diff --git a/apparmor.d/abstractions/user-download-strict b/apparmor.d/abstractions/user-download-strict index 1786d10a..e6dc6e8f 100644 --- a/apparmor.d/abstractions/user-download-strict +++ b/apparmor.d/abstractions/user-download-strict @@ -7,11 +7,8 @@ owner @{HOME}/@{XDG_DOWNLOAD_DIR}/ r, owner @{HOME}/@{XDG_DOWNLOAD_DIR}/** rwkl, - owner /media/*/@{XDG_DOWNLOAD_DIR}/ r, - owner /media/*/@{XDG_DOWNLOAD_DIR}/** rwkl, - - owner /mnt/*/@{XDG_DOWNLOAD_DIR}/ r, - owner /mnt/*/@{XDG_DOWNLOAD_DIR}/** rwkl, + owner @{MOUNTS}/*/@{XDG_DOWNLOAD_DIR}/ r, + owner @{MOUNTS}/*/@{XDG_DOWNLOAD_DIR}/** rwkl, owner @{HOME}/@{XDG_DESKTOP_DIR}/ r, owner @{HOME}/@{XDG_DESKTOP_DIR}/** rwkl, diff --git a/apparmor.d/groups/apps/android-studio b/apparmor.d/groups/apps/android-studio index cc9c15f1..4ead5295 100644 --- a/apparmor.d/groups/apps/android-studio +++ b/apparmor.d/groups/apps/android-studio @@ -6,8 +6,8 @@ abi , include -@{AS_LIBDIR} = /media/*/android-studio -@{AS_SDKDIR} = /media/*/SDK +@{AS_LIBDIR} = @{MOUNTS}/*/android-studio +@{AS_SDKDIR} = @{MOUNTS}/*/SDK @{AS_HOMEDIR} = @{HOME}/.AndroidStudio* @{AS_PROJECTDIR} = @{HOME}/AndroidStudioProjects @@ -90,8 +90,8 @@ profile android-studio @{exec_path} { / r, /home/ r, - /media/ r, - /media/*/ r, + @{MOUNTS}/ r, + @{MOUNTS}/*/ r, /usr/ r, /{usr/,}lib/ r, /{usr/,}lib{x32,32,64}/ r, diff --git a/apparmor.d/groups/apps/atom b/apparmor.d/groups/apps/atom index 66f5bdb7..9ea9a4c9 100644 --- a/apparmor.d/groups/apps/atom +++ b/apparmor.d/groups/apps/atom @@ -86,10 +86,10 @@ profile atom @{exec_path} { # Git dirs / r, - /media/ r, - owner /media/*/ r, - owner /media/*/atom/ r, - owner /media/*/atom/** rwkl -> /media/*/atom/**, + @{MOUNTS}/ r, + owner @{MOUNTS}/*/ r, + owner @{MOUNTS}/*/atom/ r, + owner @{MOUNTS}/*/atom/** rwkl -> @{MOUNTS}/*/atom/**, owner @{user_config_dirs}/git/config r, diff --git a/apparmor.d/groups/apps/calibre b/apparmor.d/groups/apps/calibre index a597a701..699e76af 100644 --- a/apparmor.d/groups/apps/calibre +++ b/apparmor.d/groups/apps/calibre @@ -76,8 +76,8 @@ profile calibre @{exec_path} { /home/ r, owner @{HOME}/ r, owner @{HOME}/**/ r, - /media/ r, - owner /media/**/ r, + @{MOUNTS}/ r, + owner @{MOUNTS}/**/ r, owner /{home,media}/**.@{calibre_ext} rw, /usr/share/calibre/{,**} r, @@ -85,9 +85,9 @@ profile calibre @{exec_path} { owner @{HOME}/@{XDG_BOOKS_DIR} rw, owner @{HOME}/@{XDG_BOOKS_DIR}/** rwkl, - owner /media/*/@{XDG_BOOKS_DIR}/ r, - owner /media/*/@{XDG_BOOKS_DIR}*/ rw, - owner /media/*/@{XDG_BOOKS_DIR}*/** rwkl -> /media/*/@{XDG_BOOKS_DIR}*/**, + owner @{MOUNTS}/*/@{XDG_BOOKS_DIR}/ r, + owner @{MOUNTS}/*/@{XDG_BOOKS_DIR}*/ rw, + owner @{MOUNTS}/*/@{XDG_BOOKS_DIR}*/** rwkl -> @{MOUNTS}/*/@{XDG_BOOKS_DIR}*/**, owner @{user_config_dirs}/calibre/ rw, owner @{user_config_dirs}/calibre/** rwk, diff --git a/apparmor.d/groups/apps/code b/apparmor.d/groups/apps/code index 7cd3cbba..854e99e8 100644 --- a/apparmor.d/groups/apps/code +++ b/apparmor.d/groups/apps/code @@ -65,10 +65,10 @@ profile code @{exec_path} { # Git dirs / r, - /media/ r, - owner /media/*/ r, - owner /media/*/code/ r, - owner /media/*/code/** rwkl -> /media/*/code/**, + @{MOUNTS}/ r, + owner @{MOUNTS}/*/ r, + owner @{MOUNTS}/*/code/ r, + owner @{MOUNTS}/*/code/** rwkl -> @{MOUNTS}/*/code/**, # To remove the following error: # Error initializing NSS with a persistent database diff --git a/apparmor.d/groups/apps/filezilla b/apparmor.d/groups/apps/filezilla index b9e3d3f9..3120b2f1 100644 --- a/apparmor.d/groups/apps/filezilla +++ b/apparmor.d/groups/apps/filezilla @@ -57,8 +57,8 @@ profile filezilla @{exec_path} { /{usr/,}lib/firefox/firefox rPUx, # FTP share folder - owner /media/*/ftp/ r, - owner /media/*/ftp/** rw, + owner @{MOUNTS}/*/ftp/ r, + owner @{MOUNTS}/*/ftp/** rw, # Silencer / r, diff --git a/apparmor.d/groups/apps/geany b/apparmor.d/groups/apps/geany index 2b97957f..57dd1455 100644 --- a/apparmor.d/groups/apps/geany +++ b/apparmor.d/groups/apps/geany @@ -72,9 +72,9 @@ profile geany @{exec_path} { /lost+found/ r, /lost+found/** r, owner /lost+found/** rw, - /media/ r, - /media/** r, - owner /media/** rw, + @{MOUNTS}/ r, + @{MOUNTS}/** r, + owner @{MOUNTS}/** rw, /mnt/ r, /mnt/** r, owner /mnt/** rw, diff --git a/apparmor.d/groups/apps/okular b/apparmor.d/groups/apps/okular index 2968fc23..d550ed07 100644 --- a/apparmor.d/groups/apps/okular +++ b/apparmor.d/groups/apps/okular @@ -33,8 +33,8 @@ profile okular @{exec_path} { /home/ r, owner @{HOME}/ r, owner @{HOME}/**/ r, - /media/ r, - owner /media/**/ r, + @{MOUNTS}/ r, + owner @{MOUNTS}/**/ r, /tmp/ r, /tmp/mozilla_*/ r, owner /{home,media,tmp/mozilla_*}/**.@{okular_ext} rw, diff --git a/apparmor.d/groups/apps/telegram-desktop b/apparmor.d/groups/apps/telegram-desktop index 1298a59d..d3fe0faf 100644 --- a/apparmor.d/groups/apps/telegram-desktop +++ b/apparmor.d/groups/apps/telegram-desktop @@ -6,7 +6,7 @@ abi , include -@{TELEGRAM_WORK_DIR} = /media/Kabi/telegram +@{TELEGRAM_WORK_DIR} = @{MOUNTS}/Kabi/telegram @{exec_path} = /{usr/,}bin/telegram-desktop profile telegram-desktop @{exec_path} { diff --git a/apparmor.d/groups/apps/vlc b/apparmor.d/groups/apps/vlc index c8751640..b79b404c 100644 --- a/apparmor.d/groups/apps/vlc +++ b/apparmor.d/groups/apps/vlc @@ -86,8 +86,8 @@ profile vlc @{exec_path} { /home/ r, owner @{HOME}/ r, owner @{HOME}/**/ r, - /media/ r, - owner /media/**/ r, + @{MOUNTS}/ r, + owner @{MOUNTS}/**/ r, owner /{home,media}/**.@{vlc_ext} rw, /var/lib/dbus/machine-id r, diff --git a/apparmor.d/groups/apt/apt b/apparmor.d/groups/apt/apt index 71a4cc7b..4a0519b7 100644 --- a/apparmor.d/groups/apt/apt +++ b/apparmor.d/groups/apt/apt @@ -6,7 +6,7 @@ abi , include -@{BUILD_DIR} = /media/debuilder/ +@{BUILD_DIR} = @{MOUNTS}/debuilder/ @{exec_path} = /{usr/,}bin/apt profile apt @{exec_path} flags=(complain) { diff --git a/apparmor.d/groups/apt/apt-cdrom b/apparmor.d/groups/apt/apt-cdrom index 919e156b..dd703329 100644 --- a/apparmor.d/groups/apt/apt-cdrom +++ b/apparmor.d/groups/apt/apt-cdrom @@ -39,11 +39,11 @@ profile apt-cdrom @{exec_path} flags=(complain) { /media/cdrom[0-9]/dists/**/i18n/Translation-en{,.gz} r, # For pendrives - /media/*/*/ r, - /media/*/*/**/ r, - /media/*/*/.disk/info r, - /media/*/*/dists/**/binary-*/Packages{,.gz} r, - /media/*/*/dists/**/i18n/Translation-en{,.gz} r, + @{MOUNTS}/*/*/ r, + @{MOUNTS}/*/*/**/ r, + @{MOUNTS}/*/*/.disk/info r, + @{MOUNTS}/*/*/dists/**/binary-*/Packages{,.gz} r, + @{MOUNTS}/*/*/dists/**/i18n/Translation-en{,.gz} r, /var/lib/apt/lists/** rw, diff --git a/apparmor.d/groups/apt/apt-extracttemplates b/apparmor.d/groups/apt/apt-extracttemplates index 2e70f21f..bfbbd845 100644 --- a/apparmor.d/groups/apt/apt-extracttemplates +++ b/apparmor.d/groups/apt/apt-extracttemplates @@ -6,7 +6,7 @@ abi , include -@{BUILD_DIR} = /media/debuilder/ +@{BUILD_DIR} = @{MOUNTS}/debuilder/ @{exec_path} = /{usr/,}bin/apt-extracttemplates profile apt-extracttemplates @{exec_path} { diff --git a/apparmor.d/groups/apt/apt-ftparchive b/apparmor.d/groups/apt/apt-ftparchive index e8e3a63a..a4e56a2f 100644 --- a/apparmor.d/groups/apt/apt-ftparchive +++ b/apparmor.d/groups/apt/apt-ftparchive @@ -6,7 +6,7 @@ abi , include -@{BUILD_DIR} = /media/debuilder/ +@{BUILD_DIR} = @{MOUNTS}/debuilder/ @{exec_path} = /{usr/,}bin/apt-ftparchive profile apt-ftparchive @{exec_path} { diff --git a/apparmor.d/groups/apt/apt-get b/apparmor.d/groups/apt/apt-get index fa556c9a..d589f1d7 100644 --- a/apparmor.d/groups/apt/apt-get +++ b/apparmor.d/groups/apt/apt-get @@ -6,7 +6,7 @@ abi , include -@{BUILD_DIR} = /media/debuilder/ +@{BUILD_DIR} = @{MOUNTS}/debuilder/ @{exec_path} = /{usr/,}bin/apt-get profile apt-get @{exec_path} flags=(complain) { diff --git a/apparmor.d/groups/apt/apt-methods-cdrom b/apparmor.d/groups/apt/apt-methods-cdrom index bedd1b9e..cda7d149 100644 --- a/apparmor.d/groups/apt/apt-methods-cdrom +++ b/apparmor.d/groups/apt/apt-methods-cdrom @@ -6,7 +6,7 @@ abi , include -@{BUILD_DIR} = /media/debuilder/ +@{BUILD_DIR} = @{MOUNTS}/debuilder/ @{exec_path} = /{usr/,}lib/apt/methods/cdrom profile apt-methods-cdrom @{exec_path} { diff --git a/apparmor.d/groups/apt/apt-methods-copy b/apparmor.d/groups/apt/apt-methods-copy index 4dd16242..62e6c193 100644 --- a/apparmor.d/groups/apt/apt-methods-copy +++ b/apparmor.d/groups/apt/apt-methods-copy @@ -6,7 +6,7 @@ abi , include -@{BUILD_DIR} = /media/debuilder/ +@{BUILD_DIR} = @{MOUNTS}/debuilder/ @{exec_path} = /{usr/,}lib/apt/methods/copy profile apt-methods-copy @{exec_path} { diff --git a/apparmor.d/groups/apt/apt-methods-file b/apparmor.d/groups/apt/apt-methods-file index 631765ea..f41b6a35 100644 --- a/apparmor.d/groups/apt/apt-methods-file +++ b/apparmor.d/groups/apt/apt-methods-file @@ -6,7 +6,7 @@ abi , include -@{BUILD_DIR} = /media/debuilder/ +@{BUILD_DIR} = @{MOUNTS}/debuilder/ @{exec_path} = /{usr/,}lib/apt/methods/file profile apt-methods-file @{exec_path} { diff --git a/apparmor.d/groups/apt/apt-methods-ftp b/apparmor.d/groups/apt/apt-methods-ftp index 4f07b69d..47d1b8b3 100644 --- a/apparmor.d/groups/apt/apt-methods-ftp +++ b/apparmor.d/groups/apt/apt-methods-ftp @@ -6,7 +6,7 @@ abi , include -@{BUILD_DIR} = /media/debuilder/ +@{BUILD_DIR} = @{MOUNTS}/debuilder/ @{exec_path} = /{usr/,}lib/apt/methods/ftp profile apt-methods-ftp @{exec_path} { diff --git a/apparmor.d/groups/apt/apt-methods-gpgv b/apparmor.d/groups/apt/apt-methods-gpgv index 959ed45f..9f1d7dfa 100644 --- a/apparmor.d/groups/apt/apt-methods-gpgv +++ b/apparmor.d/groups/apt/apt-methods-gpgv @@ -6,7 +6,7 @@ abi , include -@{BUILD_DIR} = /media/debuilder/ +@{BUILD_DIR} = @{MOUNTS}/debuilder/ @{exec_path} = /{usr/,}lib/apt/methods/gpgv profile apt-methods-gpgv @{exec_path} { diff --git a/apparmor.d/groups/apt/apt-methods-http b/apparmor.d/groups/apt/apt-methods-http index 40d13e1c..c7bb75a5 100644 --- a/apparmor.d/groups/apt/apt-methods-http +++ b/apparmor.d/groups/apt/apt-methods-http @@ -6,7 +6,7 @@ abi , include -@{BUILD_DIR} = /media/debuilder/ +@{BUILD_DIR} = @{MOUNTS}/debuilder/ @{exec_path} = /{usr/,}lib/apt/methods/http{,s} profile apt-methods-http @{exec_path} { diff --git a/apparmor.d/groups/apt/apt-methods-mirror b/apparmor.d/groups/apt/apt-methods-mirror index db32e4a5..ca8164f1 100644 --- a/apparmor.d/groups/apt/apt-methods-mirror +++ b/apparmor.d/groups/apt/apt-methods-mirror @@ -6,7 +6,7 @@ abi , include -@{BUILD_DIR} = /media/debuilder/ +@{BUILD_DIR} = @{MOUNTS}/debuilder/ @{exec_path} = /{usr/,}lib/apt/methods/mirror{,+*} profile apt-methods-mirror @{exec_path} { diff --git a/apparmor.d/groups/apt/apt-methods-rred b/apparmor.d/groups/apt/apt-methods-rred index a0afce39..5b86c56f 100644 --- a/apparmor.d/groups/apt/apt-methods-rred +++ b/apparmor.d/groups/apt/apt-methods-rred @@ -6,7 +6,7 @@ abi , include -@{BUILD_DIR} = /media/debuilder/ +@{BUILD_DIR} = @{MOUNTS}/debuilder/ @{exec_path} = /{usr/,}lib/apt/methods/rred profile apt-methods-rred @{exec_path} { diff --git a/apparmor.d/groups/apt/apt-methods-rsh b/apparmor.d/groups/apt/apt-methods-rsh index d53a7efc..e51b710d 100644 --- a/apparmor.d/groups/apt/apt-methods-rsh +++ b/apparmor.d/groups/apt/apt-methods-rsh @@ -6,7 +6,7 @@ abi , include -@{BUILD_DIR} = /media/debuilder/ +@{BUILD_DIR} = @{MOUNTS}/debuilder/ @{exec_path} = /{usr/,}lib/apt/methods/{r,s}sh profile apt-methods-rsh @{exec_path} { diff --git a/apparmor.d/groups/apt/apt-methods-store b/apparmor.d/groups/apt/apt-methods-store index 0f388970..d05789c6 100644 --- a/apparmor.d/groups/apt/apt-methods-store +++ b/apparmor.d/groups/apt/apt-methods-store @@ -6,7 +6,7 @@ abi , include -@{BUILD_DIR} = /media/debuilder/ +@{BUILD_DIR} = @{MOUNTS}/debuilder/ @{exec_path} = /{usr/,}lib/apt/methods/store profile apt-methods-store @{exec_path} { diff --git a/apparmor.d/groups/apt/apt-show-versions b/apparmor.d/groups/apt/apt-show-versions index 26de8682..40ee7b43 100644 --- a/apparmor.d/groups/apt/apt-show-versions +++ b/apparmor.d/groups/apt/apt-show-versions @@ -6,7 +6,7 @@ abi , include -@{BUILD_DIR} = /media/debuilder/ +@{BUILD_DIR} = @{MOUNTS}/debuilder/ @{exec_path} = /{usr/,}bin/apt-show-versions profile apt-show-versions @{exec_path} { diff --git a/apparmor.d/groups/apt/aptitude b/apparmor.d/groups/apt/aptitude index 1aaeb2b4..18e7be9e 100644 --- a/apparmor.d/groups/apt/aptitude +++ b/apparmor.d/groups/apt/aptitude @@ -6,7 +6,7 @@ abi , include -@{BUILD_DIR} = /media/debuilder/ +@{BUILD_DIR} = @{MOUNTS}/debuilder/ @{exec_path} = /{usr/,}bin/aptitude{,-curses} profile aptitude @{exec_path} flags=(complain) { diff --git a/apparmor.d/groups/apt/dpkg-checkbuilddeps b/apparmor.d/groups/apt/dpkg-checkbuilddeps index 72e14243..aca3b97a 100644 --- a/apparmor.d/groups/apt/dpkg-checkbuilddeps +++ b/apparmor.d/groups/apt/dpkg-checkbuilddeps @@ -6,7 +6,7 @@ abi , include -@{BUILD_DIR} = /media/debuilder/ +@{BUILD_DIR} = @{MOUNTS}/debuilder/ @{exec_path} = /{usr/,}bin/dpkg-checkbuilddeps profile dpkg-checkbuilddeps @{exec_path} flags=(complain) { diff --git a/apparmor.d/groups/apt/dpkg-deb b/apparmor.d/groups/apt/dpkg-deb index bdda5158..8a1cd05e 100644 --- a/apparmor.d/groups/apt/dpkg-deb +++ b/apparmor.d/groups/apt/dpkg-deb @@ -6,7 +6,7 @@ abi , include -@{BUILD_DIR} = /media/debuilder/ +@{BUILD_DIR} = @{MOUNTS}/debuilder/ @{exec_path} = /{usr/,}bin/dpkg-deb profile dpkg-deb @{exec_path} { diff --git a/apparmor.d/groups/apt/dpkg-genbuildinfo b/apparmor.d/groups/apt/dpkg-genbuildinfo index 2478c491..61d221d6 100644 --- a/apparmor.d/groups/apt/dpkg-genbuildinfo +++ b/apparmor.d/groups/apt/dpkg-genbuildinfo @@ -6,7 +6,7 @@ abi , include -@{BUILD_DIR} = /media/debuilder/ +@{BUILD_DIR} = @{MOUNTS}/debuilder/ @{exec_path} = /{usr/,}bin/dpkg-genbuildinfo profile dpkg-genbuildinfo @{exec_path} flags=(complain) { diff --git a/apparmor.d/groups/apt/dpkg-genchanges b/apparmor.d/groups/apt/dpkg-genchanges index c7e045d9..18a0267e 100644 --- a/apparmor.d/groups/apt/dpkg-genchanges +++ b/apparmor.d/groups/apt/dpkg-genchanges @@ -6,7 +6,7 @@ abi , include -@{BUILD_DIR} = /media/debuilder/ +@{BUILD_DIR} = @{MOUNTS}/debuilder/ @{exec_path} = /{usr/,}bin/dpkg-genchanges profile dpkg-genchanges @{exec_path} flags=(complain) { diff --git a/apparmor.d/groups/apt/dpkg-split b/apparmor.d/groups/apt/dpkg-split index a7521e3e..d33b7984 100644 --- a/apparmor.d/groups/apt/dpkg-split +++ b/apparmor.d/groups/apt/dpkg-split @@ -6,7 +6,7 @@ abi , include -@{BUILD_DIR} = /media/debuilder/ +@{BUILD_DIR} = @{MOUNTS}/debuilder/ @{exec_path} = /{usr/,}bin/dpkg-split profile dpkg-split @{exec_path} { diff --git a/apparmor.d/groups/apt/synaptic b/apparmor.d/groups/apt/synaptic index f4b0f6c0..093da5fc 100644 --- a/apparmor.d/groups/apt/synaptic +++ b/apparmor.d/groups/apt/synaptic @@ -4,7 +4,7 @@ abi , -@{BUILD_DIR} = /media/debuilder/ +@{BUILD_DIR} = @{MOUNTS}/debuilder/ include diff --git a/apparmor.d/groups/desktop/obex-folder-listing b/apparmor.d/groups/desktop/obex-folder-listing index 14f25f39..2b3f0761 100644 --- a/apparmor.d/groups/desktop/obex-folder-listing +++ b/apparmor.d/groups/desktop/obex-folder-listing @@ -14,8 +14,8 @@ profile obex-folder-listing @{exec_path} { owner @{HOME}/ r, owner @{HOME}/**/ r, - owner /media/*/ r, - owner /media/*/**/ r, + owner @{MOUNTS}/*/ r, + owner @{MOUNTS}/*/**/ r, include if exists } diff --git a/apparmor.d/groups/gnome/nautilus b/apparmor.d/groups/gnome/nautilus index f0750a6a..eb92eab0 100644 --- a/apparmor.d/groups/gnome/nautilus +++ b/apparmor.d/groups/gnome/nautilus @@ -25,9 +25,8 @@ profile nautilus @{exec_path} flags=(attach_disconnected) { # Full access to user's data / r, owner @{HOME}/{,**} rw, + owner @{MOUNTS}/*/{,**} rw, owner @{run}/user/@{uid}/{,**} rw, - owner /media/*/{,**} rw, - owner /mnt/*/{,**} rw, owner /tmp/{,**} rw, # Silencer for non user's data diff --git a/apparmor.d/groups/gnome/tracker-miner b/apparmor.d/groups/gnome/tracker-miner index 4653a1ea..18e8c335 100644 --- a/apparmor.d/groups/gnome/tracker-miner +++ b/apparmor.d/groups/gnome/tracker-miner @@ -24,7 +24,7 @@ profile tracker-miner @{exec_path} { # Allow to search user files owner @{HOME}/{,**} r, - owner /media/*/{,**} r, + owner @{MOUNTS}/*/{,**} r, owner /tmp/*/{,**} r, owner @{user_share_dirs}/{applications/,mime/mime.cache} r, diff --git a/apparmor.d/groups/gpg/gpg b/apparmor.d/groups/gpg/gpg index d1cd0d87..ab47344b 100644 --- a/apparmor.d/groups/gpg/gpg +++ b/apparmor.d/groups/gpg/gpg @@ -64,8 +64,7 @@ profile gpg @{exec_path} { # Verify files owner @{HOME}/** r, - owner /mnt/*/** r, - owner /media/*/** r, + owner @{MOUNTS}/*/** r, owner @{PROC}/@{pid}/task/@{tid}/stat rw, owner @{PROC}/@{pid}/task/@{tid}/comm rw, diff --git a/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor b/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor index 954d5e69..0eeac44c 100644 --- a/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor @@ -35,8 +35,8 @@ profile gvfs-udisks2-volume-monitor @{exec_path} { /etc/fstab r, # Mount points - /media/*/ r, - /media/*/*/ r, + @{MOUNTS}/*/ r, + @{MOUNTS}/*/*/ r, @{HOME}/*/*/ r, @{HOME}/*/*/**/ r, @{HOME}/bluetooth/ r, diff --git a/apparmor.d/groups/gvfs/gvfsd-archive b/apparmor.d/groups/gvfs/gvfsd-archive index 4b8b3891..e39fe21f 100644 --- a/apparmor.d/groups/gvfs/gvfsd-archive +++ b/apparmor.d/groups/gvfs/gvfsd-archive @@ -16,14 +16,12 @@ profile gvfsd-archive @{exec_path} { @{exec_path} mr, owner @{HOME}/**.{tar,tar.gz,zip} r, - owner /media/**.{TAR,TAR.GZ,ZIP} r, + owner @{MOUNTS}/**.{TAR,TAR.GZ,ZIP} r, owner @{HOME}/**.{tar,tar.gz,zip} r, - owner /mnt/**.{TAR,TAR.GZ,ZIP} r, owner @{HOME}/**.{iso,img,bin,mdf,nrg} r, - owner /media/*/**.{iso,img,bin,mdf,nrg} r, + owner @{MOUNTS}/*/**.{iso,img,bin,mdf,nrg} r, owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} r, - owner /mnt/*/**.{ISO,IMG,BIN,MDF,NRG} r, include if exists } diff --git a/apparmor.d/groups/gvfs/gvfsd-recent b/apparmor.d/groups/gvfs/gvfsd-recent index 0c54a608..6de5e054 100644 --- a/apparmor.d/groups/gvfs/gvfsd-recent +++ b/apparmor.d/groups/gvfs/gvfsd-recent @@ -19,8 +19,7 @@ profile gvfsd-recent @{exec_path} { # Full access to user's data owner @{HOME}/{,**} rw, - owner /media/*/{,**} rw, - owner /mnt/*/{,**} rw, + owner @{MOUNTS}/*/{,**} rw, owner @{HOME}/.zshenv r, owner @{user_config_dirs}/user-dirs.dirs r, diff --git a/apparmor.d/groups/gvfs/gvfsd-trash b/apparmor.d/groups/gvfs/gvfsd-trash index fa207687..87e8e232 100644 --- a/apparmor.d/groups/gvfs/gvfsd-trash +++ b/apparmor.d/groups/gvfs/gvfsd-trash @@ -31,8 +31,7 @@ profile gvfsd-trash @{exec_path} { # Can restore all user files owner @{HOME}/{,**} rw, - owner /media/*/{,**} rw, - owner /mnt/*/{,**} rw, + owner @{MOUNTS}/*/{,**} rw, include if exists } diff --git a/apparmor.d/profiles-a-l/amarok b/apparmor.d/profiles-a-l/amarok index 1d1f6681..e69e8666 100644 --- a/apparmor.d/profiles-a-l/amarok +++ b/apparmor.d/profiles-a-l/amarok @@ -75,8 +75,8 @@ profile amarok @{exec_path} { /home/ r, owner @{HOME}/ r, owner @{HOME}/**/ r, - /media/ r, - owner /media/**/ r, + @{MOUNTS}/ r, + owner @{MOUNTS}/**/ r, owner /{home,media}/**.@{amarok_ext} rw, # Amarok home files diff --git a/apparmor.d/profiles-a-l/appimage-beyond-all-reason b/apparmor.d/profiles-a-l/appimage-beyond-all-reason index 6fb935e3..866eca0b 100644 --- a/apparmor.d/profiles-a-l/appimage-beyond-all-reason +++ b/apparmor.d/profiles-a-l/appimage-beyond-all-reason @@ -125,7 +125,7 @@ profile appimage-beyond-all-reason @{exec_path} { /etc/fuse.conf r, owner @{HOME}/**.AppImage r, - owner /media/*/**.AppImage r, + owner @{MOUNTS}/*/**.AppImage r, @{PROC}/@{pid}/mounts r, diff --git a/apparmor.d/profiles-a-l/badblocks b/apparmor.d/profiles-a-l/badblocks index 6d137d25..9257f82e 100644 --- a/apparmor.d/profiles-a-l/badblocks +++ b/apparmor.d/profiles-a-l/badblocks @@ -19,7 +19,7 @@ profile badblocks @{exec_path} { # A place for a list of already existing known bad blocks @{HOME}/** rwk, - /media/*/** rwk, + @{MOUNTS}/*/** rwk, include if exists } diff --git a/apparmor.d/profiles-a-l/blkid b/apparmor.d/profiles-a-l/blkid index fbdb7f18..5331b9e5 100644 --- a/apparmor.d/profiles-a-l/blkid +++ b/apparmor.d/profiles-a-l/blkid @@ -29,8 +29,7 @@ profile blkid @{exec_path} { # Image files @{HOME}/** r, - /media/*/** r, - /mnt/*/** r, + @{MOUNTS}/*/** r, include if exists } diff --git a/apparmor.d/profiles-a-l/borg b/apparmor.d/profiles-a-l/borg index bc1baf53..a486a30d 100644 --- a/apparmor.d/profiles-a-l/borg +++ b/apparmor.d/profiles-a-l/borg @@ -7,7 +7,7 @@ abi , include -@{BACKUP_DIR} = /media/Arti/backup-* +@{BACKUP_DIR} = @{MOUNTS}/Arti/backup-* @{exec_path} = /{usr/,}bin/borg profile borg @{exec_path} { @@ -38,10 +38,10 @@ profile borg @{exec_path} { /{usr/,}bin/ccache rCx -> ccache, /usr/bin/fusermount{,3} rCx -> fusermount, - mount fstype=fuse -> /media/*/, - mount fstype=fuse -> /media/*/*/, - umount /media/*/, - umount /media/*/*/, + mount fstype=fuse -> @{MOUNTS}/*/, + mount fstype=fuse -> @{MOUNTS}/*/*/, + umount @{MOUNTS}/*/, + umount @{MOUNTS}/*/*/, /dev/fuse rw, @@ -71,8 +71,7 @@ profile borg @{exec_path} { /efi/{,**} r, /etc/{,**} r, /home/{,**} r, - /media/{,**} r, - /mnt/{,**} r, + @{MOUNTS}/{,**} r, /opt/{,**} r, /root/{,**} r, /srv/{,**} r, @@ -107,8 +106,8 @@ profile borg @{exec_path} { /{usr/,}bin/fusermount{,3} mr, - umount /media/*/, - umount /media/*/*/, + umount @{MOUNTS}/*/, + umount @{MOUNTS}/*/*/, } diff --git a/apparmor.d/profiles-a-l/btrfs b/apparmor.d/profiles-a-l/btrfs index 972060ba..bcaa273b 100644 --- a/apparmor.d/profiles-a-l/btrfs +++ b/apparmor.d/profiles-a-l/btrfs @@ -33,18 +33,18 @@ profile btrfs @{exec_path} { /var/lib/btrfs/scrub.status.[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*{,_tmp} rwk, # Saved metadata - /media/*/ r, - /media/*/ext2_saved/ rw, - /media/*/ext2_saved/image rw, - /media/*/*/ r, - /media/*/*/ext2_saved/ rw, - /media/*/*/ext2_saved/image rw, + @{MOUNTS}/*/ r, + @{MOUNTS}/*/ext2_saved/ rw, + @{MOUNTS}/*/ext2_saved/image rw, + @{MOUNTS}/*/*/ r, + @{MOUNTS}/*/*/ext2_saved/ rw, + @{MOUNTS}/*/*/ext2_saved/image rw, # To be able to manage btrfs volumes owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk, - owner /media/*/**.{iso,img,bin,mdf,nrg} rwk, + owner @{MOUNTS}/*/**.{iso,img,bin,mdf,nrg} rwk, owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk, - owner /media/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, + owner @{MOUNTS}/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, include if exists } diff --git a/apparmor.d/profiles-a-l/btrfs-find-root b/apparmor.d/profiles-a-l/btrfs-find-root index 4c6b0a0e..6135885c 100644 --- a/apparmor.d/profiles-a-l/btrfs-find-root +++ b/apparmor.d/profiles-a-l/btrfs-find-root @@ -15,9 +15,9 @@ profile btrfs-find-root @{exec_path} { # A place for file images owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk, - owner /media/*/**.{iso,img,bin,mdf,nrg} rwk, + owner @{MOUNTS}/*/**.{iso,img,bin,mdf,nrg} rwk, owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk, - owner /media/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, + owner @{MOUNTS}/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, include if exists } diff --git a/apparmor.d/profiles-a-l/btrfs-image b/apparmor.d/profiles-a-l/btrfs-image index 376f3229..50061b82 100644 --- a/apparmor.d/profiles-a-l/btrfs-image +++ b/apparmor.d/profiles-a-l/btrfs-image @@ -17,9 +17,9 @@ profile btrfs-image @{exec_path} { # Image files owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk, - owner /media/*/**.{iso,img,bin,mdf,nrg} rwk, + owner @{MOUNTS}/*/**.{iso,img,bin,mdf,nrg} rwk, owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk, - owner /media/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, + owner @{MOUNTS}/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, include if exists } diff --git a/apparmor.d/profiles-a-l/btrfs-map-logical b/apparmor.d/profiles-a-l/btrfs-map-logical index 24c3a286..344f4d02 100644 --- a/apparmor.d/profiles-a-l/btrfs-map-logical +++ b/apparmor.d/profiles-a-l/btrfs-map-logical @@ -15,9 +15,9 @@ profile btrfs-map-logical @{exec_path} { # A place for file images owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk, - owner /media/*/**.{iso,img,bin,mdf,nrg} rwk, + owner @{MOUNTS}/*/**.{iso,img,bin,mdf,nrg} rwk, owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk, - owner /media/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, + owner @{MOUNTS}/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, include if exists } diff --git a/apparmor.d/profiles-a-l/cfdisk b/apparmor.d/profiles-a-l/cfdisk index 21eedf24..45aeb0b7 100644 --- a/apparmor.d/profiles-a-l/cfdisk +++ b/apparmor.d/profiles-a-l/cfdisk @@ -25,13 +25,13 @@ profile cfdisk @{exec_path} { # A place for file images owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk, - owner /media/*/**.{iso,img,bin,mdf,nrg} rwk, + owner @{MOUNTS}/*/**.{iso,img,bin,mdf,nrg} rwk, owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk, - owner /media/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, + owner @{MOUNTS}/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, # A place for backups owner @{HOME}/**.{bak,back} rwk, - owner /media/*/**.{bak,back} rwk, + owner @{MOUNTS}/*/**.{bak,back} rwk, include if exists } diff --git a/apparmor.d/profiles-a-l/cgdisk b/apparmor.d/profiles-a-l/cgdisk index 4472c820..231de791 100644 --- a/apparmor.d/profiles-a-l/cgdisk +++ b/apparmor.d/profiles-a-l/cgdisk @@ -17,13 +17,13 @@ profile cgdisk @{exec_path} { # A place for file images owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk, - owner /media/*/**.{iso,img,bin,mdf,nrg} rwk, + owner @{MOUNTS}/*/**.{iso,img,bin,mdf,nrg} rwk, owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk, - owner /media/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, + owner @{MOUNTS}/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, # A place for backups owner @{HOME}/**.{bak,back} rwk, - owner /media/*/**.{bak,back} rwk, + owner @{MOUNTS}/*/**.{bak,back} rwk, include if exists } diff --git a/apparmor.d/profiles-a-l/changestool b/apparmor.d/profiles-a-l/changestool index 60f03af5..d04f8d43 100644 --- a/apparmor.d/profiles-a-l/changestool +++ b/apparmor.d/profiles-a-l/changestool @@ -6,7 +6,7 @@ abi , include -@{BUILD_DIR} = /media/debuilder/ +@{BUILD_DIR} = @{MOUNTS}/debuilder/ @{exec_path} = /{usr/,}bin/changestool profile changestool @{exec_path} { diff --git a/apparmor.d/profiles-a-l/czkawka-cli b/apparmor.d/profiles-a-l/czkawka-cli index 0fa8b1f7..6a880ab6 100644 --- a/apparmor.d/profiles-a-l/czkawka-cli +++ b/apparmor.d/profiles-a-l/czkawka-cli @@ -14,7 +14,7 @@ profile czkawka-cli @{exec_path} { # Dirs to scan for duplicates #owner @{HOME}/** rw, - owner /media/** rw, + owner @{MOUNTS}/** rw, owner @{user_config_dirs}/czkawka/ rw, owner @{user_config_dirs}/czkawka/** rw, diff --git a/apparmor.d/profiles-a-l/czkawka-gui b/apparmor.d/profiles-a-l/czkawka-gui index 59808b2a..fe89bcb7 100644 --- a/apparmor.d/profiles-a-l/czkawka-gui +++ b/apparmor.d/profiles-a-l/czkawka-gui @@ -20,7 +20,7 @@ profile czkawka-gui @{exec_path} { # Dirs to scan for duplicates #owner @{HOME}/** rw, - owner /media/** rw, + owner @{MOUNTS}/** rw, owner @{user_config_dirs}/czkawka/ rw, owner @{user_config_dirs}/czkawka/** rw, diff --git a/apparmor.d/profiles-a-l/debsign b/apparmor.d/profiles-a-l/debsign index cc0728cf..1d04210e 100644 --- a/apparmor.d/profiles-a-l/debsign +++ b/apparmor.d/profiles-a-l/debsign @@ -6,7 +6,7 @@ abi , include -@{BUILD_DIR} = /media/debuilder/ +@{BUILD_DIR} = @{MOUNTS}/debuilder/ @{exec_path} = /{usr/,}bin/debsign profile debsign @{exec_path} { diff --git a/apparmor.d/profiles-a-l/debtags b/apparmor.d/profiles-a-l/debtags index d600c925..22b63983 100644 --- a/apparmor.d/profiles-a-l/debtags +++ b/apparmor.d/profiles-a-l/debtags @@ -6,7 +6,7 @@ abi , include -@{BUILD_DIR} = /media/debuilder/ +@{BUILD_DIR} = @{MOUNTS}/debuilder/ @{exec_path} = /{usr/,}bin/debtags profile debtags @{exec_path} { diff --git a/apparmor.d/profiles-a-l/dumpe2fs b/apparmor.d/profiles-a-l/dumpe2fs index 4bcc2c9d..88ca8c48 100644 --- a/apparmor.d/profiles-a-l/dumpe2fs +++ b/apparmor.d/profiles-a-l/dumpe2fs @@ -19,7 +19,7 @@ profile dumpe2fs @{exec_path} { # Image files @{HOME}/** r, - /media/*/** r, + @{MOUNTS}/** r, include if exists } diff --git a/apparmor.d/profiles-a-l/e2fsck b/apparmor.d/profiles-a-l/e2fsck index 84e32894..14c1e26f 100644 --- a/apparmor.d/profiles-a-l/e2fsck +++ b/apparmor.d/profiles-a-l/e2fsck @@ -28,9 +28,9 @@ profile e2fsck @{exec_path} { # A place for file images owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk, - owner /media/*/**.{iso,img,bin,mdf,nrg} rwk, + owner @{MOUNTS}/*/**.{iso,img,bin,mdf,nrg} rwk, owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk, - owner /media/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, + owner @{MOUNTS}/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, include if exists } diff --git a/apparmor.d/profiles-a-l/e2image b/apparmor.d/profiles-a-l/e2image index f460416a..b61bf1fd 100644 --- a/apparmor.d/profiles-a-l/e2image +++ b/apparmor.d/profiles-a-l/e2image @@ -19,9 +19,9 @@ profile e2image @{exec_path} { # A place for the metadata image file owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk, - owner /media/*/**.{iso,img,bin,mdf,nrg} rwk, + owner @{MOUNTS}/*/**.{iso,img,bin,mdf,nrg} rwk, owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk, - owner /media/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, + owner @{MOUNTS}/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, include if exists } diff --git a/apparmor.d/profiles-a-l/engrampa b/apparmor.d/profiles-a-l/engrampa index 1a263043..db280b7f 100644 --- a/apparmor.d/profiles-a-l/engrampa +++ b/apparmor.d/profiles-a-l/engrampa @@ -54,8 +54,8 @@ profile engrampa @{exec_path} { /home/ r, #owner @{HOME}/ r, #owner @{HOME}/** rw, - /media/ r, - /media/** rw, + @{MOUNTS}/ r, + @{MOUNTS}/** rw, /tmp/ r, owner /tmp/** rw, diff --git a/apparmor.d/profiles-a-l/execute-dput b/apparmor.d/profiles-a-l/execute-dput index 9bce0357..d9acad82 100644 --- a/apparmor.d/profiles-a-l/execute-dput +++ b/apparmor.d/profiles-a-l/execute-dput @@ -6,7 +6,7 @@ abi , include -@{BUILD_DIR} = /media/debuilder/ +@{BUILD_DIR} = @{MOUNTS}/debuilder/ @{exec_path} = /{usr/,}bin/dput /usr/share/dput/execute-dput profile execute-dput @{exec_path} flags=(complain) { diff --git a/apparmor.d/profiles-a-l/f3read b/apparmor.d/profiles-a-l/f3read index 460269fc..044ba498 100644 --- a/apparmor.d/profiles-a-l/f3read +++ b/apparmor.d/profiles-a-l/f3read @@ -13,13 +13,13 @@ profile f3read @{exec_path} { @{exec_path} mr, # USB drive mount locations - /media/*/ r, - /media/*/*/ r, + @{MOUNTS}/*/ r, + @{MOUNTS}/*/*/ r, /mnt/ r, # To be able to read h2w files - owner /media/*/[0-9]*.h2w r, - owner /media/*/*/[0-9]*.h2w r, + owner @{MOUNTS}/*/[0-9]*.h2w r, + owner @{MOUNTS}/*/*/[0-9]*.h2w r, owner /mnt/[0-9]*.h2w r, include if exists diff --git a/apparmor.d/profiles-a-l/f3write b/apparmor.d/profiles-a-l/f3write index ef03d76a..d053e929 100644 --- a/apparmor.d/profiles-a-l/f3write +++ b/apparmor.d/profiles-a-l/f3write @@ -17,13 +17,13 @@ profile f3write @{exec_path} { @{exec_path} mr, # USB drive mount locations - /media/*/ r, - /media/*/*/ r, + @{MOUNTS}/*/ r, + @{MOUNTS}/*/*/ r, /mnt/ r, # To be able to write h2w files - owner /media/*/[0-9]*.h2w w, - owner /media/*/*/[0-9]*.h2w w, + owner @{MOUNTS}/*/[0-9]*.h2w w, + owner @{MOUNTS}/*/*/[0-9]*.h2w w, owner /mnt/[0-9]*.h2w w, include if exists diff --git a/apparmor.d/profiles-a-l/fdisk b/apparmor.d/profiles-a-l/fdisk index ed753175..5f023da4 100644 --- a/apparmor.d/profiles-a-l/fdisk +++ b/apparmor.d/profiles-a-l/fdisk @@ -27,13 +27,13 @@ profile fdisk @{exec_path} { # For disk images owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk, - owner /media/*/**.{iso,img,bin,mdf,nrg} rwk, + owner @{MOUNTS}/*/**.{iso,img,bin,mdf,nrg} rwk, owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk, - owner /media/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, + owner @{MOUNTS}/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, # For backups owner @{HOME}/**.{bak,back} rwk, - owner /media/*/**.{bak,back} rwk, + owner @{MOUNTS}/*/**.{bak,back} rwk, include if exists } diff --git a/apparmor.d/profiles-a-l/ffmpeg b/apparmor.d/profiles-a-l/ffmpeg index 56cb773f..ebe49ed2 100644 --- a/apparmor.d/profiles-a-l/ffmpeg +++ b/apparmor.d/profiles-a-l/ffmpeg @@ -64,8 +64,8 @@ profile ffmpeg @{exec_path} { /home/ r, owner @{HOME}/ r, owner @{HOME}/**/ r, - /media/ r, - owner /media/**/ r, + @{MOUNTS} r, + owner @{MOUNTS}/**/ r, owner /{home,media}/**.@{ffmpeg_ext}{,.[0-9]*} rw, @{sys}/devices/system/node/ r, diff --git a/apparmor.d/profiles-a-l/ffplay b/apparmor.d/profiles-a-l/ffplay index 516944d1..51b581dd 100644 --- a/apparmor.d/profiles-a-l/ffplay +++ b/apparmor.d/profiles-a-l/ffplay @@ -52,8 +52,8 @@ profile ffplay @{exec_path} { /home/ r, owner @{HOME}/ r, owner @{HOME}/**/ r, - /media/ r, - owner /media/**/ r, + @{MOUNTS}/ r, + owner @{MOUNTS}/**/ r, owner /{home,media}/**.@{ffplay_ext} rw, /etc/machine-id r, diff --git a/apparmor.d/profiles-a-l/ffprobe b/apparmor.d/profiles-a-l/ffprobe index 57cdf58d..fe4fd655 100644 --- a/apparmor.d/profiles-a-l/ffprobe +++ b/apparmor.d/profiles-a-l/ffprobe @@ -50,8 +50,8 @@ profile ffprobe @{exec_path} { /home/ r, owner @{HOME}/ r, owner @{HOME}/**/ r, - /media/ r, - owner /media/**/ r, + @{MOUNTS}/ r, + owner @{MOUNTS}/**/ r, owner /{home,media}/**.@{ffprobe_ext} rw, @{sys}/devices/system/node/ r, diff --git a/apparmor.d/profiles-a-l/fsck b/apparmor.d/profiles-a-l/fsck index b4e6ccd5..c93d7459 100644 --- a/apparmor.d/profiles-a-l/fsck +++ b/apparmor.d/profiles-a-l/fsck @@ -25,7 +25,7 @@ profile fsck @{exec_path} { owner @{run}/fsck/*.lock rwk, # When a mount dir is passed to fsck as an argument. - /media/*/ r, + @{MOUNTS}/*/ r, /boot/ r, /home/ r, diff --git a/apparmor.d/profiles-a-l/fsck-fat b/apparmor.d/profiles-a-l/fsck-fat index 0c905206..46fca294 100644 --- a/apparmor.d/profiles-a-l/fsck-fat +++ b/apparmor.d/profiles-a-l/fsck-fat @@ -16,9 +16,9 @@ profile fsck-fat @{exec_path} { # A place for file images owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk, - owner /media/*/**.{iso,img,bin,mdf,nrg} rwk, + owner @{MOUNTS}/*/**.{iso,img,bin,mdf,nrg} rwk, owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk, - owner /media/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, + owner @{MOUNTS}/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, include if exists } diff --git a/apparmor.d/profiles-a-l/fuseiso b/apparmor.d/profiles-a-l/fuseiso index a56608a2..6b658ee1 100644 --- a/apparmor.d/profiles-a-l/fuseiso +++ b/apparmor.d/profiles-a-l/fuseiso @@ -27,9 +27,9 @@ profile fuseiso @{exec_path} { # Image files to be mounted owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk, - owner /media/*/**.{iso,img,bin,mdf,nrg} rwk, + owner @{MOUNTS}/*/**.{iso,img,bin,mdf,nrg} rwk, owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk, - owner /media/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, + owner @{MOUNTS}/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, owner @{HOME}/.mtab.fuseiso rwk, owner @{HOME}/.mtab.fuseiso.new rw, @@ -60,9 +60,9 @@ profile fuseiso @{exec_path} { # Image files to be mounted owner @{HOME}/**.{iso,img,bin,mdf,nrg} r, - owner /media/*/**.{iso,img,bin,mdf,nrg} r, + owner @{MOUNTS}/*/**.{iso,img,bin,mdf,nrg} r, owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} r, - owner /media/*/**.{ISO,IMG,BIN,MDF,NRG} r, + owner @{MOUNTS}/*/**.{ISO,IMG,BIN,MDF,NRG} r, } diff --git a/apparmor.d/profiles-a-l/fusermount b/apparmor.d/profiles-a-l/fusermount index 186f399f..7871b04b 100644 --- a/apparmor.d/profiles-a-l/fusermount +++ b/apparmor.d/profiles-a-l/fusermount @@ -28,14 +28,14 @@ profile fusermount @{exec_path} { mount fstype={fuse,fuse.*} -> @{HOME}/*/, mount fstype={fuse,fuse.*} -> @{HOME}/*/*/, mount fstype={fuse,fuse.*} -> @{HOME}/.cache/**/, - mount fstype={fuse,fuse.*} -> /media/*/, - mount fstype={fuse,fuse.*} -> /media/*/*/, + mount fstype={fuse,fuse.*} -> @{MOUNTS}/*/, + mount fstype={fuse,fuse.*} -> @{MOUNTS}/*/*/, umount @{HOME}/*/, umount @{HOME}/*/*/, umount @{HOME}/.cache/**/, - umount /media/*/, - umount /media/*/*/, + umount @{MOUNTS}/*/, + umount @{MOUNTS}/*/*/, umount /tmp/.mount_*/, /etc/fuse.conf r, diff --git a/apparmor.d/profiles-a-l/gdisk b/apparmor.d/profiles-a-l/gdisk index ccc89c36..66354c43 100644 --- a/apparmor.d/profiles-a-l/gdisk +++ b/apparmor.d/profiles-a-l/gdisk @@ -24,13 +24,13 @@ profile gdisk @{exec_path} { # For disk images owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk, - owner /media/*/**.{iso,img,bin,mdf,nrg} rwk, + owner @{MOUNTS}/*/**.{iso,img,bin,mdf,nrg} rwk, owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk, - owner /media/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, + owner @{MOUNTS}/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, # For backups owner @{HOME}/**.{bak,back} rwk, - owner /media/*/**.{bak,back} rwk, + owner @{MOUNTS}/*/**.{bak,back} rwk, include if exists } diff --git a/apparmor.d/profiles-a-l/gpartedbin b/apparmor.d/profiles-a-l/gpartedbin index 08c88cef..71970e86 100644 --- a/apparmor.d/profiles-a-l/gpartedbin +++ b/apparmor.d/profiles-a-l/gpartedbin @@ -146,8 +146,8 @@ profile gpartedbin @{exec_path} { mount /dev/sd[a-z][0-9]* -> /tmp/gparted-*/, mount /dev/sd[a-z][0-9]* -> /boot/, - mount /dev/sd[a-z][0-9]* -> /media/*/, - mount /dev/sd[a-z][0-9]* -> /media/*/*/, + mount /dev/sd[a-z][0-9]* -> @{MOUNTS}/*/, + mount /dev/sd[a-z][0-9]* -> @{MOUNTS}/*/*/, @{sys}/devices/pci[0-9]*/**/block/sd[a-z]/ r, @{sys}/devices/pci[0-9]*/**/block/sd[a-z]/dev r, @@ -169,8 +169,8 @@ profile gpartedbin @{exec_path} { umount /tmp/gparted-*/, umount /boot/, - umount /media/*/, - umount /media/*/*/, + umount @{MOUNTS}/*/, + umount @{MOUNTS}/*/*/, owner @{PROC}/@{pid}/mountinfo r, diff --git a/apparmor.d/profiles-a-l/hdparm b/apparmor.d/profiles-a-l/hdparm index 7e3580c3..9ba97bbc 100644 --- a/apparmor.d/profiles-a-l/hdparm +++ b/apparmor.d/profiles-a-l/hdparm @@ -28,7 +28,7 @@ profile hdparm @{exec_path} flags=(complain) { # Image files @{HOME}/** r, - /media/*/** r, + @{MOUNTS}/*/** r, include if exists } diff --git a/apparmor.d/profiles-a-l/hugo b/apparmor.d/profiles-a-l/hugo index 090eed94..d3154097 100644 --- a/apparmor.d/profiles-a-l/hugo +++ b/apparmor.d/profiles-a-l/hugo @@ -6,7 +6,7 @@ abi , include -@{HUGO_DIR} = /media/debuilder/hugo +@{HUGO_DIR} = @{MOUNTS}/debuilder/hugo @{exec_path} = /{usr/,}bin/hugo profile hugo @{exec_path} { diff --git a/apparmor.d/profiles-a-l/hypnotix b/apparmor.d/profiles-a-l/hypnotix index fe5df098..1193100d 100644 --- a/apparmor.d/profiles-a-l/hypnotix +++ b/apparmor.d/profiles-a-l/hypnotix @@ -55,8 +55,8 @@ profile hypnotix @{exec_path} { /home/ r, owner @{HOME}/ r, owner @{HOME}/**/ r, - /media/ r, - owner /media/**/ r, + @{MOUNTS}/ r, + owner @{MOUNTS}/**/ r, owner /{home,media}/**.@{hypnotix_ext} r, # To be able to store settings diff --git a/apparmor.d/profiles-a-l/ioping b/apparmor.d/profiles-a-l/ioping index eb3d33f3..69fac18a 100644 --- a/apparmor.d/profiles-a-l/ioping +++ b/apparmor.d/profiles-a-l/ioping @@ -37,7 +37,7 @@ profile ioping @{exec_path} { /boot/** r, /opt/** r, /var/** r, - /media/** r, + @{MOUNTS}/** r, /tmp/** r, /home/** r, diff --git a/apparmor.d/profiles-a-l/keepassxc-proxy b/apparmor.d/profiles-a-l/keepassxc-proxy index e91c62ac..2ea5b7bc 100644 --- a/apparmor.d/profiles-a-l/keepassxc-proxy +++ b/apparmor.d/profiles-a-l/keepassxc-proxy @@ -30,7 +30,7 @@ profile keepassxc-proxy @{exec_path} { # deny owner @{HOME}/.mozilla/** rw, deny owner @{user_cache_dirs}/mozilla/** rw, - deny owner /media/*/.mozilla/** rw, + deny owner @{MOUNTS}/*/.mozilla/** rw, deny owner /tmp/firefox*/.parentlock rw, deny owner /tmp/tmp-*.xpi rw, deny owner /tmp/tmpaddon r, diff --git a/apparmor.d/profiles-a-l/kmod b/apparmor.d/profiles-a-l/kmod index f28fb05b..7592542c 100644 --- a/apparmor.d/profiles-a-l/kmod +++ b/apparmor.d/profiles-a-l/kmod @@ -7,7 +7,7 @@ abi , include -@{BUILD_DIR} = /media/debuilder/ +@{BUILD_DIR} = @{MOUNTS}/debuilder/ @{exec_path} = /{usr/,}bin/{kmod,lsmod} @{exec_path} += /{usr/,}{s,}bin/{depmod,insmod,lsmod,rmmod,modinfo,modprobe} diff --git a/apparmor.d/profiles-m-z/mediainfo b/apparmor.d/profiles-m-z/mediainfo index c55a8a3c..4a5d637e 100644 --- a/apparmor.d/profiles-m-z/mediainfo +++ b/apparmor.d/profiles-m-z/mediainfo @@ -43,8 +43,8 @@ profile mediainfo @{exec_path} { /home/ r, owner @{HOME}/ r, owner @{HOME}/**/ r, - /media/ r, - owner /media/**/ r, + @{MOUNTS}/ r, + owner @{MOUNTS}/**/ r, owner /{home,media}/**.@{mediainfo_ext} r, include if exists diff --git a/apparmor.d/profiles-m-z/mediainfo-gui b/apparmor.d/profiles-m-z/mediainfo-gui index c9ab972d..8a557ec9 100644 --- a/apparmor.d/profiles-m-z/mediainfo-gui +++ b/apparmor.d/profiles-m-z/mediainfo-gui @@ -50,8 +50,8 @@ profile mediainfo-gui @{exec_path} { /home/ r, owner @{HOME}/ r, owner @{HOME}/**/ r, - /media/ r, - owner /media/**/ r, + @{MOUNTS}/ r, + owner @{MOUNTS}/**/ r, owner /{home,media}/**.@{mediainfo_ext} r, /usr/share/glib-2.0/schemas/gschemas.compiled r, diff --git a/apparmor.d/profiles-m-z/megasync b/apparmor.d/profiles-m-z/megasync index bcb26286..401527eb 100644 --- a/apparmor.d/profiles-m-z/megasync +++ b/apparmor.d/profiles-m-z/megasync @@ -6,7 +6,7 @@ abi , include -@{SYNC_FOLDER}=/media/*/cloud_storage +@{SYNC_FOLDER}=@{MOUNTS}/*/cloud_storage @{exec_path} = /{usr/,}bin/megasync profile megasync @{exec_path} { @@ -57,8 +57,8 @@ profile megasync @{exec_path} { # Sync folder #/ r, - #/media/ r, - #/media/*/ r, + #@{MOUNTS}/ r, + #@{MOUNTS}/*/ r, owner @{SYNC_FOLDER}/ r, owner @{SYNC_FOLDER}/** rwl -> @{SYNC_FOLDER}/**, diff --git a/apparmor.d/profiles-m-z/mke2fs b/apparmor.d/profiles-m-z/mke2fs index a13f1d00..411f97ce 100644 --- a/apparmor.d/profiles-m-z/mke2fs +++ b/apparmor.d/profiles-m-z/mke2fs @@ -28,9 +28,9 @@ profile mke2fs @{exec_path} { # A place for file images owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk, - owner /media/*/**.{iso,img,bin,mdf,nrg} rwk, + owner @{MOUNTS}/*/**.{iso,img,bin,mdf,nrg} rwk, owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk, - owner /media/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, + owner @{MOUNTS}/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, # For virt-resize owner /var/tmp/.guestfs-[0-9]*/** rwk, diff --git a/apparmor.d/profiles-m-z/mkfs-btrfs b/apparmor.d/profiles-m-z/mkfs-btrfs index e0d21cf2..4675072b 100644 --- a/apparmor.d/profiles-m-z/mkfs-btrfs +++ b/apparmor.d/profiles-m-z/mkfs-btrfs @@ -22,9 +22,9 @@ profile mkfs-btrfs @{exec_path} { # A place for file images owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk, - owner /media/*/**.{iso,img,bin,mdf,nrg} rwk, + owner @{MOUNTS}/*/**.{iso,img,bin,mdf,nrg} rwk, owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk, - owner /media/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, + owner @{MOUNTS}/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, include if exists } diff --git a/apparmor.d/profiles-m-z/mkfs-fat b/apparmor.d/profiles-m-z/mkfs-fat index 39761c7a..8e946c9e 100644 --- a/apparmor.d/profiles-m-z/mkfs-fat +++ b/apparmor.d/profiles-m-z/mkfs-fat @@ -18,9 +18,9 @@ profile mkfs-fat @{exec_path} { # A place for file images owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk, - owner /media/*/**.{iso,img,bin,mdf,nrg} rwk, + owner @{MOUNTS}/*/**.{iso,img,bin,mdf,nrg} rwk, owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk, - owner /media/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, + owner @{MOUNTS}/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, include if exists } diff --git a/apparmor.d/profiles-m-z/mkvmerge b/apparmor.d/profiles-m-z/mkvmerge index b3c4a631..a45c658b 100644 --- a/apparmor.d/profiles-m-z/mkvmerge +++ b/apparmor.d/profiles-m-z/mkvmerge @@ -52,8 +52,8 @@ profile mkvmerge @{exec_path} { /home/ r, owner @{HOME}/ r, owner @{HOME}/**/ r, - /media/ r, - owner /media/**/ r, + @{MOUNTS}/ r, + owner @{MOUNTS}/**/ r, owner /{home,media}/**.@{mkvmerge_ext} rw, owner /tmp/MKVToolNix-process-*.json r, diff --git a/apparmor.d/profiles-m-z/mkvtoolnix-gui b/apparmor.d/profiles-m-z/mkvtoolnix-gui index dad51480..0cfd3ca8 100644 --- a/apparmor.d/profiles-m-z/mkvtoolnix-gui +++ b/apparmor.d/profiles-m-z/mkvtoolnix-gui @@ -67,8 +67,8 @@ profile mkvtoolnix-gui @{exec_path} { /home/ r, owner @{HOME}/ r, owner @{HOME}/**/ r, - /media/ r, - owner /media/**/ r, + @{MOUNTS}/ r, + owner @{MOUNTS}/**/ r, owner /{home,media}/**.@{mkvtoolnix_ext} rw, owner @{user_config_dirs}/bunkus.org/ rw, diff --git a/apparmor.d/profiles-m-z/mount b/apparmor.d/profiles-m-z/mount index ff77618c..5802963d 100644 --- a/apparmor.d/profiles-m-z/mount +++ b/apparmor.d/profiles-m-z/mount @@ -41,17 +41,15 @@ profile mount @{exec_path} flags=(complain) { /{usr/,}{s,}bin/mount.* rPx, # Mount points - /media/*/ r, - /media/*/*/ r, - /mnt/ r, - /mnt/*/ r, + @{MOUNTS}/*/ r, + @{MOUNTS}/*/*/ r, /media/cdrom[0-9]/ r, # Mount iso/img files owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk, - owner /media/*/**.{iso,img,bin,mdf,nrg} rwk, + owner @{MOUNTS}/*/**.{iso,img,bin,mdf,nrg} rwk, owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk, - owner /media/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, + owner @{MOUNTS}/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, # The special /dev/loop-control file can be used to create and destroy loop devices or to find # the first available loop device. diff --git a/apparmor.d/profiles-m-z/mount-cifs b/apparmor.d/profiles-m-z/mount-cifs index 58031467..0b175445 100644 --- a/apparmor.d/profiles-m-z/mount-cifs +++ b/apparmor.d/profiles-m-z/mount-cifs @@ -30,19 +30,17 @@ profile mount-cifs @{exec_path} flags=(complain) { owner @{HOME}/.smbcredentials r, # Mount points - /media/*/ r, - /media/*/*/ r, - /mnt/ r, - /mnt/*/ r, + @{MOUNTS}/*/ r, + @{MOUNTS}/*/*/ r, # Allow to mount smb/cifs disks only under the /media/ dirs - mount fstype=cifs -> /media/*/, - mount fstype=cifs -> /media/*/*/, + mount fstype=cifs -> @{MOUNTS}/*/, + mount fstype=cifs -> @{MOUNTS}/*/*/, mount fstype=cifs -> /mnt/, mount fstype=cifs -> /mnt/*/, - umount /media/*/, - umount /media/*/*/, + umount @{MOUNTS}/*/, + umount @{MOUNTS}/*/*/, umount /mnt/, umount /mnt/*/, diff --git a/apparmor.d/profiles-m-z/mount-nfs b/apparmor.d/profiles-m-z/mount-nfs index 0b09e453..d3fe0c9e 100644 --- a/apparmor.d/profiles-m-z/mount-nfs +++ b/apparmor.d/profiles-m-z/mount-nfs @@ -45,19 +45,18 @@ profile mount-nfs @{exec_path} flags=(complain) { owner @{run}/rpc.statd.lock wk, # Mount points - /media/*/ r, - /media/*/*/ r, - /mnt/ r, - /mnt/*/ r, + @{MOUNTS}/*/ r, + @{MOUNTS}/*/*/ r, + # Allow to mount smb/cifs disks only under the /media/ dirs - mount fstype=nfs -> /media/*/, - mount fstype=nfs -> /media/*/*/, + mount fstype=nfs -> @{MOUNTS}/*/, + mount fstype=nfs -> @{MOUNTS}/*/*/, mount fstype=nfs -> /mnt/, mount fstype=nfs -> /mnt/*/, - umount /media/*/, - umount /media/*/*/, + umount @{MOUNTS}/*/, + umount @{MOUNTS}/*/*/, umount /mnt/, umount /mnt/*/, diff --git a/apparmor.d/profiles-m-z/mpv b/apparmor.d/profiles-m-z/mpv index 6e22dd43..df32c1b4 100644 --- a/apparmor.d/profiles-m-z/mpv +++ b/apparmor.d/profiles-m-z/mpv @@ -92,8 +92,8 @@ profile mpv @{exec_path} { /home/ r, owner @{HOME}/ r, owner @{HOME}/**/ r, - /media/ r, - owner /media/**/ r, + @{MOUNTS}/ r, + owner @{MOUNTS}/**/ r, /tmp/ r, owner /tmp/mpsyt-input* rw, owner /tmp/mpsyt-mpv*.sock rw, diff --git a/apparmor.d/profiles-m-z/mtools b/apparmor.d/profiles-m-z/mtools index c2c12483..f68fa31f 100644 --- a/apparmor.d/profiles-m-z/mtools +++ b/apparmor.d/profiles-m-z/mtools @@ -25,9 +25,9 @@ profile mtools @{exec_path} { # A place for file images owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk, - owner /media/*/**.{iso,img,bin,mdf,nrg} rwk, + owner @{MOUNTS}/*/**.{iso,img,bin,mdf,nrg} rwk, owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk, - owner /media/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, + owner @{MOUNTS}/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, include if exists } diff --git a/apparmor.d/profiles-m-z/nemo b/apparmor.d/profiles-m-z/nemo index 46539a11..2042f84b 100644 --- a/apparmor.d/profiles-m-z/nemo +++ b/apparmor.d/profiles-m-z/nemo @@ -56,12 +56,9 @@ profile nemo @{exec_path} { /lost+found/ r, /lost+found/** r, owner /lost+found/** rw, - /media/ r, - /media/** r, - owner /media/** rw, - /mnt/ r, - /mnt/** r, - owner /mnt/** rw, + @{MOUNTS}/ r, + @{MOUNTS}/** r, + owner @{MOUNTS}/** rw, /opt/ r, /opt/** r, owner /opt/** rw, diff --git a/apparmor.d/profiles-m-z/ntfs-3g b/apparmor.d/profiles-m-z/ntfs-3g index b5e18d5a..cfedadcf 100644 --- a/apparmor.d/profiles-m-z/ntfs-3g +++ b/apparmor.d/profiles-m-z/ntfs-3g @@ -32,20 +32,19 @@ profile ntfs-3g @{exec_path} { /dev/fuse rw, # Mount points - /media/*/ r, - /media/*/*/ r, - /mnt/ r, - /mnt/*/ r, + @{MOUNTS}/*/ r, + @{MOUNTS}/*/*/ r, + # Allow to mount ntfs disks only under the /media/ and /mnt/ dirs - mount fstype=fuseblk /dev/sd[a-z][0-9]* -> /media/*/, - mount fstype=fuseblk /dev/sd[a-z][0-9]* -> /media/*/*/, + mount fstype=fuseblk /dev/sd[a-z][0-9]* -> @{MOUNTS}/*/, + mount fstype=fuseblk /dev/sd[a-z][0-9]* -> @{MOUNTS}/*/*/, mount fstype=fuseblk /dev/sd[a-z][0-9]* -> /mnt/, mount fstype=fuseblk /dev/sd[a-z][0-9]* -> /mnt/*/, # Allow to mount encrypted partition - mount fstype=fuseblk /dev/dm-[0-9]* -> /media/*/, - mount fstype=fuseblk /dev/dm-[0-9]* -> /media/*/*/, + mount fstype=fuseblk /dev/dm-[0-9]* -> @{MOUNTS}/*/, + mount fstype=fuseblk /dev/dm-[0-9]* -> @{MOUNTS}/*/*/, mount fstype=fuseblk /dev/dm-[0-9]* -> /mnt/, mount fstype=fuseblk /dev/dm-[0-9]* -> /mnt/*/, diff --git a/apparmor.d/profiles-m-z/ntfsclone b/apparmor.d/profiles-m-z/ntfsclone index f7004bd2..29c1e070 100644 --- a/apparmor.d/profiles-m-z/ntfsclone +++ b/apparmor.d/profiles-m-z/ntfsclone @@ -19,7 +19,7 @@ profile ntfsclone @{exec_path} { # A place for backups @{HOME}/** rwk, - /media/*/** rwk, + @{MOUNTS}/*/** rwk, include if exists } diff --git a/apparmor.d/profiles-m-z/parted b/apparmor.d/profiles-m-z/parted index b28dc00b..40209d49 100644 --- a/apparmor.d/profiles-m-z/parted +++ b/apparmor.d/profiles-m-z/parted @@ -44,9 +44,9 @@ profile parted @{exec_path} { # Image files owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk, - owner /media/*/**.{iso,img,bin,mdf,nrg} rwk, + owner @{MOUNTS}/*/**.{iso,img,bin,mdf,nrg} rwk, owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk, - owner /media/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, + owner @{MOUNTS}/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, profile udevadm { @@ -70,9 +70,9 @@ profile parted @{exec_path} { # file_inherit include # lots of files in this abstraction get inherited owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk, - owner /media/*/**.{iso,img,bin,mdf,nrg} rwk, + owner @{MOUNTS}/*/**.{iso,img,bin,mdf,nrg} rwk, owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk, - owner /media/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, + owner @{MOUNTS}/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, } diff --git a/apparmor.d/profiles-m-z/qbittorrent b/apparmor.d/profiles-m-z/qbittorrent index 37279960..5cadf1db 100644 --- a/apparmor.d/profiles-m-z/qbittorrent +++ b/apparmor.d/profiles-m-z/qbittorrent @@ -6,7 +6,7 @@ abi , include -@{TORRENT_DIR} = /media/*/torrent +@{TORRENT_DIR} = @{MOUNTS}/*/torrent @{exec_path} = /{usr/,}bin/qbittorrent profile qbittorrent @{exec_path} { @@ -58,8 +58,8 @@ profile qbittorrent @{exec_path} { /usr/share/qt5ct/** r, # Torrent files - /media/ r, - owner /media/*/ r, + @{MOUNTS}/ r, + owner @{MOUNTS}/*/ r, owner @{TORRENT_DIR}/ r, owner @{TORRENT_DIR}/** rw, @@ -140,7 +140,7 @@ profile qbittorrent @{exec_path} { owner /tmp/tmp* rw, # file_inherit - owner /media/*/torrent/** r, + owner @{MOUNTS}/*/torrent/** r, deny /dev/dri/card[0-9]* rw, } @@ -172,9 +172,9 @@ profile qbittorrent @{exec_path} { /{usr/,}lib/firefox/firefox rPx, # file_inherit - owner /media/*/torrent/** r, - owner /media/*/torrent/**.[0-9a-f]*.parts rw, - owner "/media/*/torrent/**.!qB" rw, + owner @{MOUNTS}/*/torrent/** r, + owner @{MOUNTS}/*/torrent/**.[0-9a-f]*.parts rw, + owner "@{MOUNTS}/*/torrent/**.!qB" rw, owner @{HOME}/.xsession-errors w, diff --git a/apparmor.d/profiles-m-z/qbittorrent-nox b/apparmor.d/profiles-m-z/qbittorrent-nox index 8d1149b5..7a9ca855 100644 --- a/apparmor.d/profiles-m-z/qbittorrent-nox +++ b/apparmor.d/profiles-m-z/qbittorrent-nox @@ -6,7 +6,7 @@ abi , include -@{TORRENT_DIR} = /media/*/torrent +@{TORRENT_DIR} = @{MOUNTS}/*/torrent @{exec_path} = /{usr/,}bin/qbittorrent-nox profile qbittorrent-nox @{exec_path} { @@ -37,8 +37,8 @@ profile qbittorrent-nox @{exec_path} { owner @{user_cache_dirs}/qBittorrent/{,**} rw, # Torrent files - /media/ r, - owner /media/*/ r, + @{MOUNTS}/ r, + owner @{MOUNTS}/*/ r, owner @{TORRENT_DIR}/ r, owner @{TORRENT_DIR}/** rw, diff --git a/apparmor.d/profiles-m-z/qnapi b/apparmor.d/profiles-m-z/qnapi index 665b236a..ae33d67d 100644 --- a/apparmor.d/profiles-m-z/qnapi +++ b/apparmor.d/profiles-m-z/qnapi @@ -73,12 +73,12 @@ profile qnapi @{exec_path} { /{usr/,}bin/xdg-open rCx -> open, # Movie dirs - /media/ r, - owner /media/*/ r, - owner /media/*/** r, - owner /media/*/**#[0-9]*[0-9] rw, - owner /media/*/**.@{qnapi_vid_ext} r, - owner /media/*/**.@{qnapi_txt_ext} rwl -> /media/*/**/#[0-9]*[0-9], + @{MOUNTS}/ r, + owner @{MOUNTS}/*/ r, + owner @{MOUNTS}/*/** r, + owner @{MOUNTS}/*/**#[0-9]*[0-9] rw, + owner @{MOUNTS}/*/**.@{qnapi_vid_ext} r, + owner @{MOUNTS}/*/**.@{qnapi_txt_ext} rwl -> @{MOUNTS}/*/**/#[0-9]*[0-9], owner @{HOME}/ r, owner @{user_config_dirs}/qnapi.ini rw, diff --git a/apparmor.d/profiles-m-z/qpdfview b/apparmor.d/profiles-m-z/qpdfview index dff36917..14c4d1c8 100644 --- a/apparmor.d/profiles-m-z/qpdfview +++ b/apparmor.d/profiles-m-z/qpdfview @@ -43,8 +43,8 @@ profile qpdfview @{exec_path} { /home/ r, owner @{HOME}/ r, owner @{HOME}/**/ r, - /media/ r, - owner /media/**/ r, + @{MOUNTS}/ r, + owner @{MOUNTS}/**/ r, /tmp/ r, /tmp/mozilla_*/ r, owner /{home,media,tmp,tmp/mozilla_*}/**.@{qpdfview_ext} rw, diff --git a/apparmor.d/profiles-m-z/qtox b/apparmor.d/profiles-m-z/qtox index 1890eb7c..0fa502bb 100644 --- a/apparmor.d/profiles-m-z/qtox +++ b/apparmor.d/profiles-m-z/qtox @@ -35,7 +35,7 @@ profile qtox @{exec_path} { # For importing old profile owner @{HOME}/**.tox r, - owner /media/*/**.tox r, + owner @{MOUNTS}/*/**.tox r, owner @{HOME}/ r, owner @{user_cache_dirs}/qTox/ rw, diff --git a/apparmor.d/profiles-m-z/repo b/apparmor.d/profiles-m-z/repo index 5292b635..3488274b 100644 --- a/apparmor.d/profiles-m-z/repo +++ b/apparmor.d/profiles-m-z/repo @@ -6,7 +6,7 @@ abi , include -@{ANDROID_SOURCE_DIR} = /media/Android/ +@{ANDROID_SOURCE_DIR} = @{MOUNTS}/Android/ @{exec_path} = /{usr/,}bin/repo profile repo @{exec_path} { diff --git a/apparmor.d/profiles-m-z/reprepro b/apparmor.d/profiles-m-z/reprepro index 9d5ec0bf..70755244 100644 --- a/apparmor.d/profiles-m-z/reprepro +++ b/apparmor.d/profiles-m-z/reprepro @@ -6,8 +6,8 @@ abi , include -@{REPO_DIR} = /media/debuilder/repo -@{BUILD_DIR} = /media/debuilder/ +@{REPO_DIR} = @{MOUNTS}/debuilder/repo +@{BUILD_DIR} = @{MOUNTS}/debuilder/ @{exec_path} = /{usr/,}bin/reprepro profile reprepro @{exec_path} { diff --git a/apparmor.d/profiles-m-z/resize2fs b/apparmor.d/profiles-m-z/resize2fs index f273e1df..6d0e0592 100644 --- a/apparmor.d/profiles-m-z/resize2fs +++ b/apparmor.d/profiles-m-z/resize2fs @@ -19,9 +19,9 @@ profile resize2fs @{exec_path} { # A place for file images owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk, - owner /media/*/**.{iso,img,bin,mdf,nrg} rwk, + owner @{MOUNTS}/*/**.{iso,img,bin,mdf,nrg} rwk, owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk, - owner /media/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, + owner @{MOUNTS}/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, include if exists } diff --git a/apparmor.d/profiles-m-z/sfdisk b/apparmor.d/profiles-m-z/sfdisk index 2d637013..60224b6c 100644 --- a/apparmor.d/profiles-m-z/sfdisk +++ b/apparmor.d/profiles-m-z/sfdisk @@ -24,13 +24,13 @@ profile sfdisk @{exec_path} { # For disk images owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk, - owner /media/*/**.{iso,img,bin,mdf,nrg} rwk, + owner @{MOUNTS}/*/**.{iso,img,bin,mdf,nrg} rwk, owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk, - owner /media/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, + owner @{MOUNTS}/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, # For backups owner @{HOME}/**.{bak,back} rwk, - owner /media/*/**.{bak,back} rwk, + owner @{MOUNTS}/*/**.{bak,back} rwk, include if exists } diff --git a/apparmor.d/profiles-m-z/sgdisk b/apparmor.d/profiles-m-z/sgdisk index 77f32da7..f9241e8b 100644 --- a/apparmor.d/profiles-m-z/sgdisk +++ b/apparmor.d/profiles-m-z/sgdisk @@ -24,13 +24,13 @@ profile sgdisk @{exec_path} { # For disk images owner @{HOME}/**.{iso,img,bin,mdf,nrg} rwk, - owner /media/*/**.{iso,img,bin,mdf,nrg} rwk, + owner @{MOUNTS}/*/**.{iso,img,bin,mdf,nrg} rwk, owner @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} rwk, - owner /media/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, + owner @{MOUNTS}/*/**.{ISO,IMG,BIN,MDF,NRG} rwk, # For backups owner @{HOME}/**.{bak,back} rwk, - owner /media/*/**.{bak,back} rwk, + owner @{MOUNTS}/*/**.{bak,back} rwk, include if exists } diff --git a/apparmor.d/profiles-m-z/smplayer b/apparmor.d/profiles-m-z/smplayer index 01db27d9..469106cc 100644 --- a/apparmor.d/profiles-m-z/smplayer +++ b/apparmor.d/profiles-m-z/smplayer @@ -91,8 +91,8 @@ profile smplayer @{exec_path} { /home/ r, owner @{HOME}/ r, owner @{HOME}/**/ r, - /media/ r, - owner /media/**/ r, + @{MOUNTS}/ r, + owner @{MOUNTS}/**/ r, /tmp/ r, owner /tmp/mozilla_*/ r, owner /{home,media,tmp/mozilla_*}/**.@{smplayer_ext} rw, diff --git a/apparmor.d/profiles-m-z/spacefm b/apparmor.d/profiles-m-z/spacefm index e69caeb5..fce6f6f6 100644 --- a/apparmor.d/profiles-m-z/spacefm +++ b/apparmor.d/profiles-m-z/spacefm @@ -68,12 +68,9 @@ profile spacefm @{exec_path} { /lost+found/ r, /lost+found/** r, owner /lost+found/** rw, - /media/ r, - /media/** r, - owner /media/** rw, - /mnt/ r, - /mnt/** r, - owner /mnt/** rw, + @{MOUNTS}/ r, + @{MOUNTS}/** r, + owner @{MOUNTS}/** rw, /opt/ r, /opt/** r, owner /opt/** rw, diff --git a/apparmor.d/profiles-m-z/strawberry b/apparmor.d/profiles-m-z/strawberry index af72a2fe..f9a96bf7 100644 --- a/apparmor.d/profiles-m-z/strawberry +++ b/apparmor.d/profiles-m-z/strawberry @@ -6,7 +6,7 @@ abi , include -@{MEDIA_LIB} = /media/*/mp3/ +@{MEDIA_LIB} = @{MOUNTS}/*/mp3/ @{exec_path} = /{usr/,}bin/strawberry profile strawberry @{exec_path} { @@ -48,8 +48,8 @@ profile strawberry @{exec_path} { # Media library / r, - /media/ r, - owner /media/*/ r, + @{MOUNTS}/ r, + owner @{MOUNTS}/*/ r, owner @{MEDIA_LIB}/ r, owner @{MEDIA_LIB}/** rw, diff --git a/apparmor.d/profiles-m-z/strawberry-tagreader b/apparmor.d/profiles-m-z/strawberry-tagreader index 224b8d88..fc230f00 100644 --- a/apparmor.d/profiles-m-z/strawberry-tagreader +++ b/apparmor.d/profiles-m-z/strawberry-tagreader @@ -6,7 +6,7 @@ abi , include -@{MEDIA_LIB} = /media/*/mp3/ +@{MEDIA_LIB} = @{MOUNTS}/*/mp3/ @{exec_path} = /{usr/,}bin/strawberry-tagreader profile strawberry-tagreader @{exec_path} { diff --git a/apparmor.d/profiles-m-z/suid3num b/apparmor.d/profiles-m-z/suid3num index b8a00bf4..9214d2c8 100644 --- a/apparmor.d/profiles-m-z/suid3num +++ b/apparmor.d/profiles-m-z/suid3num @@ -28,8 +28,8 @@ profile suid3num @{exec_path} { / r, /**/ r, - deny /media/ r, - deny /media/**/ r, + deny @{MOUNTS}/ r, + deny @{MOUNTS}/**/ r, include if exists } diff --git a/apparmor.d/profiles-m-z/syncthing b/apparmor.d/profiles-m-z/syncthing index e6e26d10..b3e6f05f 100644 --- a/apparmor.d/profiles-m-z/syncthing +++ b/apparmor.d/profiles-m-z/syncthing @@ -7,7 +7,7 @@ abi , include @{SYNC_DIR} = @{HOME}/Sync/ -@{SYNC_DIR} += /media/*/syncthing/ +@{SYNC_DIR} += @{MOUNTS}/*/syncthing/ @{exec_path} = /{usr/,}bin/syncthing profile syncthing @{exec_path} { diff --git a/apparmor.d/profiles-m-z/tune2fs b/apparmor.d/profiles-m-z/tune2fs index aac84e91..176d34ad 100644 --- a/apparmor.d/profiles-m-z/tune2fs +++ b/apparmor.d/profiles-m-z/tune2fs @@ -24,7 +24,7 @@ profile tune2fs @{exec_path} { # Image files @{HOME}/** rw, - /media/*/** rw, + @{MOUNTS}/*/** rw, include if exists } diff --git a/apparmor.d/profiles-m-z/udisksd b/apparmor.d/profiles-m-z/udisksd index 986ec271..14443c73 100644 --- a/apparmor.d/profiles-m-z/udisksd +++ b/apparmor.d/profiles-m-z/udisksd @@ -47,25 +47,26 @@ profile udisksd @{exec_path} flags=(attach_disconnected) { /{usr/,}bin/systemd-escape rCx -> systemd-escape, # Allow mounting of removable devices - mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/sd[a-z] -> /{media,mnt}/*/*/, - mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/sd[a-z][0-9]* -> /{media,mnt}/*/*/, + mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/sd[a-z] -> @{MOUNTS}/*/*/, + mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/sd[a-z][0-9]* -> @{MOUNTS}/*/*/, + mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/dm-[0-9]* -> @{MOUNTS}/*/*/, # Allow mounting of loop devices (ISO files) - mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/loop[0-9]* -> /{media,mnt}/*/*/, - mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/loop[0-9]*p[0-9]* -> /{media,mnt}/*/*/, + mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/loop[0-9]* -> @{MOUNTS}/*/*/, + mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/loop[0-9]*p[0-9]* -> @{MOUNTS}/*/*/, # Allow mounting of cdrom mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/loop[0-9]* -> /media/cdrom[0-9]/, mount fstype={iso9660,udf} /dev/sr[0-9]* -> /media/cdrom[0-9]/, # Allow mounting od sd cards - mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/mmcblk[0-9] -> /{media,mnt}/*/*/, - mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/mmcblk[0-9]*p[0-9]* -> /{media,mnt}/*/*/, + mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/mmcblk[0-9] -> @{MOUNTS}/*/*/, + mount fstype={btrfs,ext*,vfat,iso9660,udf} /dev/mmcblk[0-9]*p[0-9]* -> @{MOUNTS}/*/*/, # Allow unmounting - umount /{media,mnt}/*/, - umount /{media,mnt}/*/*/, + umount @{MOUNTS}/*/, + umount @{MOUNTS}/*/*/, umount /media/cdrom[0-9]/, # Be able to create/delete dirs for removable media - /{media,mnt}/*/ rw, - /{media,mnt}/*/*/ rw, + @{MOUNTS}/*/ rw, + @{MOUNTS}/*/*/ rw, /media/cdrom[0-9]/ rw, # Udisks2 config files diff --git a/apparmor.d/profiles-m-z/umount b/apparmor.d/profiles-m-z/umount index fa9d25ac..4f716e60 100644 --- a/apparmor.d/profiles-m-z/umount +++ b/apparmor.d/profiles-m-z/umount @@ -38,10 +38,9 @@ profile umount @{exec_path} flags=(complain) { @{HOME}/ r, @{HOME}/*/ r, @{HOME}/*/*/ r, - /media/*/ r, - /media/*/*/ r, - /mnt/ r, - /mnt/*/ r, + @{MOUNTS}/*/ r, + @{MOUNTS}/*/*/ r, + /media/cdrom[0-9]/ r, /etc/mtab r, @@ -52,8 +51,8 @@ profile umount @{exec_path} flags=(complain) { @{sys}/devices/virtual/block/dm-[0-9]*/dm/name r, owner @{run}/mount/ rw, - owner @{run}/mount/utab{,.*} rw, owner @{run}/mount/utab.lock wk, + @{run}/mount/utab{,.*} rw, include if exists } diff --git a/apparmor.d/profiles-m-z/uscan b/apparmor.d/profiles-m-z/uscan index cff02812..8c389766 100644 --- a/apparmor.d/profiles-m-z/uscan +++ b/apparmor.d/profiles-m-z/uscan @@ -6,7 +6,7 @@ abi , include -@{BUILD_DIR} = /media/debuilder/ +@{BUILD_DIR} = @{MOUNTS}/debuilder/ @{exec_path} = /{usr/,}bin/uscan profile uscan @{exec_path} { diff --git a/apparmor.d/profiles-m-z/uupdate b/apparmor.d/profiles-m-z/uupdate index eb30b4ff..dce3dce3 100644 --- a/apparmor.d/profiles-m-z/uupdate +++ b/apparmor.d/profiles-m-z/uupdate @@ -6,7 +6,7 @@ abi , include -@{BUILD_DIR} = /media/debuilder/ +@{BUILD_DIR} = @{MOUNTS}/debuilder/ @{exec_path} = /{usr/,}bin/uupdate profile uupdate @{exec_path} flags=(complain) { diff --git a/apparmor.d/profiles-m-z/vidcutter b/apparmor.d/profiles-m-z/vidcutter index 46510a55..517c9f87 100644 --- a/apparmor.d/profiles-m-z/vidcutter +++ b/apparmor.d/profiles-m-z/vidcutter @@ -70,8 +70,8 @@ profile vidcutter @{exec_path} { /home/ r, owner @{HOME}/ r, owner @{HOME}/**/ r, - /media/ r, - owner /media/**/ r, + @{MOUNTS}/ r, + owner @{MOUNTS}/**/ r, owner /{home,media}/**.@{vidcutter_ext} rw, owner @{HOME}/ r, diff --git a/apparmor.d/profiles-m-z/virt-manager b/apparmor.d/profiles-m-z/virt-manager index 77de23e0..b2890035 100644 --- a/apparmor.d/profiles-m-z/virt-manager +++ b/apparmor.d/profiles-m-z/virt-manager @@ -51,12 +51,12 @@ profile virt-manager @{exec_path} { owner @{user_cache_dirs}/virt-manager/** rw, # For disk images - /media/ r, - /media/*/ r, + @{MOUNTS}/ r, + @{MOUNTS}/*/ r, @{HOME}/**.{iso,img,bin,mdf,nrg} r, - /media/*/**.{iso,img,bin,mdf,nrg} r, + @{MOUNTS}/*/**.{iso,img,bin,mdf,nrg} r, @{HOME}/**.{ISO,IMG,BIN,MDF,NRG} r, - /media/*/**.{ISO,IMG,BIN,MDF,NRG} r, + @{MOUNTS}/*/**.{ISO,IMG,BIN,MDF,NRG} r, # System VM images #owner /var/lib/libvirt/images/ r, diff --git a/apparmor.d/profiles-m-z/vsftpd b/apparmor.d/profiles-m-z/vsftpd index 5ad4f383..c127dc7d 100644 --- a/apparmor.d/profiles-m-z/vsftpd +++ b/apparmor.d/profiles-m-z/vsftpd @@ -69,8 +69,8 @@ profile vsftpd @{exec_path} { # A directory which vsftpd will try to change into after a user login # Set "rw" when vsftpd allows users to send files # The "k" flag is needed when lock_upload_files=YES - /media/ftp/ r, - /media/ftp/** rwk, + @{MOUNTS}/ftp/ r, + @{MOUNTS}/ftp/** rwk, include if exists } diff --git a/apparmor.d/profiles-m-z/wireshark b/apparmor.d/profiles-m-z/wireshark index f64211e7..814cde3d 100644 --- a/apparmor.d/profiles-m-z/wireshark +++ b/apparmor.d/profiles-m-z/wireshark @@ -39,8 +39,8 @@ profile wireshark @{exec_path} { /home/ r, owner @{HOME}/ r, owner @{HOME}/**/ r, - /media/ r, - owner /media/**/ r, + @{MOUNTS}/ r, + owner @{MOUNTS}/**/ r, owner /{tmp,home,media}/**.@{wireshark_ext}{,.gz} rw, # Wireshark files diff --git a/apparmor.d/profiles-m-z/xarchiver b/apparmor.d/profiles-m-z/xarchiver index 0bbc3d0c..58f6a771 100644 --- a/apparmor.d/profiles-m-z/xarchiver +++ b/apparmor.d/profiles-m-z/xarchiver @@ -56,8 +56,8 @@ profile xarchiver @{exec_path} { /home/ r, #owner @{HOME}/ r, #owner @{HOME}/** rw, - /media/ r, - /media/** rw, + @{MOUNTS}/ r, + @{MOUNTS}/** rw, /tmp/ r, owner /tmp/** rw, diff --git a/apparmor.d/profiles-m-z/xdg-mime b/apparmor.d/profiles-m-z/xdg-mime index 040ccf70..c5563048 100644 --- a/apparmor.d/profiles-m-z/xdg-mime +++ b/apparmor.d/profiles-m-z/xdg-mime @@ -53,7 +53,7 @@ profile xdg-mime @{exec_path} { owner @{HOME}/ r, # file_inherit - /media/** rw, + @{MOUNTS}/** rw, profile dbus { diff --git a/apparmor.d/profiles-m-z/youtube-dl b/apparmor.d/profiles-m-z/youtube-dl index 6585f5da..5ca4edc2 100644 --- a/apparmor.d/profiles-m-z/youtube-dl +++ b/apparmor.d/profiles-m-z/youtube-dl @@ -74,7 +74,7 @@ profile youtube-dl @{exec_path} { # Which files youtube-dl should be able to open owner @{HOME}/ r, owner @{HOME}/**/ r, - owner /media/**/ r, + owner @{MOUNTS}/**/ r, owner /{home,media}/**.@{ytdl_ext} rw, owner @{PROC}/@{pid}/fd/ r, diff --git a/apparmor.d/profiles-m-z/ytdl b/apparmor.d/profiles-m-z/ytdl index 4e3e6f0c..886b67b3 100644 --- a/apparmor.d/profiles-m-z/ytdl +++ b/apparmor.d/profiles-m-z/ytdl @@ -65,7 +65,7 @@ profile ytdl @{exec_path} { # Which files youtube-dl should be able to open owner @{HOME}/ r, owner @{HOME}/**/ r, - owner /media/**/ r, + owner @{MOUNTS}/**/ r, owner /{home,media}/**.@{ytdl_ext} rw, owner @{PROC}/@{pid}/fd/ r, diff --git a/apparmor.d/tunables/xdg-user-dirs.d/complete b/apparmor.d/tunables/xdg-user-dirs.d/complete index 1f798d80..f2667107 100644 --- a/apparmor.d/tunables/xdg-user-dirs.d/complete +++ b/apparmor.d/tunables/xdg-user-dirs.d/complete @@ -20,6 +20,9 @@ # @{XDG_VIDEOS_DIR}="Videos" # @{user_share_dirs}=@{HOME}/.local/share +# Common mountpoints +@{MOUNTS}=/media/ @{run}/media /mnt + # Extra user personal directories @{XDG_PROJECTS_DIR}="Projects" @{XDG_BOOKS_DIR}="Books"