ -59,8 +59,8 @@ profile mount @{exec_path} flags=(attach_disconnected) { owner @{run}/mount/utab{,.*} rw, owner @{run}/mount/utab.lock wk, - /tmp/sanity-squashfs-[0-9]* rw, - /tmp/syscheck-squashfs-[0-9]* rw, + /tmp/sanity-squashfs-@{int} rw, + /tmp/syscheck-squashfs-@{int} rw, @{PROC}/@{pid}/mountinfo r, diff --git a/apparmor.d/profiles-m-r/obexautofs b/apparmor.d/profiles-m-r/obexautofs index 81ebc686..091a1df0 100644 --- a/apparmor.d/profiles-m-r/obexautofs +++ b/apparmor.d/profiles-m-r/obexautofs @@ -10,12 +10,16 @@ include @{exec_path} = @{bin}/obexautofs profile obexautofs @{exec_path} { include + include network bluetooth seqpacket, network bluetooth stream, network bluetooth raw, network netlink raw, + mount fstype=fuse.obexautofs -> @{HOME}/*/, + mount fstype=fuse.obexautofs -> @{HOME}/*/*/, + @{exec_path} mr, @{bin}/fusermount{,3} rCx -> fusermount, @@ -23,42 +27,31 @@ profile obexautofs @{exec_path} { owner @{HOME}/*/ r, owner @{HOME}/*/*/ r, - mount fstype=fuse.obexautofs -> @{HOME}/*/, - mount fstype=fuse.obexautofs -> @{HOME}/*/*/, - - @{sys}/bus/ r, - @{sys}/class/ r, - @{sys}/bus/usb/devices/ r, @{sys}/devices/@{pci}/usb@{int}/bConfigurationValue r, @{sys}/devices/@{pci}/usb@{int}/**/bConfigurationValue r, @{sys}/devices/@{pci}/usb@{int}/{uevent,busnum,devnum,speed,descriptors} r, @{sys}/devices/@{pci}/usb@{int}/**/{uevent,busnum,devnum,speed,descriptors} r, - @{run}/udev/data/+usb:* r, - @{run}/udev/data/c18[0,8,9]:[0-9]* r, # USB devices & USB serial converters - - /dev/bus/usb/ r, /dev/fuse rw, - profile fusermount { include include - # To mount anything: capability sys_admin, + mount fstype={fuse,fuse.obexautofs} -> @{HOME}/*/, + mount fstype={fuse,fuse.obexautofs} -> @{HOME}/*/*/, + @{bin}/fusermount{,3} mr, /etc/fuse.conf r, - /dev/fuse rw, - - mount fstype={fuse,fuse.obexautofs} -> @{HOME}/*/, - mount fstype={fuse,fuse.obexautofs} -> @{HOME}/*/*/, - @{PROC}/@{pid}/mounts r, + /dev/fuse rw, + + include if exists } include if exists diff --git a/apparmor.d/profiles-m-r/qemu-ga b/apparmor.d/profiles-m-r/qemu-ga index f9c9dca6..7e80ed01 100644 --- a/apparmor.d/profiles-m-r/qemu-ga +++ b/apparmor.d/profiles-m-r/qemu-ga @@ -39,7 +39,7 @@ profile qemu-ga @{exec_path} { owner @{PROC}/@{pid}/net/dev r, - /dev/vport[0-9]*p[0-9]* rw, + /dev/vport@{int}p@{int} rw, include if exists } \ No newline at end of file diff --git a/apparmor.d/profiles-m-r/qnapi b/apparmor.d/profiles-m-r/qnapi index d9502c05..4c38c95b 100644 --- a/apparmor.d/profiles-m-r/qnapi +++ b/apparmor.d/profiles-m-r/qnapi @@ -69,9 +69,9 @@ profile qnapi @{exec_path} { owner /tmp/#@{int} rw, owner /tmp/QNapi-*-rc wl -> /tmp/#@{int}, owner /tmp/QNapi-*-rc.lock rwk, - owner /tmp/QNapi.[0-9]*.tmp rw, - owner /tmp/QNapi.[0-9]*.tmp.* rw, - owner /tmp/QNapi.[0-9]*.tmp.* rwl -> /tmp/#@{int}, + owner /tmp/QNapi.@{int}.tmp rw, + owner /tmp/QNapi.@{int}.tmp.* rw, + owner /tmp/QNapi.@{int}.tmp.* rwl -> /tmp/#@{int}, owner /tmp/QNapi.@{int} rw, owner /dev/shm/#@{int} rw, diff --git a/apparmor.d/profiles-m-r/quiterss b/apparmor.d/profiles-m-r/quiterss index c8fe5a85..1f812d4c 100644 --- a/apparmor.d/profiles-m-r/quiterss +++ b/apparmor.d/profiles-m-r/quiterss @@ -66,8 +66,8 @@ profile quiterss @{exec_path} { /dev/shm/#@{int} rw, - owner /tmp/qtsingleapp-quiter-[0-9]*-[0-9]* rw, - owner /tmp/qtsingleapp-quiter-[0-9]*-[0-9]*-lockfile rwk, + owner /tmp/qtsingleapp-quiter-@{int}-@{int} rw, + owner /tmp/qtsingleapp-quiter-@{int}-@{int}-lockfile rwk, owner /var/tmp/etilqs_@{hex} rw, # Allowed apps to open diff --git a/apparmor.d/profiles-s-z/sensors b/apparmor.d/profiles-s-z/sensors index d204ef05..8adc87fa 100644 --- a/apparmor.d/profiles-s-z/sensors +++ b/apparmor.d/profiles-s-z/sensors @@ -24,11 +24,10 @@ profile sensors @{exec_path} { @{sys}/devices/**/hwmon*/{in[0-9]_label,in[0-9]_min,in[0-9]_max} r, @{sys}/devices/**/hwmon*/{name,temp*,*_input} r, @{sys}/devices/**/hwmon*/**/{name,temp*,*_input} r, - @{sys}/devices/**/hwmon/hwmon@{int}/power[0-9]*_crit r, - @{sys}/devices/{,platform/*.{i2c,hdmi}/}i2c-[0-9]*/name r, + @{sys}/devices/**/hwmon/hwmon@{int}/power@{int}_crit r, + @{sys}/devices/{,platform/*.{i2c,hdmi}/}i2c-@{int}/name r, @{sys}/devices/@{pci}/name r, @{sys}/devices/platform/**/power_supply/**/hwmon@{int}/curr1_max r, - @{sys}/devices/virtual/hwmon/hwmon[0-9]* r, @{sys}/devices/virtual/hwmon/hwmon@{int}/ r, @{sys}/devices/virtual/hwmon/hwmon@{int}/{name,temp*} r, @{sys}/devices/virtual/hwmon/hwmon@{int}/fan[0-9]_label r, diff --git a/apparmor.d/profiles-s-z/snapd b/apparmor.d/profiles-s-z/snapd index f6808b31..138a3555 100644 --- a/apparmor.d/profiles-s-z/snapd +++ b/apparmor.d/profiles-s-z/snapd @@ -122,9 +122,9 @@ profile snapd @{exec_path} { /var/cache/apparmor/*/snap* rw, /tmp/ r, - /tmp/syscheck-mountpoint-[0-9]*/{,**} rw, - /tmp/syscheck-squashfs-[0-9]* rw, - /tmp/read-file[0-9]*/{,**} rw, + /tmp/syscheck-mountpoint-@{int}/{,**} rw, + /tmp/syscheck-squashfs-@{int} rw, + /tmp/read-file@{int}/{,**} rw, /boot/ r, /boot/grub/grubenv r, diff --git a/apparmor.d/profiles-s-z/spice-vdagentd b/apparmor.d/profiles-s-z/spice-vdagentd index 538a5c71..14c4f1d7 100644 --- a/apparmor.d/profiles-s-z/spice-vdagentd +++ b/apparmor.d/profiles-s-z/spice-vdagentd @@ -26,7 +26,7 @@ profile spice-vdagentd @{exec_path} flags=(attach_disconnected) { @{PROC}/@{pids}/cgroup r, /dev/uinput rw, - /dev/vport[0-9]*p[0-9]* rw, + /dev/vport@{int}p@{int} rw, include if exists } diff --git a/apparmor.d/profiles-s-z/steam b/apparmor.d/profiles-s-z/steam index eed35986..055e894b 100644 --- a/apparmor.d/profiles-s-z/steam +++ b/apparmor.d/profiles-s-z/steam @@ -166,7 +166,7 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted,complain) @{sys}/devices/**/input/input@{int}/ r, @{sys}/devices/**/uevent r, @{sys}/devices/@{pci}/class r, - @{sys}/devices/@{pci}/i2c-[0-9]*/report_descriptor r, + @{sys}/devices/@{pci}/i2c-@{int}/report_descriptor r, @{sys}/devices/@{pci}/sound/card[0-9]*/** r, @{sys}/devices/@{pci}/usb@{int}/{manufacturer,product,bcdDevice,bInterfaceNumber} r, @{sys}/devices/system/cpu/** r, diff --git a/apparmor.d/profiles-s-z/steam-fossilize b/apparmor.d/profiles-s-z/steam-fossilize index 8fd49434..c097ead1 100644 --- a/apparmor.d/profiles-s-z/steam-fossilize +++ b/apparmor.d/profiles-s-z/steam-fossilize @@ -18,10 +18,10 @@ profile steam-fossilize @{exec_path} flags=(attach_disconnected) { owner @{HOME}/.steam/steam.pipe r, - owner @{user_share_dirs}/Steam/steamapps/shadercache/@{int}/fozpipelinesv[0-9]*/{,**} rw, + owner @{user_share_dirs}/Steam/steamapps/shadercache/@{int}/fozpipelinesv@{int}/{,**} rw, owner @{user_share_dirs}/Steam/steamapps/shadercache/@{int}/mesa_shader_cache_sf/{,**} rwk, - owner @{user_share_dirs}/Steam/steamapps/shadercache/@{int}/nvidiav[0-9]*/GLCache/ rw, - owner @{user_share_dirs}/Steam/steamapps/shadercache/@{int}/nvidiav[0-9]*/GLCache/** rwk, + owner @{user_share_dirs}/Steam/steamapps/shadercache/@{int}/nvidiav@{int}/GLCache/ rw, + owner @{user_share_dirs}/Steam/steamapps/shadercache/@{int}/nvidiav@{int}/GLCache/** rwk, owner @{run}/user/@{uid}/.mutter-Xwaylandauth.[0-9A-Z]* rw, @@ -31,7 +31,7 @@ profile steam-fossilize @{exec_path} flags=(attach_disconnected) { @{PROC}/pressure/io r, owner @{PROC}/@{pid}/task/@{tid}/comm rw, - owner /dev/shm/fossilize-*-[0-9]*-[0-9]* rw, + owner /dev/shm/fossilize-*-@{int}-@{int} rw, deny owner @{user_share_dirs}/gvfs-metadata/{,*} r, diff --git a/apparmor.d/profiles-s-z/steam-game b/apparmor.d/profiles-s-z/steam-game index 484adb63..947dda2b 100644 --- a/apparmor.d/profiles-s-z/steam-game +++ b/apparmor.d/profiles-s-z/steam-game @@ -101,7 +101,7 @@ profile steam-game @{exec_path} flags=(attach_disconnected) { @{user_share_dirs}/Steam/legacycompat/** mr, @{user_share_dirs}/Steam/linux{32,64}/ r, @{user_share_dirs}/Steam/linux{32,64}/**.so* mr, - @{user_share_dirs}/Steam/standalone_installscript_progress_[0-9]*.vdf rw, + @{user_share_dirs}/Steam/standalone_installscript_progress_@{int}.vdf rw, @{user_share_dirs}/Steam/steamapps/common/*/* mr, @{user_share_dirs}/Steam/steamapps/common/Proton*/ r, @{user_share_dirs}/Steam/steamapps/common/Proton*/files/bin/* mrix, @@ -195,9 +195,9 @@ profile steam-game @{exec_path} flags=(attach_disconnected) { @{sys}/devices/**/input@{int}/capabilities/* r, @{sys}/devices/**/input/input@{int}/ r, @{sys}/devices/**/uevent r, - @{sys}/devices/@{pci}/sound/card[0-9]*/** r, + @{sys}/devices/@{pci}/sound/card@{int}/** r, @{sys}/devices/@{pci}/usb@{int}/{manufacturer,product,bcdDevice,bInterfaceNumber} r, - @{sys}/devices/system/clocksource/clocksource[0-9]*/current_clocksource r, + @{sys}/devices/system/clocksource/clocksource@{int}/current_clocksource r, @{sys}/devices/system/cpu/** r, @{sys}/devices/system/node/node[0-9]/cpumap r, @{sys}/devices/system/node/online r, diff --git a/apparmor.d/profiles-s-z/thermald b/apparmor.d/profiles-s-z/thermald index c75b992d..f95c7d38 100644 --- a/apparmor.d/profiles-s-z/thermald +++ b/apparmor.d/profiles-s-z/thermald @@ -46,7 +46,7 @@ profile thermald @{exec_path} flags=(attach_disconnected) { @{sys}/devices/**/hwmon@{int}/ r, @{sys}/devices/**/hwmon@{int}/name r, - @{sys}/devices/**/hwmon@{int}/temp[0-9]*_{max,crit} r, + @{sys}/devices/**/hwmon@{int}/temp@{int}_{max,crit} r, @{sys}/devices/**/path r, @{sys}/devices/virtual/dmi/id/product_name r, @@ -57,10 +57,10 @@ profile thermald @{exec_path} flags=(attach_disconnected) { @{sys}/devices/virtual/thermal/thermal_zone@{int}/ r, @{sys}/devices/virtual/thermal/thermal_zone@{int}/mode rw, @{sys}/devices/virtual/thermal/thermal_zone@{int}/policy rw, - @{sys}/devices/virtual/thermal/thermal_zone@{int}/trip_point_[0-9]*_temp rw, - @{sys}/devices/virtual/thermal/thermal_zone@{int}/trip_point_[0-9]*_type r, - @{sys}/devices/virtual/thermal/thermal_zone@{int}/trip_point_[0-9]*_hyst r, - @{sys}/devices/virtual/thermal/thermal_zone@{int}/cdev[0-9]*_trip_point r, + @{sys}/devices/virtual/thermal/thermal_zone@{int}/trip_point_@{int}_temp rw, + @{sys}/devices/virtual/thermal/thermal_zone@{int}/trip_point_@{int}_type r, + @{sys}/devices/virtual/thermal/thermal_zone@{int}/trip_point_@{int}_hyst r, + @{sys}/devices/virtual/thermal/thermal_zone@{int}/cdev@{int}_trip_point r, @{sys}/devices/virtual/thermal/cooling_device[@{int}/ r, @{sys}/devices/virtual/thermal/cooling_device@{int}/cur_state rw, @@ -72,7 +72,7 @@ profile thermald @{exec_path} flags=(attach_disconnected) { @{sys}/devices/virtual/powercap/intel-rapl{,-mmio}/intel-rapl{,-mmio}:@{int}/* r, @{sys}/devices/virtual/powercap/intel-rapl{,-mmio}/intel-rapl{,-mmio}:@{int}/constraint_* w, @{sys}/devices/virtual/powercap/intel-rapl{,-mmio}/intel-rapl{,-mmio}:@{int}/enabled w, - @{sys}/devices/virtual/powercap/intel-rapl{,-mmio}/intel-rapl{,-mmio}:@{int}/intel-rapl:[0-9]*:[0-9]*/{,*} r, + @{sys}/devices/virtual/powercap/intel-rapl{,-mmio}/intel-rapl{,-mmio}:@{int}/intel-rapl:@{int}/{,*} r, /dev/acpi_thermal_rel rw, /dev/input/ r, diff --git a/apparmor.d/profiles-s-z/thinkfan b/apparmor.d/profiles-s-z/thinkfan index 454c5dfb..cd516049 100644 --- a/apparmor.d/profiles-s-z/thinkfan +++ b/apparmor.d/profiles-s-z/thinkfan @@ -16,9 +16,9 @@ profile thinkfan @{exec_path} { /etc/thinkfan.conf r, /etc/thinkfan.yaml r, - @{sys}/devices/**/hwmon/**/pwm[0-9]* rw, - @{sys}/devices/**/hwmon/**/pwm[0-9]*_enable rw, - @{sys}/devices/**/hwmon/**/temp[0-9]*_input r, + @{sys}/devices/**/hwmon/**/pwm@{int} rw, + @{sys}/devices/**/hwmon/**/pwm@{int}_enable rw, + @{sys}/devices/**/hwmon/**/temp@{int}_input r, @{PROC}/acpi/ibm/thermal r, @{PROC}/acpi/ibm/fan rw, diff --git a/apparmor.d/profiles-s-z/tint2 b/apparmor.d/profiles-s-z/tint2 index 8f39dc28..889014b1 100644 --- a/apparmor.d/profiles-s-z/tint2 +++ b/apparmor.d/profiles-s-z/tint2 @@ -43,7 +43,7 @@ profile tint2 @{exec_path} { owner @{HOME}/.Xauthority r, - owner /tmp/tint2-@{pid}-[0-9]*.png rw, + owner /tmp/tint2-@{pid}-@{int}.png rw, # Battery applet @{sys}/class/power_supply/ r, diff --git a/apparmor.d/profiles-s-z/udisksd b/apparmor.d/profiles-s-z/udisksd index 5564cf30..c0d73b02 100644 --- a/apparmor.d/profiles-s-z/udisksd +++ b/apparmor.d/profiles-s-z/udisksd @@ -126,7 +126,7 @@ profile udisksd @{exec_path} flags=(attach_disconnected) { @{sys}/devices/@{pci}/{ata,usb,mmc}[0-9]/{,**/}remove rw, @{sys}/devices/virtual/bdi/**/read_ahead_kb r, @{sys}/devices/virtual/block/*/{,**} rw, - @{sys}/devices/virtual/block/loop[0-9]*/uevent rw, + @{sys}/devices/virtual/block/loop@{int}/uevent rw, @{sys}/devices/virtual/dmi/id/product_uuid r, @{sys}/devices/virtual/nvme-subsystem/{,**} r, @{sys}/fs/ r, @@ -139,7 +139,7 @@ profile udisksd @{exec_path} flags=(attach_disconnected) { owner @{PROC}/@{pid}/mounts r, /dev/loop-control rw, - /dev/null.[0-9]* rw, + /dev/null.@{int} rw, include if exists } diff --git a/apparmor.d/profiles-s-z/unhide-tcp b/apparmor.d/profiles-s-z/unhide-tcp index 8646eadb..bd17557d 100644 --- a/apparmor.d/profiles-s-z/unhide-tcp +++ b/apparmor.d/profiles-s-z/unhide-tcp @@ -29,7 +29,7 @@ profile unhide-tcp @{exec_path} { @{PROC}/@{pids}/fd/ r, # For logs - /**/unhide-tcp_[0-9]*-[0-9]*-[0-9]*.log w, + /**/unhide-tcp_@{int}-@{int}-@{int}.log w, include if exists } diff --git a/apparmor.d/profiles-s-z/update-smart-drivedb b/apparmor.d/profiles-s-z/update-smart-drivedb index 2d88b24a..921f3d39 100644 --- a/apparmor.d/profiles-s-z/update-smart-drivedb +++ b/apparmor.d/profiles-s-z/update-smart-drivedb @@ -37,7 +37,7 @@ profile update-smart-drivedb @{exec_path} { /var/lib/smartmontools/drivedb/drivedb.h{,.*} rw, - owner /var/lib/smartmontools/drivedb/.gnupg.[0-9]*.tmp/{,**} rw, + owner /var/lib/smartmontools/drivedb/.gnupg.@{int}.tmp/{,**} rw, # For shell pwd /root/ r, @@ -55,8 +55,8 @@ profile update-smart-drivedb @{exec_path} { /var/lib/smartmontools/drivedb/drivedb.h.new.raw{,.asc} r, - owner /var/lib/smartmontools/drivedb/.gnupg.[0-9]*.tmp/ rw, - owner /var/lib/smartmontools/drivedb/.gnupg.[0-9]*.tmp/** rwkl -> /var/lib/smartmontools/drivedb/.gnupg.[0-9]*.tmp/**, + owner /var/lib/smartmontools/drivedb/.gnupg.@{int}.tmp/ rw, + owner /var/lib/smartmontools/drivedb/.gnupg.@{int}.tmp/** rwkl -> /var/lib/smartmontools/drivedb/.gnupg.@{int}.tmp/**, } diff --git a/apparmor.d/profiles-s-z/usbguard b/apparmor.d/profiles-s-z/usbguard index e4cc0e04..b627eb46 100644 --- a/apparmor.d/profiles-s-z/usbguard +++ b/apparmor.d/profiles-s-z/usbguard @@ -25,8 +25,8 @@ profile usbguard @{exec_path} { /etc/usbguard/*.conf rw, /etc/usbguard/IPCAccessControl.d/{,*} rw, - /dev/shm/qb-usbguard-{request,response,event}-[0-9]*-[0-9]*-[0-9]*-{header,data} rw, - /dev/shm/qb-[0-9]*-[0-9]*-[0-9]*-*/qb-{request,response,event}-usbguard-{header,data} rw, + /dev/shm/qb-usbguard-{request,response,event}-@{int}-@{int}-@{int}-{header,data} rw, + /dev/shm/qb-@{int}-@{int}-@{int}-*/qb-{request,response,event}-usbguard-{header,data} rw, # For "usbguard generate-policy" @{sys}/devices/@{pci}/uevent r, diff --git a/apparmor.d/profiles-s-z/usbguard-applet-qt b/apparmor.d/profiles-s-z/usbguard-applet-qt index 55636a57..e87f58f1 100644 --- a/apparmor.d/profiles-s-z/usbguard-applet-qt +++ b/apparmor.d/profiles-s-z/usbguard-applet-qt @@ -29,10 +29,10 @@ profile usbguard-applet-qt @{exec_path} { owner @{user_config_dirs}/USBGuard/* rwkl -> @{user_config_dirs}/USBGuard/#@{int}, /dev/shm/#@{int} rw, - /dev/shm/qb-usbguard-{request,response,event}-[0-9]*-[0-9]*-[0-9]*-{header,data} rw, - /dev/shm/qb-[0-9]*-[0-9]*-[0-9]*-*/qb-{request,response,event}-usbguard-{header,data} rw, + /dev/shm/qb-usbguard-{request,response,event}-@{int}-@{int}-@{int}-{header,data} rw, + /dev/shm/qb-@{int}-@{int}-@{int}-*/qb-{request,response,event}-usbguard-{header,data} rw, - owner @{run}/user/@{uid}/sni-qt_usbguard-applet-qt_[0-9]*-[a-zA-Z0-9]*/{,**} rw, + owner @{run}/user/@{uid}/sni-qt_usbguard-applet-qt_@{int}-[a-zA-Z0-9]*/{,**} rw, owner @{PROC}/@{pid}/cmdline r, @{PROC}/sys/kernel/core_pattern r, diff --git a/apparmor.d/profiles-s-z/usbguard-daemon b/apparmor.d/profiles-s-z/usbguard-daemon index 7bff8a3f..cc2c5e02 100644 --- a/apparmor.d/profiles-s-z/usbguard-daemon +++ b/apparmor.d/profiles-s-z/usbguard-daemon @@ -29,9 +29,9 @@ profile usbguard-daemon @{exec_path} flags=(attach_disconnected) { /var/log/usbguard/usbguard-audit.log rw, /dev/shm/ r, - /dev/shm/qb-usbguard-{request,response,event}-[0-9]*-[0-9]*-[0-9]*-{header,data} rw, - /dev/shm/qb-[0-9]*-[0-9]*-[0-9]*-*/ rw, - /dev/shm/qb-[0-9]*-[0-9]*-[0-9]*-*/qb-{request,response,event}-usbguard-{header,data} rw, + /dev/shm/qb-usbguard-{request,response,event}-@{int}-@{int}-@{int}-{header,data} rw, + /dev/shm/qb-@{int}-@{int}-*/ rw, + /dev/shm/qb-@{int}-@{int}-@{int}-*/qb-{request,response,event}-usbguard-{header,data} rw, @{sys}/devices/@{pci}/uevent r, diff --git a/apparmor.d/profiles-s-z/usbguard-dbus b/apparmor.d/profiles-s-z/usbguard-dbus index c1f15007..221965e7 100644 --- a/apparmor.d/profiles-s-z/usbguard-dbus +++ b/apparmor.d/profiles-s-z/usbguard-dbus @@ -15,8 +15,8 @@ profile usbguard-dbus @{exec_path} { deny capability sys_nice, @{exec_path} mr, - /dev/shm/qb-usbguard-{request,response,event}-[0-9]*-[0-9]*-[0-9]*-{header,data} rw, - /dev/shm/qb-[0-9]*-[0-9]*-[0-9]*-*/qb-{request,response,event}-usbguard-{header,data} rw, + /dev/shm/qb-usbguard-{request,response,event}-@{int}-@{int}-@{int}-{header,data} rw, + /dev/shm/qb-@{int}-@{int}-@{int}-*/qb-{request,response,event}-usbguard-{header,data} rw, include if exists } diff --git a/apparmor.d/profiles-s-z/usbguard-notifier b/apparmor.d/profiles-s-z/usbguard-notifier index 89c1d0b1..f8f2b75a 100644 --- a/apparmor.d/profiles-s-z/usbguard-notifier +++ b/apparmor.d/profiles-s-z/usbguard-notifier @@ -13,8 +13,8 @@ profile usbguard-notifier @{exec_path} { @{exec_path} mr, - /dev/shm/qb-usbguard-{request,response,event}-[0-9]*-[0-9]*-[0-9]*-{header,data} rw, - /dev/shm/qb-[0-9]*-[0-9]*-[0-9]*-*/qb-{request,response,event}-usbguard-{header,data} rw, + /dev/shm/qb-usbguard-{request,response,event}-@{int}-@{int}-@{int}-{header,data} rw, + /dev/shm/qb-@{int}-@{int}-@{int}-*/qb-{request,response,event}-usbguard-{header,data} rw, owner @{PROC}/@{pid}/loginuid r, diff --git a/apparmor.d/profiles-s-z/utmpdump b/apparmor.d/profiles-s-z/utmpdump index a714a9d5..3cb319f2 100644 --- a/apparmor.d/profiles-s-z/utmpdump +++ b/apparmor.d/profiles-s-z/utmpdump @@ -13,8 +13,8 @@ profile utmpdump @{exec_path} { @{exec_path} mr, - /var/log/wtmp{,.[0-9]*} r, - /var/log/btmp{,.[0-9]*} r, + /var/log/wtmp{,.@{int}} r, + /var/log/btmp{,.@{int}} r, include if exists } diff --git a/apparmor.d/profiles-s-z/virt-manager b/apparmor.d/profiles-s-z/virt-manager index d2650862..efa2ef2b 100644 --- a/apparmor.d/profiles-s-z/virt-manager +++ b/apparmor.d/profiles-s-z/virt-manager @@ -33,7 +33,7 @@ profile virt-manager @{exec_path} flags=(attach_disconnected) { @{sh_path} rix, @{bin}/python3.@{int} r, - @{lib}/python3.@{int}/site-packages/__pycache__/guestfs.cpython-[0-9]*.pyc.[0-9]* w, + @{lib}/python3.@{int}/site-packages/__pycache__/guestfs.cpython-@{int}.pyc.@{int} w, @{bin}/ r, @{bin}/env rix, diff --git a/apparmor.d/profiles-s-z/wireplumber b/apparmor.d/profiles-s-z/wireplumber index 85c11563..267d3aa6 100644 --- a/apparmor.d/profiles-s-z/wireplumber +++ b/apparmor.d/profiles-s-z/wireplumber @@ -65,7 +65,7 @@ profile wireplumber @{exec_path} { @{sys}/devices/**/device:*/**/path r, @{sys}/devices/**/sound/**/pcm_class r, @{sys}/devices/**/sound/**/uevent r, - @{sys}/devices/@{pci}/video4linux/video[0-9]*/uevent r, + @{sys}/devices/@{pci}/video4linux/video@{int}/uevent r, @{sys}/devices/virtual/dmi/id/bios_vendor r, @{sys}/devices/virtual/dmi/id/product_name r, @{sys}/devices/virtual/dmi/id/sys_vendor r, diff --git a/apparmor.d/profiles-s-z/wireshark b/apparmor.d/profiles-s-z/wireshark index 9c48d016..1ec98542 100644 --- a/apparmor.d/profiles-s-z/wireshark +++ b/apparmor.d/profiles-s-z/wireshark @@ -79,7 +79,7 @@ profile wireshark @{exec_path} { /dev/shm/#@{int} rw, - owner /tmp/wireshark_extcap_ciscodump_[0-9]*_* rw, + owner /tmp/wireshark_extcap_ciscodump_@{int}_* rw, # Allowed apps to open @{lib}/firefox/firefox rPUx, diff --git a/apparmor.d/profiles-s-z/wpa-action b/apparmor.d/profiles-s-z/wpa-action index 668acd0f..59c06ee5 100644 --- a/apparmor.d/profiles-s-z/wpa-action +++ b/apparmor.d/profiles-s-z/wpa-action @@ -33,10 +33,10 @@ profile wpa-action @{exec_path} { /etc/network/interfaces r, /etc/network/interfaces.d/{,*} r, - owner @{run}/wpa_action.wlan[0-9]*.ifupdown rw, - owner @{run}/wpa_action.wlan[0-9]*.timestamp rw, - owner @{run}/network/ifstate.wlan[0-9]* rwk, - owner @{run}/sendsigs.omit.d/wpasupplicant.wpa_supplicant.wlan[0-9]*.pid rw, + owner @{run}/wpa_action.wlan@{int}.ifupdown rw, + owner @{run}/wpa_action.wlan@{int}.timestamp rw, + owner @{run}/network/ifstate.wlan@{int} rwk, + owner @{run}/sendsigs.omit.d/wpasupplicant.wpa_supplicant.wlan@{int}.pid rw, include if exists } diff --git a/apparmor.d/profiles-s-z/wpa-cli b/apparmor.d/profiles-s-z/wpa-cli index bf6b7e27..c324f3b9 100644 --- a/apparmor.d/profiles-s-z/wpa-cli +++ b/apparmor.d/profiles-s-z/wpa-cli @@ -18,7 +18,7 @@ profile wpa-cli @{exec_path} { /etc/inputrc r, owner @{HOME}/.wpa_cli_history rw, - owner @{HOME}/.wpa_cli_history-[0-9]*.tmp rw, + owner @{HOME}/.wpa_cli_history-@{int}.tmp rw, owner @{run}/wpa_supplicant/ r, owner /tmp/wpa_ctrl_@{pid}-[0-9] rw, diff --git a/apparmor.d/profiles-s-z/xsel b/apparmor.d/profiles-s-z/xsel index 2833d36d..6b065bcd 100644 --- a/apparmor.d/profiles-s-z/xsel +++ b/apparmor.d/profiles-s-z/xsel @@ -19,7 +19,7 @@ profile xsel @{exec_path} { owner @{user_cache_dirs}/xsel.log rw, owner @{HOME}/.Xauthority r, - owner /tmp/xauth-[0-9]*-_[0-9] r, + owner /tmp/xauth-@{int}-_[0-9] r, # file_inherit owner /dev/tty@{int} rw, diff --git a/apparmor.d/profiles-s-z/youtube-viewer b/apparmor.d/profiles-s-z/youtube-viewer index b99c5a5e..3a71104d 100644 --- a/apparmor.d/profiles-s-z/youtube-viewer +++ b/apparmor.d/profiles-s-z/youtube-viewer @@ -61,7 +61,7 @@ profile youtube-viewer @{exec_path} { /etc/wgetrc r, owner @{HOME}/.wget-hsts r, - owner @{HOME}/wget-log{,.[0-9]*} rw, + owner @{HOME}/wget-log{,.@{int}} rw, }