diff --git a/apparmor.d/abstractions/chromium b/apparmor.d/abstractions/chromium index 4d2e273e..09496308 100644 --- a/apparmor.d/abstractions/chromium +++ b/apparmor.d/abstractions/chromium @@ -181,7 +181,7 @@ @{sys}/devices/pci[0-9]*/**/boot_vga r, @{sys}/devices/pci[0-9]*/**/{resource,irq} r, @{sys}/devices/pci[0-9]*/**/report_descriptor r, - @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/cpuinfo_max_freq r, + @{sys}/devices/system/cpu/cpufreq/policy@{int}/cpuinfo_max_freq r, @{sys}/devices/system/cpu/kernel_max r, @{sys}/devices/system/cpu/present r, @{sys}/devices/virtual/**/report_descriptor r, diff --git a/apparmor.d/abstractions/dbus-session-strict.d/complete b/apparmor.d/abstractions/dbus-session-strict.d/complete index c6f5f0f6..27edb92c 100644 --- a/apparmor.d/abstractions/dbus-session-strict.d/complete +++ b/apparmor.d/abstractions/dbus-session-strict.d/complete @@ -8,6 +8,7 @@ unix (connect, send, receive, accept) type=stream peer=(addr="@/tmp/dbus-????????"), owner @{run}/user/@{uid}/at-spi/ rw, - owner @{run}/user/@{uid}/at-spi/bus{,_[0-9]*} rw, - + owner @{run}/user/@{uid}/at-spi/bus rw, + owner @{run}/user/@{uid}/at-spi/bus_@{int} rw, + owner /tmp/dbus-@{rand8} rw, diff --git a/apparmor.d/abstractions/kde-open5.d/complete b/apparmor.d/abstractions/kde-open5.d/complete index 8497bce9..0ce4b3bb 100644 --- a/apparmor.d/abstractions/kde-open5.d/complete +++ b/apparmor.d/abstractions/kde-open5.d/complete @@ -6,4 +6,4 @@ owner @{user_config_dirs}/menus/{,**} r, - owner @{run}/user/@{uid}/kioclient*.[0-9]*.kioworker.socket rwl -> @{run}/user/@{uid}/#@{int}, + owner @{run}/user/@{uid}/kioclient*.@{int}.kioworker.socket rwl -> @{run}/user/@{uid}/#@{int}, diff --git a/apparmor.d/abstractions/nvidia.d/complete b/apparmor.d/abstractions/nvidia.d/complete index f879e06f..6ae3a7b2 100644 --- a/apparmor.d/abstractions/nvidia.d/complete +++ b/apparmor.d/abstractions/nvidia.d/complete @@ -8,4 +8,4 @@ /etc/nvidia/nvidia-application-profiles* r, - /dev/char/195:[0-9]* rw, + /dev/char/195:@{int} rw, diff --git a/apparmor.d/groups/akonadi/akonadi_birthdays_resource b/apparmor.d/groups/akonadi/akonadi_birthdays_resource index 2aa2007f..64774aeb 100644 --- a/apparmor.d/groups/akonadi/akonadi_birthdays_resource +++ b/apparmor.d/groups/akonadi/akonadi_birthdays_resource @@ -22,7 +22,7 @@ profile akonadi_birthdays_resource @{exec_path} { /usr/share/hwdata/*.ids r, /usr/share/qt{5,}/translations/*.qm r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /etc/xdg/kdeglobals r, /etc/xdg/kwinrc r, diff --git a/apparmor.d/groups/akonadi/akonadi_contacts_resource b/apparmor.d/groups/akonadi/akonadi_contacts_resource index 13026804..ba898500 100644 --- a/apparmor.d/groups/akonadi/akonadi_contacts_resource +++ b/apparmor.d/groups/akonadi/akonadi_contacts_resource @@ -22,7 +22,7 @@ profile akonadi_contacts_resource @{exec_path} { @{exec_path} mr, /usr/share/hwdata/*.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /etc/xdg/kdeglobals r, /etc/xdg/kwinrc r, diff --git a/apparmor.d/groups/akonadi/akonadi_control b/apparmor.d/groups/akonadi/akonadi_control index 8f7b6207..0772916a 100644 --- a/apparmor.d/groups/akonadi/akonadi_control +++ b/apparmor.d/groups/akonadi/akonadi_control @@ -26,7 +26,7 @@ profile akonadi_control @{exec_path} { /usr/share/akonadi/{,**} r, /usr/share/hwdata/*.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /etc/xdg/kdeglobals r, /etc/xdg/kwinrc r, diff --git a/apparmor.d/groups/akonadi/akonadi_followupreminder_agent b/apparmor.d/groups/akonadi/akonadi_followupreminder_agent index 8f949e17..2d7aa22a 100644 --- a/apparmor.d/groups/akonadi/akonadi_followupreminder_agent +++ b/apparmor.d/groups/akonadi/akonadi_followupreminder_agent @@ -26,7 +26,7 @@ profile akonadi_followupreminder_agent @{exec_path} { @{exec_path} mr, /usr/share/hwdata/*.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /etc/xdg/kdeglobals r, /etc/xdg/kwinrc r, diff --git a/apparmor.d/groups/akonadi/akonadi_indexing_agent b/apparmor.d/groups/akonadi/akonadi_indexing_agent index 72feebf2..2036b954 100644 --- a/apparmor.d/groups/akonadi/akonadi_indexing_agent +++ b/apparmor.d/groups/akonadi/akonadi_indexing_agent @@ -24,7 +24,7 @@ profile akonadi_indexing_agent @{exec_path} { /usr/share/akonadi/plugins/serializer/ r, /usr/share/akonadi/plugins/serializer/*.desktop r, /usr/share/hwdata/*.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/mime/{,**} r, /etc/machine-id r, diff --git a/apparmor.d/groups/akonadi/akonadi_maildir_resource b/apparmor.d/groups/akonadi/akonadi_maildir_resource index 27826c15..9dfc29ef 100644 --- a/apparmor.d/groups/akonadi/akonadi_maildir_resource +++ b/apparmor.d/groups/akonadi/akonadi_maildir_resource @@ -24,7 +24,7 @@ profile akonadi_maildir_resource @{exec_path} { /usr/share/akonadi/plugins/serializer/{,*.desktop} r, /usr/share/hwdata/*.ids r, /usr/share/mime/{,**} r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /etc/xdg/kdeglobals r, /etc/xdg/kwinrc r, diff --git a/apparmor.d/groups/akonadi/akonadi_maildispatcher_agent b/apparmor.d/groups/akonadi/akonadi_maildispatcher_agent index 0c830f29..3477c53e 100644 --- a/apparmor.d/groups/akonadi/akonadi_maildispatcher_agent +++ b/apparmor.d/groups/akonadi/akonadi_maildispatcher_agent @@ -29,7 +29,7 @@ profile akonadi_maildispatcher_agent @{exec_path} { /usr/share/hwdata/*.ids r, /usr/share/mime/{,**} r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /etc/xdg/kdeglobals r, /etc/xdg/kwinrc r, diff --git a/apparmor.d/groups/akonadi/akonadi_mailfilter_agent b/apparmor.d/groups/akonadi/akonadi_mailfilter_agent index d7061798..1efd9f2b 100644 --- a/apparmor.d/groups/akonadi/akonadi_mailfilter_agent +++ b/apparmor.d/groups/akonadi/akonadi_mailfilter_agent @@ -27,7 +27,7 @@ profile akonadi_mailfilter_agent @{exec_path} { /usr/share/akonadi/plugins/serializer/*.desktop r, /usr/share/hwdata/*.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/mime/{,**} r, /etc/machine-id r, @@ -62,7 +62,7 @@ profile akonadi_mailfilter_agent @{exec_path} { owner @{user_share_dirs}/akonadi/file_db_data/{,**} rw, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, + @{sys}/devices/system/node/node@{int}/meminfo r, @{PROC}/sys/kernel/core_pattern r, @{PROC}/sys/kernel/random/boot_id r, diff --git a/apparmor.d/groups/akonadi/akonadi_mailmerge_agent b/apparmor.d/groups/akonadi/akonadi_mailmerge_agent index 01f2f42c..fd90d4d0 100644 --- a/apparmor.d/groups/akonadi/akonadi_mailmerge_agent +++ b/apparmor.d/groups/akonadi/akonadi_mailmerge_agent @@ -26,7 +26,7 @@ profile akonadi_mailmerge_agent @{exec_path} { @{exec_path} mr, /usr/share/hwdata/*.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/qt{5,}/translations/*.qm r, /usr/share/qt5/qtlogging.ini r, diff --git a/apparmor.d/groups/akonadi/akonadi_migration_agent b/apparmor.d/groups/akonadi/akonadi_migration_agent index cf454f5d..98a18b53 100644 --- a/apparmor.d/groups/akonadi/akonadi_migration_agent +++ b/apparmor.d/groups/akonadi/akonadi_migration_agent @@ -22,7 +22,7 @@ profile akonadi_migration_agent @{exec_path} { @{exec_path} mr, /usr/share/hwdata/*.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /etc/xdg/kdeglobals r, /etc/xdg/kwinrc r, diff --git a/apparmor.d/groups/akonadi/akonadi_newmailnotifier_agent b/apparmor.d/groups/akonadi/akonadi_newmailnotifier_agent index c6039478..7cab13ac 100644 --- a/apparmor.d/groups/akonadi/akonadi_newmailnotifier_agent +++ b/apparmor.d/groups/akonadi/akonadi_newmailnotifier_agent @@ -24,7 +24,7 @@ profile akonadi_newmailnotifier_agent @{exec_path} { /usr/share/akonadi/plugins/serializer/{,*.desktop} r, /usr/share/hwdata/*.ids r, /usr/share/mime/{,**} r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/knotifications5/akonadi_newmailnotifier_agent.notifyrc r, /etc/machine-id r, diff --git a/apparmor.d/groups/akonadi/akonadi_notes_agent b/apparmor.d/groups/akonadi/akonadi_notes_agent index 35db0818..b47aa550 100644 --- a/apparmor.d/groups/akonadi/akonadi_notes_agent +++ b/apparmor.d/groups/akonadi/akonadi_notes_agent @@ -27,7 +27,7 @@ profile akonadi_notes_agent @{exec_path} { @{exec_path} mr, /usr/share/hwdata/*.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/mime/{,**} r, /etc/xdg/kdeglobals r, diff --git a/apparmor.d/groups/akonadi/akonadi_sendlater_agent b/apparmor.d/groups/akonadi/akonadi_sendlater_agent index d16cbffa..893bcfee 100644 --- a/apparmor.d/groups/akonadi/akonadi_sendlater_agent +++ b/apparmor.d/groups/akonadi/akonadi_sendlater_agent @@ -27,7 +27,7 @@ profile akonadi_sendlater_agent @{exec_path} { @{exec_path} mr, /usr/share/hwdata/*.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/mime/{,**} r, /etc/xdg/kdeglobals r, @@ -45,7 +45,7 @@ profile akonadi_sendlater_agent @{exec_path} { owner @{user_config_dirs}/kwinrc r, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, + @{sys}/devices/system/node/node@{int}/meminfo r, @{PROC}/sys/kernel/core_pattern r, diff --git a/apparmor.d/groups/akonadi/akonadi_unifiedmailbox_agent b/apparmor.d/groups/akonadi/akonadi_unifiedmailbox_agent index 298cec03..982bb368 100644 --- a/apparmor.d/groups/akonadi/akonadi_unifiedmailbox_agent +++ b/apparmor.d/groups/akonadi/akonadi_unifiedmailbox_agent @@ -23,7 +23,7 @@ profile akonadi_unifiedmailbox_agent @{exec_path} { /usr/share/hwdata/*.ids r, /usr/share/mime/{,**} r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /etc/xdg/kdeglobals r, /etc/xdg/kwinrc r, @@ -40,7 +40,7 @@ profile akonadi_unifiedmailbox_agent @{exec_path} { owner @{user_config_dirs}/kwinrc r, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, + @{sys}/devices/system/node/node@{int}/meminfo r, @{PROC}/sys/kernel/core_pattern r, diff --git a/apparmor.d/groups/apps/android-studio b/apparmor.d/groups/apps/android-studio index 593884ea..d5d9c5af 100644 --- a/apparmor.d/groups/apps/android-studio +++ b/apparmor.d/groups/apps/android-studio @@ -248,7 +248,7 @@ profile android-studio @{exec_path} { # file_inherit owner @{HOME}/.android/avd/** r, - /dev/dri/card[0-9]* rw, + /dev/dri/card@{int} rw, } diff --git a/apparmor.d/groups/apps/calibre b/apparmor.d/groups/apps/calibre index aee55121..0592883f 100644 --- a/apparmor.d/groups/apps/calibre +++ b/apparmor.d/groups/apps/calibre @@ -134,16 +134,16 @@ profile calibre @{exec_path} { owner @{user_cache_dirs}/qtshadercache/@{hex} rwl -> @{user_cache_dirs}/qtshadercache/#@{int}, owner @{user_cache_dirs}/qtshadercache/#@{int} rw, - owner @{user_cache_dirs}/gstreamer-[0-9]*/ rw, - owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp@{rand6}} rw, + owner @{user_cache_dirs}/gstreamer-@{int}/ rw, + owner @{user_cache_dirs}/gstreamer-@{int}/registry.*.bin{,.tmp@{rand6}} rw, owner @{user_config_dirs}/qt5ct/{,**} r, owner /tmp/calibre_*_tmp_*/{,**} rw, owner /tmp/calibre-*/{,**} rw, - owner /tmp/[0-9]*-*/ rw, - owner /tmp/[0-9]*-*/** rwl, -# owner /tmp/[0-9]*-*/** rwl -> /tmp/[0-9]*-*/**, # newer AA version + owner /tmp/@{int}-*/ rw, + owner /tmp/@{int}-*/** rwl, +# owner /tmp/@{int}-*/** rwl -> /tmp/@{int}-*/**, # newer AA version owner /tmp/* rw, owner /dev/shm/#@{int} rw, @@ -167,7 +167,7 @@ profile calibre @{exec_path} { deny owner @{PROC}/@{pid}/oom_{,score_}adj rw, deny @{PROC}/sys/kernel/random/boot_id r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/apps/discord b/apparmor.d/groups/apps/discord index 1c930fde..a594a9e7 100644 --- a/apparmor.d/groups/apps/discord +++ b/apparmor.d/groups/apps/discord @@ -62,8 +62,8 @@ profile discord @{exec_path} { owner @{DISCORD_HOMEDIR}/ rw, owner @{DISCORD_HOMEDIR}/** rwk, - owner @{DISCORD_HOMEDIR}/[0-9]*/modules/discord_[a-z]*/*.node mrwk, - owner @{DISCORD_HOMEDIR}/[0-9]*/modules/discord_[a-z]*/lib*.so.[0-9] mrw, + owner @{DISCORD_HOMEDIR}/@{int}/modules/discord_[a-z]*/*.node mrwk, + owner @{DISCORD_HOMEDIR}/@{int}/modules/discord_[a-z]*/lib*.so.[0-9] mrw, # Reading of the /proc/ dir is needed to start discord. # Otherwise it returns the following error: @@ -110,7 +110,7 @@ profile discord @{exec_path} { @{lib}/firefox/firefox rPx, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile xdg-mime { diff --git a/apparmor.d/groups/apps/filezilla b/apparmor.d/groups/apps/filezilla index 630a1cef..f6141b8c 100644 --- a/apparmor.d/groups/apps/filezilla +++ b/apparmor.d/groups/apps/filezilla @@ -65,7 +65,7 @@ profile filezilla @{exec_path} { /*/*/ r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/apps/flameshot b/apparmor.d/groups/apps/flameshot index 645934f4..a12d6c04 100644 --- a/apparmor.d/groups/apps/flameshot +++ b/apparmor.d/groups/apps/flameshot @@ -66,7 +66,7 @@ profile flameshot @{exec_path} { /dev/shm/#@{int} rw, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile open { diff --git a/apparmor.d/groups/apps/freetube b/apparmor.d/groups/apps/freetube index be20c66a..8f2519cf 100644 --- a/apparmor.d/groups/apps/freetube +++ b/apparmor.d/groups/apps/freetube @@ -93,7 +93,7 @@ profile freetube @{exec_path} { @{bin}/vlc rPx, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile open { diff --git a/apparmor.d/groups/apps/spotify b/apparmor.d/groups/apps/spotify index 0f85a29e..77318209 100644 --- a/apparmor.d/groups/apps/spotify +++ b/apparmor.d/groups/apps/spotify @@ -70,7 +70,7 @@ profile spotify @{exec_path} { owner /tmp/@{hex}-@{hex}-@{hex}-@{hex} rw, # What's this for? - #owner /tmp/[0-9]*.[0-9]*.[0-9]*.[0-9]*-linux-*.zip rw, + #owner /tmp/@{int}.@{int}.@{int}.[0-9]*-linux-*.zip rw, include if exists } diff --git a/apparmor.d/groups/apps/telegram-desktop b/apparmor.d/groups/apps/telegram-desktop index 96260592..5a39fe00 100644 --- a/apparmor.d/groups/apps/telegram-desktop +++ b/apparmor.d/groups/apps/telegram-desktop @@ -88,7 +88,7 @@ profile telegram-desktop @{exec_path} { @{bin}/geany rPx, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile open { diff --git a/apparmor.d/groups/apps/vlc b/apparmor.d/groups/apps/vlc index 44e0b4c9..e4dea4e3 100644 --- a/apparmor.d/groups/apps/vlc +++ b/apparmor.d/groups/apps/vlc @@ -194,7 +194,7 @@ profile vlc @{exec_path} { audit owner @{PROC}/@{pid}/cmdline r, /dev/shm/#@{int} rw, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, # Silencer deny @{lib}/@{multiarch}/vlc/{,**} w, @@ -217,7 +217,7 @@ profile vlc @{exec_path} { owner @{HOME}/.Xauthority r, # file_inherit - /dev/dri/card[0-9]* rw, + /dev/dri/card@{int} rw, network inet stream, network inet6 stream, diff --git a/apparmor.d/groups/apt/apt b/apparmor.d/groups/apt/apt index de7705bd..104804eb 100644 --- a/apparmor.d/groups/apt/apt +++ b/apparmor.d/groups/apt/apt @@ -144,7 +144,7 @@ profile apt @{exec_path} flags=(attach_disconnected) { /tmp/apt-changelog-*/*.changelog w, owner /tmp/apt-changelog-*/.apt-acquire-privs-test.* rw, owner /tmp/apt-dpkg-install-*/ rw, - owner /tmp/apt-dpkg-install-*/[0-9]*-*.deb w, + owner /tmp/apt-dpkg-install-*/@{int}-*.deb w, owner /tmp/apt.conf.* rw, owner /tmp/apt.data.* rw, diff --git a/apparmor.d/groups/apt/apt-listbugs b/apparmor.d/groups/apt/apt-listbugs index ebec43fc..6b48a7d3 100644 --- a/apparmor.d/groups/apt/apt-listbugs +++ b/apparmor.d/groups/apt/apt-listbugs @@ -23,7 +23,7 @@ profile apt-listbugs @{exec_path} { network netlink raw, @{exec_path} r, - @{bin}/ruby[0-9].[0-9]* rix, + @{bin}/ruby[0-9].@{int} rix, @{bin}/{,ba,da}sh rix, @{bin}/logname rix, diff --git a/apparmor.d/groups/apt/apt-listbugs-migratepins b/apparmor.d/groups/apt/apt-listbugs-migratepins index 37bb6253..a5624a0e 100644 --- a/apparmor.d/groups/apt/apt-listbugs-migratepins +++ b/apparmor.d/groups/apt/apt-listbugs-migratepins @@ -13,7 +13,7 @@ profile apt-listbugs-migratepins @{exec_path} { include @{exec_path} r, - @{bin}/ruby[0-9].[0-9]* rix, + @{bin}/ruby[0-9].@{int} rix, /usr/share/rubygems-integration/*/specifications/ r, /usr/share/rubygems-integration/*/specifications/*.gemspec rwk, diff --git a/apparmor.d/groups/apt/apt-listbugs-prefclean b/apparmor.d/groups/apt/apt-listbugs-prefclean index d0e12914..a34d1260 100644 --- a/apparmor.d/groups/apt/apt-listbugs-prefclean +++ b/apparmor.d/groups/apt/apt-listbugs-prefclean @@ -13,7 +13,7 @@ profile apt-listbugs-prefclean @{exec_path} { include @{exec_path} r, - @{bin}/ruby[0-9].[0-9]* rix, + @{bin}/ruby[0-9].@{int} rix, @{bin}/date rix, @{bin}/cat rix, diff --git a/apparmor.d/groups/apt/apt-mark b/apparmor.d/groups/apt/apt-mark index db2c672a..540ef981 100644 --- a/apparmor.d/groups/apt/apt-mark +++ b/apparmor.d/groups/apt/apt-mark @@ -25,7 +25,7 @@ profile apt-mark @{exec_path} { /var/cache/apt/ r, /var/cache/apt/** rwk, - /dev/pts/[0-9]* rw, + /dev/pts/@{int} rw, include if exists } diff --git a/apparmor.d/groups/apt/apt-methods-cdrom b/apparmor.d/groups/apt/apt-methods-cdrom index ac1036e8..c5efd32e 100644 --- a/apparmor.d/groups/apt/apt-methods-cdrom +++ b/apparmor.d/groups/apt/apt-methods-cdrom @@ -38,7 +38,7 @@ profile apt-methods-cdrom @{exec_path} { @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/apt/apt-methods-copy b/apparmor.d/groups/apt/apt-methods-copy index 304f1db0..5f7e9174 100644 --- a/apparmor.d/groups/apt/apt-methods-copy +++ b/apparmor.d/groups/apt/apt-methods-copy @@ -48,7 +48,7 @@ profile apt-methods-copy @{exec_path} { @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, /var/log/cron-apt/temp w, include if exists diff --git a/apparmor.d/groups/apt/apt-methods-file b/apparmor.d/groups/apt/apt-methods-file index 48a782bd..b74d4da9 100644 --- a/apparmor.d/groups/apt/apt-methods-file +++ b/apparmor.d/groups/apt/apt-methods-file @@ -48,7 +48,7 @@ profile apt-methods-file @{exec_path} { @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, /var/log/cron-apt/temp w, include if exists diff --git a/apparmor.d/groups/apt/apt-methods-ftp b/apparmor.d/groups/apt/apt-methods-ftp index 94bb0149..91a16a58 100644 --- a/apparmor.d/groups/apt/apt-methods-ftp +++ b/apparmor.d/groups/apt/apt-methods-ftp @@ -38,7 +38,7 @@ profile apt-methods-ftp @{exec_path} { @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/apt/apt-methods-gpgv b/apparmor.d/groups/apt/apt-methods-gpgv index cd58b70f..17f4ffb0 100644 --- a/apparmor.d/groups/apt/apt-methods-gpgv +++ b/apparmor.d/groups/apt/apt-methods-gpgv @@ -89,7 +89,7 @@ profile apt-methods-gpgv @{exec_path} { @{PROC}/@{pid}/fd/ r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, /var/log/cron-apt/temp w, include if exists diff --git a/apparmor.d/groups/apt/apt-methods-http b/apparmor.d/groups/apt/apt-methods-http index a24c02ca..0282cf3d 100644 --- a/apparmor.d/groups/apt/apt-methods-http +++ b/apparmor.d/groups/apt/apt-methods-http @@ -75,7 +75,7 @@ profile apt-methods-http @{exec_path} { @{PROC}/1/cgroup r, @{PROC}/@{pid}/cgroup r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/apt/apt-methods-mirror b/apparmor.d/groups/apt/apt-methods-mirror index 66d9af94..2a0d20ff 100644 --- a/apparmor.d/groups/apt/apt-methods-mirror +++ b/apparmor.d/groups/apt/apt-methods-mirror @@ -38,7 +38,7 @@ profile apt-methods-mirror @{exec_path} { @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/apt/apt-methods-rred b/apparmor.d/groups/apt/apt-methods-rred index 88871d63..ac80f623 100644 --- a/apparmor.d/groups/apt/apt-methods-rred +++ b/apparmor.d/groups/apt/apt-methods-rred @@ -48,7 +48,7 @@ profile apt-methods-rred @{exec_path} { @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, /var/log/cron-apt/temp w, include if exists diff --git a/apparmor.d/groups/apt/apt-methods-rsh b/apparmor.d/groups/apt/apt-methods-rsh index bb405268..ee1a5016 100644 --- a/apparmor.d/groups/apt/apt-methods-rsh +++ b/apparmor.d/groups/apt/apt-methods-rsh @@ -38,7 +38,7 @@ profile apt-methods-rsh @{exec_path} { @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/apt/apt-methods-store b/apparmor.d/groups/apt/apt-methods-store index 00c47c93..4ed183a4 100644 --- a/apparmor.d/groups/apt/apt-methods-store +++ b/apparmor.d/groups/apt/apt-methods-store @@ -54,7 +54,7 @@ profile apt-methods-store @{exec_path} { @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, owner /var/log/cron-apt/temp w, include if exists diff --git a/apparmor.d/groups/apt/apt-show-versions b/apparmor.d/groups/apt/apt-show-versions index 4bbd917d..e6099f4f 100644 --- a/apparmor.d/groups/apt/apt-show-versions +++ b/apparmor.d/groups/apt/apt-show-versions @@ -37,7 +37,7 @@ profile apt-show-versions @{exec_path} { @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, owner /var/log/cron-apt/temp w, include if exists diff --git a/apparmor.d/groups/apt/aptitude b/apparmor.d/groups/apt/aptitude index 13586224..4cba0a03 100644 --- a/apparmor.d/groups/apt/aptitude +++ b/apparmor.d/groups/apt/aptitude @@ -124,7 +124,7 @@ profile aptitude @{exec_path} flags=(complain) { owner /tmp/aptitude-*.@{pid}:*/{pkgstates,control}* rw, /tmp/aptitude-*.@{pid}:*/pkgstates* r, owner /tmp/apt-dpkg-install-*/ rw, - owner /tmp/apt-dpkg-install-*/[0-9]*-*.deb w, + owner /tmp/apt-dpkg-install-*/@{int}-*.deb w, /var/cache/apt/ r, /var/cache/apt/** rwk, @@ -152,7 +152,7 @@ profile aptitude @{exec_path} flags=(complain) { # aptitude[]: /dev/tty2: Permission denied # aptitude[]: *** err # aptitude[]: Oh, oh, it's an error! possibly I die! - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, /dev/ptmx rw, diff --git a/apparmor.d/groups/apt/command-not-found b/apparmor.d/groups/apt/command-not-found index 619a550e..4dc754e6 100644 --- a/apparmor.d/groups/apt/command-not-found +++ b/apparmor.d/groups/apt/command-not-found @@ -29,7 +29,7 @@ profile command-not-found @{exec_path} { owner @{PROC}/@{pid}/fd/ r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, # Silencer deny /usr/lib/ r, diff --git a/apparmor.d/groups/apt/deborphan b/apparmor.d/groups/apt/deborphan index bdd1f760..da5a5708 100644 --- a/apparmor.d/groups/apt/deborphan +++ b/apparmor.d/groups/apt/deborphan @@ -17,7 +17,7 @@ profile deborphan @{exec_path} { /var/lib/dpkg/status r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, owner @{HOME}/.synaptic/selections.{update,proceed} w, include if exists diff --git a/apparmor.d/groups/apt/dpkg b/apparmor.d/groups/apt/dpkg index 6212485c..ff926399 100644 --- a/apparmor.d/groups/apt/dpkg +++ b/apparmor.d/groups/apt/dpkg @@ -110,7 +110,7 @@ profile dpkg @{exec_path} { owner @{PROC}/@{pid}/fd/ r, @{PROC}/sys/kernel/random/boot_id r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile diff { include diff --git a/apparmor.d/groups/apt/dpkg-query b/apparmor.d/groups/apt/dpkg-query index ec5fcaf1..47f2e05b 100644 --- a/apparmor.d/groups/apt/dpkg-query +++ b/apparmor.d/groups/apt/dpkg-query @@ -23,7 +23,7 @@ profile dpkg-query @{exec_path} { # file_inherit /tmp/#@{int} rw, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/apt/synaptic b/apparmor.d/groups/apt/synaptic index e0439c64..44468d0b 100644 --- a/apparmor.d/groups/apt/synaptic +++ b/apparmor.d/groups/apt/synaptic @@ -129,7 +129,7 @@ profile synaptic @{exec_path} { /tmp/ r, owner /tmp/apt-dpkg-install-*/ rw, - owner /tmp/apt-dpkg-install-*/[0-9]*-*.deb w, + owner /tmp/apt-dpkg-install-*/@{int}-*.deb w, /var/cache/apt/ r, /var/cache/apt/** rwk, @@ -156,7 +156,7 @@ profile synaptic @{exec_path} { @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile dbus { diff --git a/apparmor.d/groups/apt/update-apt-xapian-index b/apparmor.d/groups/apt/update-apt-xapian-index index 8e2e01fa..286912f8 100644 --- a/apparmor.d/groups/apt/update-apt-xapian-index +++ b/apparmor.d/groups/apt/update-apt-xapian-index @@ -37,7 +37,7 @@ profile update-apt-xapian-index @{exec_path} { /etc/machine-id r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/browsers/chrome-crashpad-handler b/apparmor.d/groups/browsers/chrome-crashpad-handler index 865c3c5c..0c036597 100644 --- a/apparmor.d/groups/browsers/chrome-crashpad-handler +++ b/apparmor.d/groups/browsers/chrome-crashpad-handler @@ -29,8 +29,8 @@ profile chrome-crashpad-handler @{exec_path} { owner @{PROC}/@{pids}/stat r, owner @{PROC}/@{pids}/task/ r, - @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/scaling_cur_freq r, - @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/scaling_max_freq r, + @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_cur_freq r, + @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_max_freq r, include if exists } diff --git a/apparmor.d/groups/browsers/chromium-crashpad-handler b/apparmor.d/groups/browsers/chromium-crashpad-handler index 90ad1aa3..dc47a532 100644 --- a/apparmor.d/groups/browsers/chromium-crashpad-handler +++ b/apparmor.d/groups/browsers/chromium-crashpad-handler @@ -28,8 +28,8 @@ profile chromium-crashpad-handler @{exec_path} { owner @{PROC}/@{pids}/stat r, owner @{PROC}/@{pids}/task/ r, - @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/scaling_cur_freq r, - @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/scaling_max_freq r, + @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_cur_freq r, + @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_max_freq r, include if exists } diff --git a/apparmor.d/groups/browsers/chromium-wrapper b/apparmor.d/groups/browsers/chromium-wrapper index 5660b450..04cd07e4 100644 --- a/apparmor.d/groups/browsers/chromium-wrapper +++ b/apparmor.d/groups/browsers/chromium-wrapper @@ -42,7 +42,7 @@ profile chromium-wrapper @{exec_path} { owner /tmp/tmp.*/ rw, owner /tmp/tmp.*/** rwk, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, /dev/dri/card[0-9] rw, # Silencer diff --git a/apparmor.d/groups/browsers/firefox b/apparmor.d/groups/browsers/firefox index 454390d5..1aee6b81 100644 --- a/apparmor.d/groups/browsers/firefox +++ b/apparmor.d/groups/browsers/firefox @@ -185,8 +185,8 @@ profile firefox @{exec_path} flags=(attach_disconnected) { owner @{HOME}/ r, owner @{user_cache_dirs}/ rw, - owner @{user_cache_dirs}/gstreamer-[0-9]*/ rw, - owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw, + owner @{user_cache_dirs}/gstreamer-@{int}/ rw, + owner @{user_cache_dirs}/gstreamer-@{int}/registry.*.bin{,.tmp*} rw, owner @{user_config_dirs}/ r, owner @{user_config_dirs}/gtk-{3,4}.0/assets/*.svg r, @@ -237,7 +237,7 @@ profile firefox @{exec_path} flags=(attach_disconnected) { @{sys}/class/**/ r, @{sys}/devices/**/uevent r, @{sys}/devices/pci[0-9]*/**/ r, - @{sys}/devices/pci[0-9]*/**/drm/card[0-9]*/ r, + @{sys}/devices/pci[0-9]*/**/drm/card@{int}/ r, @{sys}/devices/pci[0-9]*/**/drm/renderD[0-9]*/ r, @{sys}/devices/pci[0-9]*/**/irq r, @{sys}/devices/system/cpu/cpu[0-9]/cache/index[0-9]/size r, @@ -269,15 +269,15 @@ profile firefox @{exec_path} flags=(attach_disconnected) { owner @{PROC}/@{pids}/environ r, /dev/ r, - /dev/hidraw[0-9]* rw, + /dev/hidraw@{int} rw, /dev/shm/ r, /dev/tty rw, - /dev/video[0-9]* rw, - owner /dev/dri/card[0-9]* rw, # File Inherit + /dev/video@{int} rw, + owner /dev/dri/card@{int} rw, # File Inherit owner /dev/shm/org.chromium.* rw, - owner /dev/shm/org.mozilla.ipc.@{pid}.[0-9]* rw, - owner /dev/shm/wayland.mozilla.ipc.[0-9]* rw, - owner /dev/tty[0-9]* rw, # File Inherit + owner /dev/shm/org.mozilla.ipc.@{pid}.@{int} rw, + owner /dev/shm/wayland.mozilla.ipc.@{int} rw, + owner /dev/tty@{int} rw, # File Inherit # X-tiny /tmp/.X0-lock r, diff --git a/apparmor.d/groups/browsers/firefox-crashreporter b/apparmor.d/groups/browsers/firefox-crashreporter index 651be434..e7413614 100644 --- a/apparmor.d/groups/browsers/firefox-crashreporter +++ b/apparmor.d/groups/browsers/firefox-crashreporter @@ -54,9 +54,9 @@ profile firefox-crashreporter @{exec_path} flags=(attach_disconnected) { owner /tmp/@{hex}.{dmp,extra} rw, owner /tmp/firefox/.parentlock w, - owner /dev/shm/org.mozilla.ipc.[0-9]*.[0-9]* r, + owner /dev/shm/org.mozilla.ipc.@{int}.@{int} r, - /dev/dri/card[0-9]* rw, + /dev/dri/card@{int} rw, /dev/dri/renderD128 rw, # Silencer diff --git a/apparmor.d/groups/browsers/firefox-kmozillahelper b/apparmor.d/groups/browsers/firefox-kmozillahelper index c1e25695..79fd9dc5 100644 --- a/apparmor.d/groups/browsers/firefox-kmozillahelper +++ b/apparmor.d/groups/browsers/firefox-kmozillahelper @@ -22,7 +22,7 @@ profile firefox-kmozillahelper @{exec_path} { @{exec_path} mr, /usr/share/hwdata/*.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/kservices5/{,**} r, /usr/share/mime/ r, diff --git a/apparmor.d/groups/browsers/firefox-minidump-analyzer b/apparmor.d/groups/browsers/firefox-minidump-analyzer index 1b00c974..dc725f3f 100644 --- a/apparmor.d/groups/browsers/firefox-minidump-analyzer +++ b/apparmor.d/groups/browsers/firefox-minidump-analyzer @@ -37,7 +37,7 @@ profile firefox-minidump-analyzer @{exec_path} { owner /tmp/@{hex}.{dmp,extra} rw, owner /tmp/firefox/.parentlock w, - owner /dev/shm/org.mozilla.ipc.[0-9]*.[0-9]* r, + owner /dev/shm/org.mozilla.ipc.@{int}.@{int} r, owner @{PROC}/@{pid}/task/@{tid}/stat r, owner @{PROC}/@{pid}/stat r, diff --git a/apparmor.d/groups/browsers/firefox-pingsender b/apparmor.d/groups/browsers/firefox-pingsender index db4d0430..398e2d12 100644 --- a/apparmor.d/groups/browsers/firefox-pingsender +++ b/apparmor.d/groups/browsers/firefox-pingsender @@ -27,7 +27,7 @@ profile firefox-pingsender @{exec_path} { owner @{PROC}/@{pid}/stat r, owner @{PROC}/@{pid}/task/@{tid}/stat r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/bus/dbus-daemon b/apparmor.d/groups/bus/dbus-daemon index 0c217a2a..45dd3204 100644 --- a/apparmor.d/groups/bus/dbus-daemon +++ b/apparmor.d/groups/bus/dbus-daemon @@ -96,9 +96,9 @@ profile dbus-daemon @{exec_path} flags=(attach_disconnected) { @{PROC}/cmdline r, @{PROC}/sys/kernel/osrelease r, - /dev/dri/card[0-9]* rw, - /dev/input/event[0-9]* rw, - /dev/tty[0-9]* rw, + /dev/dri/card@{int} rw, + /dev/input/event@{int} rw, + /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/bus/dbus-run-session b/apparmor.d/groups/bus/dbus-run-session index 779850e7..3b9f943b 100644 --- a/apparmor.d/groups/bus/dbus-run-session +++ b/apparmor.d/groups/bus/dbus-run-session @@ -34,7 +34,7 @@ profile dbus-run-session @{exec_path} { # file_inherit /dev/tty rw, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/bus/ibus-daemon b/apparmor.d/groups/bus/ibus-daemon index 6d4ca9fb..a8af280f 100644 --- a/apparmor.d/groups/bus/ibus-daemon +++ b/apparmor.d/groups/bus/ibus-daemon @@ -62,7 +62,7 @@ profile ibus-daemon @{exec_path} flags=(attach_disconnected) { owner @{PROC}/@{pids}/fd/ r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/bus/ibus-dconf b/apparmor.d/groups/bus/ibus-dconf index cdce8cd6..42b0dd64 100644 --- a/apparmor.d/groups/bus/ibus-dconf +++ b/apparmor.d/groups/bus/ibus-dconf @@ -43,7 +43,7 @@ profile ibus-dconf @{exec_path} flags=(attach_disconnected) { owner @{user_config_dirs}/ibus/bus/ r, owner @{user_config_dirs}/ibus/bus/@{md5}-unix-{,wayland-}@{int} r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/bus/ibus-engine-simple b/apparmor.d/groups/bus/ibus-engine-simple index 37fbad06..c91249e9 100644 --- a/apparmor.d/groups/bus/ibus-engine-simple +++ b/apparmor.d/groups/bus/ibus-engine-simple @@ -23,7 +23,7 @@ profile ibus-engine-simple @{exec_path} flags=(attach_disconnected) { /var/lib/gdm{3,}/.config/ibus/bus/ r, /var/lib/gdm{3,}/.config/ibus/bus/@{md5}-unix-{,wayland-}@{int} r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/bus/ibus-extension-gtk3 b/apparmor.d/groups/bus/ibus-extension-gtk3 index 385b765f..40a4deb1 100644 --- a/apparmor.d/groups/bus/ibus-extension-gtk3 +++ b/apparmor.d/groups/bus/ibus-extension-gtk3 @@ -80,7 +80,7 @@ profile ibus-extension-gtk3 @{exec_path} flags=(attach_disconnected) { /var/lib/gdm{3,}/greeter-dconf-defaults r, # file inherit - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/bus/ibus-portal b/apparmor.d/groups/bus/ibus-portal index 1fc82387..6a42ef8b 100644 --- a/apparmor.d/groups/bus/ibus-portal +++ b/apparmor.d/groups/bus/ibus-portal @@ -39,7 +39,7 @@ profile ibus-portal @{exec_path} flags=(attach_disconnected) { /var/lib/gdm{3,}/.config/ibus/bus/ r, /var/lib/gdm{3,}/.config/ibus/bus/@{md5}-unix-{,wayland-}@{int} r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/bus/ibus-x11 b/apparmor.d/groups/bus/ibus-x11 index b913490b..3399abae 100644 --- a/apparmor.d/groups/bus/ibus-x11 +++ b/apparmor.d/groups/bus/ibus-x11 @@ -53,7 +53,7 @@ profile ibus-x11 @{exec_path} flags=(attach_disconnected) { owner @{run}/user/@{uid}/.mutter-Xwaylandauth.@{rand6} r, owner @{run}/user/@{uid}/gdm/Xauthority r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/children/child-pager b/apparmor.d/groups/children/child-pager index c2536ea2..0489a612 100644 --- a/apparmor.d/groups/children/child-pager +++ b/apparmor.d/groups/children/child-pager @@ -32,7 +32,7 @@ profile child-pager { owner @{HOME}/ r, owner @{HOME}/.lesshs* rw, - owner @{HOME}/.terminfo/[0-9]*/* r, + owner @{HOME}/.terminfo/@{int}/* r, owner @{user_cache_dirs}/lesshs* rw, owner @{user_state_dirs}/ r, owner @{user_state_dirs}/lesshs* rw, diff --git a/apparmor.d/groups/freedesktop/at-spi-bus-launcher b/apparmor.d/groups/freedesktop/at-spi-bus-launcher index 3513a421..a0d9d6ad 100644 --- a/apparmor.d/groups/freedesktop/at-spi-bus-launcher +++ b/apparmor.d/groups/freedesktop/at-spi-bus-launcher @@ -54,7 +54,7 @@ profile at-spi-bus-launcher @{exec_path} flags=(attach_disconnected) { owner @{PROC}/@{pid}/fd/ r, @{PROC}/1/cgroup r, - owner /dev/tty[0-9]* rw, # file_inherit + owner /dev/tty@{int} rw, # file_inherit include if exists } diff --git a/apparmor.d/groups/freedesktop/at-spi2-registryd b/apparmor.d/groups/freedesktop/at-spi2-registryd index 9df76101..80c92b3d 100644 --- a/apparmor.d/groups/freedesktop/at-spi2-registryd +++ b/apparmor.d/groups/freedesktop/at-spi2-registryd @@ -95,7 +95,7 @@ profile at-spi2-registryd @{exec_path} flags=(attach_disconnected) { owner @{run}/user/@{uid}/gdm/Xauthority r, owner @{run}/user/@{uid}/xauth_@{rand6} r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/freedesktop/cpupower b/apparmor.d/groups/freedesktop/cpupower index e0c85aa4..a70c890b 100644 --- a/apparmor.d/groups/freedesktop/cpupower +++ b/apparmor.d/groups/freedesktop/cpupower @@ -10,7 +10,7 @@ include profile cpupower @{exec_path} { include - # Needed to read the /dev/cpu/[0-9]*/msr device, and hence remove the following error: + # Needed to read the /dev/cpu/@{int}/msr device, and hence remove the following error: # Could not read perf-bias value[-1] capability sys_rawio, @@ -25,19 +25,19 @@ profile cpupower @{exec_path} { @{sys}/devices/system/cpu/{cpufreq,cpuidle}/ r, @{sys}/devices/system/cpu/{cpufreq,cpuidle}/** r, - @{sys}/devices/system/cpu/cpu[0-9]*/{cpufreq,cpuidle}/ r, - @{sys}/devices/system/cpu/cpu[0-9]*/{cpufreq,cpuidle}/** r, + @{sys}/devices/system/cpu/cpu@{int}/{cpufreq,cpuidle}/ r, + @{sys}/devices/system/cpu/cpu@{int}/{cpufreq,cpuidle}/** r, - @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/scaling_{min,max}_freq rw, - @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/scaling_governor rw, - @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/scaling_setspeed rw, - @{sys}/devices/system/cpu/cpu[0-9]*/cpuidle/state[0-9]/disable rw, + @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_{min,max}_freq rw, + @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_governor rw, + @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_setspeed rw, + @{sys}/devices/system/cpu/cpu@{int}/cpuidle/state[0-9]/disable rw, - @{sys}/devices/system/cpu/cpu[0-9]*/topology/{physical_package_id,core_id} r, + @{sys}/devices/system/cpu/cpu@{int}/topology/{physical_package_id,core_id} r, - @{sys}/devices/system/cpu/cpu[0-9]*/online r, + @{sys}/devices/system/cpu/cpu@{int}/online r, - /dev/cpu/[0-9]*/msr r, + /dev/cpu/@{int}/msr r, profile kmod { diff --git a/apparmor.d/groups/freedesktop/dconf-editor b/apparmor.d/groups/freedesktop/dconf-editor index cf4bd887..fd090fb0 100644 --- a/apparmor.d/groups/freedesktop/dconf-editor +++ b/apparmor.d/groups/freedesktop/dconf-editor @@ -27,7 +27,7 @@ profile dconf-editor @{exec_path} { owner @{user_config_dirs}/glib-2.0/settings/.goutputstream-@{rand6} rw, owner @{HOME}/.Xauthority r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/freedesktop/dconf-service b/apparmor.d/groups/freedesktop/dconf-service index 10cbc0fb..37b26d37 100644 --- a/apparmor.d/groups/freedesktop/dconf-service +++ b/apparmor.d/groups/freedesktop/dconf-service @@ -52,7 +52,7 @@ profile dconf-service @{exec_path} flags=(attach_disconnected) { @{PROC}/cmdline r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/freedesktop/fc-cache b/apparmor.d/groups/freedesktop/fc-cache index e741b872..34019696 100644 --- a/apparmor.d/groups/freedesktop/fc-cache +++ b/apparmor.d/groups/freedesktop/fc-cache @@ -7,7 +7,7 @@ abi , include -@{exec_path} = /{snap/snapd/[0-9]*/,}{usr/,}bin/fc-cache{,-32,-v*} +@{exec_path} = /{snap/snapd/@{int}/,}{usr/,}bin/fc-cache{,-32,-v*} profile fc-cache @{exec_path} { include include diff --git a/apparmor.d/groups/freedesktop/pipewire b/apparmor.d/groups/freedesktop/pipewire index 0878438d..94e325f9 100644 --- a/apparmor.d/groups/freedesktop/pipewire +++ b/apparmor.d/groups/freedesktop/pipewire @@ -82,7 +82,7 @@ profile pipewire @{exec_path} flags=(attach_disconnected) { owner @{PROC}/@{pid}/task/@{tid}/comm rw, - /dev/media[0-9]* rw, + /dev/media@{int} rw, include if exists } diff --git a/apparmor.d/groups/freedesktop/pipewire-media-session b/apparmor.d/groups/freedesktop/pipewire-media-session index f838d687..8af8079f 100644 --- a/apparmor.d/groups/freedesktop/pipewire-media-session +++ b/apparmor.d/groups/freedesktop/pipewire-media-session @@ -70,11 +70,11 @@ profile pipewire-media-session @{exec_path} { @{sys}/devices/pci[0-9]*/**/sound/**/pcm_class r, @{sys}/devices/pci[0-9]*/**/video4linux/video[0-9]*/uevent r, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, + @{sys}/devices/system/node/node@{int}/meminfo r, owner @{PROC}/@{pid}/task/@{tid}/comm rw, - /dev/video[0-9]* rw, + /dev/video@{int} rw, /dev/snd/ r, include if exists diff --git a/apparmor.d/groups/freedesktop/plymouthd b/apparmor.d/groups/freedesktop/plymouthd index a9f36e13..355c34ce 100644 --- a/apparmor.d/groups/freedesktop/plymouthd +++ b/apparmor.d/groups/freedesktop/plymouthd @@ -59,7 +59,7 @@ profile plymouthd @{exec_path} { owner @{PROC}/@{pid}/stat r, /dev/ptmx rw, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, /dev/ttyS[0-9]* rw, include if exists diff --git a/apparmor.d/groups/freedesktop/polkit-agent-helper b/apparmor.d/groups/freedesktop/polkit-agent-helper index ddb4f3b5..ecd21026 100644 --- a/apparmor.d/groups/freedesktop/polkit-agent-helper +++ b/apparmor.d/groups/freedesktop/polkit-agent-helper @@ -49,7 +49,7 @@ profile polkit-agent-helper @{exec_path} { owner @{PROC}/@{pid}/cgroup r, owner @{PROC}/@{pid}/loginuid r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/freedesktop/polkit-kde-authentication-agent b/apparmor.d/groups/freedesktop/polkit-kde-authentication-agent index fa533cea..e642b30d 100644 --- a/apparmor.d/groups/freedesktop/polkit-kde-authentication-agent +++ b/apparmor.d/groups/freedesktop/polkit-kde-authentication-agent @@ -32,7 +32,7 @@ profile polkit-kde-authentication-agent @{exec_path} { @{lib}/polkit-[0-9]/polkit-agent-helper-[0-9] rPx, /usr/share/hwdata/pnp.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/qt5ct/** r, /etc/machine-id r, diff --git a/apparmor.d/groups/freedesktop/polkit-mate-authentication-agent b/apparmor.d/groups/freedesktop/polkit-mate-authentication-agent index cb1a4a7a..0d1a41b4 100644 --- a/apparmor.d/groups/freedesktop/polkit-mate-authentication-agent +++ b/apparmor.d/groups/freedesktop/polkit-mate-authentication-agent @@ -33,7 +33,7 @@ profile polkit-mate-authentication-agent @{exec_path} { owner @{HOME}/.Xauthority r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, @{PROC}/1/cgroup r, owner @{PROC}/@{pid}/cgroup r, diff --git a/apparmor.d/groups/freedesktop/pulseaudio b/apparmor.d/groups/freedesktop/pulseaudio index a2638222..3ff764f7 100644 --- a/apparmor.d/groups/freedesktop/pulseaudio +++ b/apparmor.d/groups/freedesktop/pulseaudio @@ -190,11 +190,11 @@ profile pulseaudio @{exec_path} { owner @{PROC}/@{pids}/stat r, owner @{PROC}/@{pids}/cmdline r, - /dev/media[0-9]* r, - /dev/video[0-9]* rw, + /dev/media@{int} r, + /dev/video@{int} rw, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, owner @{HOME}/.xsession-errors w, include if exists diff --git a/apparmor.d/groups/freedesktop/update-mime-database b/apparmor.d/groups/freedesktop/update-mime-database index fbda9c4e..9a8bba13 100644 --- a/apparmor.d/groups/freedesktop/update-mime-database +++ b/apparmor.d/groups/freedesktop/update-mime-database @@ -19,8 +19,8 @@ profile update-mime-database @{exec_path} { /usr/share/mime/{,**} rw, - /dev/tty[0-9]* rw, - owner /dev/pts/[0-9]* rw, + /dev/tty@{int} rw, + owner /dev/pts/@{int} rw, # Inherit silencer deny network inet6 stream, diff --git a/apparmor.d/groups/freedesktop/xdg-dbus-proxy b/apparmor.d/groups/freedesktop/xdg-dbus-proxy index 3ddbc9d4..20054be4 100644 --- a/apparmor.d/groups/freedesktop/xdg-dbus-proxy +++ b/apparmor.d/groups/freedesktop/xdg-dbus-proxy @@ -44,7 +44,7 @@ profile xdg-dbus-proxy @{exec_path} flags=(attach_disconnected) { member=GetSettings peer=(label=NetworkManager), - owner @{run}/firejail/dbus/[0-9]*/[0-9]*-{system,user} rw, + owner @{run}/firejail/dbus/@{int}/@{int}-{system,user} rw, owner @{run}/user/@{uid}/.dbus-proxy/{system,session,a11y}-bus-proxy-[0-9A-Z]* rw, owner @{run}/user/@{uid}/webkitgtk/a11y-proxy-[0-9A-Z]* rw, owner @{run}/user/@{uid}/webkitgtk/bus-proxy-[0-9A-Z]* rw, @@ -52,7 +52,7 @@ profile xdg-dbus-proxy @{exec_path} flags=(attach_disconnected) { @{sys}/devices/virtual/thermal/thermal_zone[0-9]/hwmon[0-9]/temp* r, - /dev/dri/card[0-9]* rw, + /dev/dri/card@{int} rw, deny owner @{user_share_dirs}/gvfs-metadata/{,*} r, diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome index 74fa0bc0..ad2be354 100644 --- a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome +++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome @@ -129,7 +129,7 @@ profile xdg-desktop-portal-gnome @{exec_path} { /usr/share/X11/xkb/{,**} r, - /var/cache/gio-[0-9]*.[0-9]*/gnome-mimeapps.list r, + /var/cache/gio-@{int}.@{int}/gnome-mimeapps.list r, /var/lib/snapd/desktop/icons/{,**} r, owner @{HOME}/*/{,**} rw, diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk index b4678479..5610c933 100644 --- a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk +++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk @@ -157,7 +157,7 @@ profile xdg-desktop-portal-gtk @{exec_path} { / r, - owner /var/lib/xkb/server-[0-9]*.xkm rw, + owner /var/lib/xkb/server-@{int}.xkm rw, owner @{HOME}/ r, owner @{HOME}/.* r, diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde b/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde index d61f95d7..c8f39891 100644 --- a/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde +++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde @@ -26,7 +26,7 @@ profile xdg-desktop-portal-kde @{exec_path} { @{exec_path} mr, /usr/share/hwdata/pnp.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/mime/{,**} r, /usr/share/qt5/qtlogging.ini r, diff --git a/apparmor.d/groups/freedesktop/xdg-document-portal b/apparmor.d/groups/freedesktop/xdg-document-portal index 10d57f82..4d107542 100644 --- a/apparmor.d/groups/freedesktop/xdg-document-portal +++ b/apparmor.d/groups/freedesktop/xdg-document-portal @@ -68,7 +68,7 @@ profile xdg-document-portal @{exec_path} flags=(attach_disconnected) { /dev/fuse rw, # file inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile flatpak { include diff --git a/apparmor.d/groups/freedesktop/xdg-email b/apparmor.d/groups/freedesktop/xdg-email index 1ad83002..d30b4fe5 100644 --- a/apparmor.d/groups/freedesktop/xdg-email +++ b/apparmor.d/groups/freedesktop/xdg-email @@ -23,7 +23,7 @@ profile xdg-email @{exec_path} flags=(complain) { @{bin}/which rix, @{bin}/xdg-mime rPx, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/freedesktop/xdg-mime b/apparmor.d/groups/freedesktop/xdg-mime index 4765171c..ab009685 100644 --- a/apparmor.d/groups/freedesktop/xdg-mime +++ b/apparmor.d/groups/freedesktop/xdg-mime @@ -39,10 +39,10 @@ profile xdg-mime @{exec_path} flags=(attach_disconnected) { owner @{run}/user/@{uid}/ r, - @{sys}/devices/platform/**/hwmon/hwmon[0-9]*/temp* r, - @{sys}/devices/platform/**/hwmon/hwmon[0-9]*/fan* r, + @{sys}/devices/platform/**/hwmon/hwmon@{int}/temp* r, + @{sys}/devices/platform/**/hwmon/hwmon@{int}/fan* r, - /dev/dri/card[0-9]* rw, + /dev/dri/card@{int} rw, /dev/tty rw, # When xdg-mime is run as root, it wants to exec dbus-launch, and hence it creates the two diff --git a/apparmor.d/groups/freedesktop/xdg-permission-store b/apparmor.d/groups/freedesktop/xdg-permission-store index f04f1bab..00b0778d 100644 --- a/apparmor.d/groups/freedesktop/xdg-permission-store +++ b/apparmor.d/groups/freedesktop/xdg-permission-store @@ -54,7 +54,7 @@ profile xdg-permission-store @{exec_path} flags=(attach_disconnected) { owner @{user_share_dirs}/flatpak/db/background rw, owner @{user_share_dirs}/flatpak/db/notifications rw, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/freedesktop/xdg-screensaver b/apparmor.d/groups/freedesktop/xdg-screensaver index 96369786..be2e2276 100644 --- a/apparmor.d/groups/freedesktop/xdg-screensaver +++ b/apparmor.d/groups/freedesktop/xdg-screensaver @@ -35,7 +35,7 @@ profile xdg-screensaver @{exec_path} { owner @{HOME}/ r, owner @{HOME}/.Xauthority r, - owner /tmp/xauth-[0-9]*-_[0-9] r, + owner /tmp/xauth-@{int}-_[0-9] r, owner @{run}/user/@{uid}/ r, diff --git a/apparmor.d/groups/freedesktop/xhost b/apparmor.d/groups/freedesktop/xhost index c963abfb..76c3802c 100644 --- a/apparmor.d/groups/freedesktop/xhost +++ b/apparmor.d/groups/freedesktop/xhost @@ -21,7 +21,7 @@ profile xhost @{exec_path} { /tmp/.X11-unix/* rw, # file_inherit - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, owner @{HOME}/.xsession-errors w, # Silencer diff --git a/apparmor.d/groups/freedesktop/xkbcomp b/apparmor.d/groups/freedesktop/xkbcomp index 50ec0cae..fc6ca30e 100644 --- a/apparmor.d/groups/freedesktop/xkbcomp +++ b/apparmor.d/groups/freedesktop/xkbcomp @@ -20,25 +20,25 @@ profile xkbcomp @{exec_path} flags=(attach_disconnected) { /usr/share/X11/xkb/** r, - /var/lib/xkb/server-[0-9]*.xkm w, - /var/lib/xkb/compiled/server-[0-9]*.xkm rw, + /var/lib/xkb/server-@{int}.xkm w, + /var/lib/xkb/compiled/server-@{int}.xkm rw, owner @{HOME}/.Xauthority r, owner @{HOME}/*.{xkb,xkm} rw, - owner @{user_share_dirs}/xorg/Xorg.[0-9].log w, + owner @{user_share_dirs}/xorg/Xorg.@{int}.log w, - /var/lib/gdm{3,}/.local/share/xorg/Xorg.[0-9].log w, - owner /var/log/lightdm/x-[0-9]*.log w, + /var/lib/gdm{3,}/.local/share/xorg/Xorg.@{int}.log w, + owner /var/log/lightdm/x-@{int}.log w, - owner /tmp/server-[0-9]*.xkm rwk, + owner /tmp/server-@{int}.xkm rwk, - /dev/dri/card[0-9]* rw, + /dev/dri/card@{int} rw, /dev/tty rw, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, - deny /dev/input/event[0-9]* rw, - deny /var/log/Xorg.[0-9]*.log w, + deny /dev/input/event@{int} rw, + deny /var/log/Xorg.@{int}.log w, include if exists } diff --git a/apparmor.d/groups/freedesktop/xorg b/apparmor.d/groups/freedesktop/xorg index 6cbcd653..0a11954c 100644 --- a/apparmor.d/groups/freedesktop/xorg +++ b/apparmor.d/groups/freedesktop/xorg @@ -66,8 +66,8 @@ profile xorg @{exec_path} flags=(attach_disconnected) { @{lib}/xorg/modules/ r, @{lib}/xorg/modules/** mr, - /var/lib/xkb/server-[0-9]*.xkm rw, - /var/lib/xkb/compiled/server-[0-9]*.xkm rw, + /var/lib/xkb/server-@{int}.xkm rw, + /var/lib/xkb/compiled/server-@{int}.xkm rw, /usr/share/egl/{,**} rw, /usr/share/libinput*/ r, @@ -140,11 +140,11 @@ profile xorg @{exec_path} flags=(attach_disconnected) { @{PROC}/mtrr rw, /dev/fb[0-9] rw, - /dev/input/event[0-9]* rw, + /dev/input/event@{int} rw, /dev/shm/#@{int} rw, /dev/shm/shmfd-* rw, /dev/tty rw, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, /dev/vga_arbiter rw, # Graphic card modules include if exists diff --git a/apparmor.d/groups/freedesktop/xprop b/apparmor.d/groups/freedesktop/xprop index dd172f45..4e57b13d 100644 --- a/apparmor.d/groups/freedesktop/xprop +++ b/apparmor.d/groups/freedesktop/xprop @@ -25,7 +25,7 @@ profile xprop @{exec_path} { owner @{run}/user/@{uid}/xauth_@{rand6} rl, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, owner @{HOME}/.xsession-errors w, include if exists diff --git a/apparmor.d/groups/freedesktop/xrandr b/apparmor.d/groups/freedesktop/xrandr index 83e75b95..b57f58d3 100644 --- a/apparmor.d/groups/freedesktop/xrandr +++ b/apparmor.d/groups/freedesktop/xrandr @@ -17,7 +17,7 @@ profile xrandr @{exec_path} { /usr/share/X11/XErrorDB r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/freedesktop/xrdb b/apparmor.d/groups/freedesktop/xrdb index 1182d3c7..a471fb2a 100644 --- a/apparmor.d/groups/freedesktop/xrdb +++ b/apparmor.d/groups/freedesktop/xrdb @@ -17,7 +17,7 @@ profile xrdb @{exec_path} { @{bin}/{,*-}cpp-[0-9]* rix, @{bin}/{,ba,da}sh rix, @{bin}/cpp rix, - @{lib}/gcc/*/[0-9]*/cc1 rix, + @{lib}/gcc/*/@{int}/cc1 rix, @{lib}/llvm-[0-9]*/bin/clang rix, /usr/include/stdc-predef.h r, @@ -40,10 +40,10 @@ profile xrdb @{exec_path} { owner /tmp/xauth-[0-9]*-_[0-9] r, @{run}/sddm/\{@{uuid}\} r, - @{run}/sddm/xauth_?????? r, + @{run}/sddm/xauth_@{rand6} r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, owner @{HOME}/.xsession-errors w, /dev/tty rw, diff --git a/apparmor.d/groups/freedesktop/xset b/apparmor.d/groups/freedesktop/xset index 5f2e0ba7..642fd944 100644 --- a/apparmor.d/groups/freedesktop/xset +++ b/apparmor.d/groups/freedesktop/xset @@ -16,12 +16,12 @@ profile xset @{exec_path} { owner @{HOME}/.Xauthority r, @{run}/sddm/\{@{uuid}\} r, - @{run}/sddm/xauth_?????? r, + @{run}/sddm/xauth_@{rand6} r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, owner @{HOME}/.xsession-errors w, - deny /dev/dri/card[0-9]* rw, + deny /dev/dri/card@{int} rw, include if exists } diff --git a/apparmor.d/groups/freedesktop/xwayland b/apparmor.d/groups/freedesktop/xwayland index 6d359871..82df7245 100644 --- a/apparmor.d/groups/freedesktop/xwayland +++ b/apparmor.d/groups/freedesktop/xwayland @@ -36,7 +36,7 @@ profile xwayland @{exec_path} flags=(attach_disconnected) { owner /var/lib/gdm{3,}/.cache/mesa_shader_cache/index rw, - owner /tmp/server-[0-9]*.xkm rwk, + owner /tmp/server-@{int}.xkm rwk, owner @{run}/user/@{uid}/.mutter-Xwaylandauth.@{rand6} rw, owner @{run}/user/@{uid}/xwayland-shared-@{rand6} rw, @@ -45,7 +45,7 @@ profile xwayland @{exec_path} flags=(attach_disconnected) { @{PROC}/@{pids}/cmdline r, owner @{PROC}/@{pids}/comm r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, /dev/tty rw, include if exists diff --git a/apparmor.d/groups/gnome/evolution-addressbook-factory b/apparmor.d/groups/gnome/evolution-addressbook-factory index cc126530..3361a249 100644 --- a/apparmor.d/groups/gnome/evolution-addressbook-factory +++ b/apparmor.d/groups/gnome/evolution-addressbook-factory @@ -40,7 +40,7 @@ profile evolution-addressbook-factory @{exec_path} { @{exec_path}-subprocess rix, /usr/share/glib-2.0/schemas/gschemas.compiled r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, owner @{user_share_dirs}/evolution/{,**} rwk, owner @{user_cache_dirs}/evolution/addressbook/{,**} rwk, diff --git a/apparmor.d/groups/gnome/gdm b/apparmor.d/groups/gnome/gdm index 1c969bcc..8163a06e 100644 --- a/apparmor.d/groups/gnome/gdm +++ b/apparmor.d/groups/gnome/gdm @@ -92,7 +92,7 @@ profile gdm @{exec_path} flags=(attach_disconnected) { @{run}/gdm{3,}/custom.conf r, @{run}/gdm{3,}/gdm.pid rw, @{run}/gdm{3,}/greeter/ rw, - @{run}/systemd/seats/seat[0-9]* r, + @{run}/systemd/seats/seat@{int} r, @{run}/systemd/sessions/* r, @{run}/systemd/sessions/*.ref r, @{run}/systemd/users/@{uid} r, diff --git a/apparmor.d/groups/gnome/gdm-session-worker b/apparmor.d/groups/gnome/gdm-session-worker index c447fdd8..f6eaf8ab 100644 --- a/apparmor.d/groups/gnome/gdm-session-worker +++ b/apparmor.d/groups/gnome/gdm-session-worker @@ -104,7 +104,7 @@ profile gdm-session-worker @{exec_path} flags=(attach_disconnected) { @{PROC}/keys r, /dev/tty rw, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/gnome/gdm-wayland-session b/apparmor.d/groups/gnome/gdm-wayland-session index 6526ab43..8510c600 100644 --- a/apparmor.d/groups/gnome/gdm-wayland-session +++ b/apparmor.d/groups/gnome/gdm-wayland-session @@ -98,7 +98,7 @@ profile gdm-wayland-session @{exec_path} { owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/loginuid r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/gnome/gdm-x-session b/apparmor.d/groups/gnome/gdm-x-session index 50ba509b..db6a8d34 100644 --- a/apparmor.d/groups/gnome/gdm-x-session +++ b/apparmor.d/groups/gnome/gdm-x-session @@ -55,7 +55,7 @@ profile gdm-x-session @{exec_path} flags=(attach_disconnected) { owner @{PROC}/@{pid}/fd/ r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/gnome/gdm-xsession b/apparmor.d/groups/gnome/gdm-xsession index 412df890..543ed3b2 100644 --- a/apparmor.d/groups/gnome/gdm-xsession +++ b/apparmor.d/groups/gnome/gdm-xsession @@ -57,7 +57,7 @@ profile gdm-xsession @{exec_path} { owner /tmp/gdm{3,}-config-err-@{rand6} rw, # file_inherit - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, profile dbus { include @@ -78,7 +78,7 @@ profile gdm-xsession @{exec_path} { # file_inherit /dev/tty rw, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, owner @{HOME}/.xsession-errors w, include if exists diff --git a/apparmor.d/groups/gnome/gio-launch-desktop b/apparmor.d/groups/gnome/gio-launch-desktop index ec79117c..e8831dd2 100644 --- a/apparmor.d/groups/gnome/gio-launch-desktop +++ b/apparmor.d/groups/gnome/gio-launch-desktop @@ -23,7 +23,7 @@ profile gio-launch-desktop @{exec_path} flags=(attach_disconnected) { @{lib}/gio-launch-desktop rix, # System files - /var/cache/gio-[0-9]*.[0-9]*/gnome-mimeapps.list r, + /var/cache/gio-@{int}.@{int}/gnome-mimeapps.list r, # User files owner @{PROC}/@{pid}/fd/ r, @@ -37,7 +37,7 @@ profile gio-launch-desktop @{exec_path} flags=(attach_disconnected) { owner @{HOME}/{,**} rw, owner /tmp/wl-copy-buffer-*/{,**} rw, - /dev/dri/card[0-9]* rw, + /dev/dri/card@{int} rw, @{run}/mount/utab r, diff --git a/apparmor.d/groups/gnome/gjs-console b/apparmor.d/groups/gnome/gjs-console index 2958a064..a88e294a 100644 --- a/apparmor.d/groups/gnome/gjs-console +++ b/apparmor.d/groups/gnome/gjs-console @@ -84,7 +84,7 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) { /usr/share/egl/{,**} r, /usr/share/gdm/greeter-dconf-defaults r, /usr/share/gnome-shell/{,**} r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/X11/xkb/** r, /var/lib/gdm{3,}/.cache/fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} r, @@ -110,7 +110,7 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) { /dev/ r, /dev/tty rw, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/gnome/gnome-characters b/apparmor.d/groups/gnome/gnome-characters index 8d75441f..7487e2cb 100644 --- a/apparmor.d/groups/gnome/gnome-characters +++ b/apparmor.d/groups/gnome/gnome-characters @@ -23,7 +23,7 @@ profile gnome-characters @{exec_path} { @{bin}/gjs-console rix, /usr/share/glib-2.0/schemas/gschemas.compiled r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/libdrm/*.ids r, /usr/share/org.gnome.Characters/org.gnome.Characters.*.gresource r, /usr/share/themes/{,**} r, diff --git a/apparmor.d/groups/gnome/gnome-control-center b/apparmor.d/groups/gnome/gnome-control-center index a9480a49..b16a8145 100644 --- a/apparmor.d/groups/gnome/gnome-control-center +++ b/apparmor.d/groups/gnome/gnome-control-center @@ -88,7 +88,7 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) { /usr/share/language-tools/language2locale rix, /usr/share/language-tools/language-options rPUx, - /snap/*/[0-9]*/**.png r, + /snap/*/@{int}/**.png r, /usr/share/backgrounds/{,**} r, /usr/share/cups/data/testprint r, /usr/share/desktop-base/**.{xml,png,svg} r, @@ -202,8 +202,8 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) { @{PROC}/zoneinfo r, /dev/ r, - /dev/media[0-9]* r, - /dev/video[0-9]* rw, + /dev/media@{int} r, + /dev/video@{int} rw, deny owner @{user_share_dirs}/gvfs-metadata/{,*} r, diff --git a/apparmor.d/groups/gnome/gnome-control-center-search-provider b/apparmor.d/groups/gnome/gnome-control-center-search-provider index 55cdd315..c67d8b22 100644 --- a/apparmor.d/groups/gnome/gnome-control-center-search-provider +++ b/apparmor.d/groups/gnome/gnome-control-center-search-provider @@ -24,7 +24,7 @@ profile gnome-control-center-search-provider @{exec_path} { /usr/share/X11/xkb/{,**} r, - /var/cache/gio-[0-9]*.[0-9]*/gnome-mimeapps.list r, + /var/cache/gio-@{int}.@{int}/gnome-mimeapps.list r, owner @{run}/user/@{uid}/gdm/Xauthority r, diff --git a/apparmor.d/groups/gnome/gnome-extensions-app b/apparmor.d/groups/gnome/gnome-extensions-app index 2585e832..8467bac8 100644 --- a/apparmor.d/groups/gnome/gnome-extensions-app +++ b/apparmor.d/groups/gnome/gnome-extensions-app @@ -26,7 +26,7 @@ profile gnome-extensions-app @{exec_path} { @{bin}/gjs-console rix, /usr/share/gnome-shell/org.gnome.Extensions* r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/terminfo/x/xterm-256color r, /usr/share/X11/xkb/{,**} r, diff --git a/apparmor.d/groups/gnome/gnome-remote-desktop-daemon b/apparmor.d/groups/gnome/gnome-remote-desktop-daemon index 46cff0c0..93f1fcd9 100644 --- a/apparmor.d/groups/gnome/gnome-remote-desktop-daemon +++ b/apparmor.d/groups/gnome/gnome-remote-desktop-daemon @@ -26,7 +26,7 @@ profile gnome-remote-desktop-daemon @{exec_path} { owner @{run}/user/@{uid}/wayland-@{int} rw, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, + @{sys}/devices/system/node/node@{int}/meminfo r, include if exists } diff --git a/apparmor.d/groups/gnome/gnome-session-binary b/apparmor.d/groups/gnome/gnome-session-binary index aa14e53e..26049757 100644 --- a/apparmor.d/groups/gnome/gnome-session-binary +++ b/apparmor.d/groups/gnome/gnome-session-binary @@ -209,7 +209,7 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) { /var/lib/gdm{3,}/.local/share/session_migration-* r, /var/lib/gdm{3,}/greeter-dconf-defaults r, - /var/cache/gio-[0-9]*.[0-9]*/gnome-mimeapps.list r, + /var/cache/gio-@{int}.@{int}/gnome-mimeapps.list r, /var/lib/flatpak/exports/share/applications/{,**} r, /var/lib/flatpak/exports/share/mime/mime.cache r, /var/lib/snapd/desktop/applications/{,mimeinfo.cache} r, @@ -243,7 +243,7 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) { owner @{PROC}/@{pid}/loginuid r, /dev/tty rw, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists include if exists diff --git a/apparmor.d/groups/gnome/gnome-shell b/apparmor.d/groups/gnome/gnome-shell index ee432e94..0e74c2a4 100644 --- a/apparmor.d/groups/gnome/gnome-shell +++ b/apparmor.d/groups/gnome/gnome-shell @@ -516,8 +516,8 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) { /var/lib/gdm{3,}/.cache/ w, /var/lib/gdm{3,}/.cache/event-sound-cache.tdb.@{md5}.x86_64-pc-linux-gnu rwk, /var/lib/gdm{3,}/.cache/fontconfig/{,*} rwl, - /var/lib/gdm{3,}/.cache/gstreamer-[0-9]*/ rw, - /var/lib/gdm{3,}/.cache/gstreamer-[0-9]*/registry.*.bin{,.tmp@{rand6}} rw, + /var/lib/gdm{3,}/.cache/gstreamer-@{int}/ rw, + /var/lib/gdm{3,}/.cache/gstreamer-@{int}/registry.*.bin{,.tmp@{rand6}} rw, /var/lib/gdm{3,}/.cache/libgweather/ r, /var/lib/gdm{3,}/.cache/mesa_shader_cache/ rw, /var/lib/gdm{3,}/.cache/mesa_shader_cache/@{h}@{h}/ rw, @@ -584,14 +584,14 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) { owner @{run}/user/@{uid}/wayland-@{int} rwk, owner /dev/shm/.org.chromium.Chromium.* rw, - owner /dev/shm/wayland.mozilla.ipc.[0-9]* rw, + owner /dev/shm/wayland.mozilla.ipc.@{int} rw, owner /tmp/.X[0-9]-lock rw, owner /tmp/[0-9A-Z]*.shell-extension.zip rw, owner /tmp/gdkpixbuf-xpm-tmp.[0-9A-Z]* rw, @{run}/systemd/users/@{uid} r, - @{run}/systemd/seats/seat[0-9]* r, + @{run}/systemd/seats/seat@{int} r, @{run}/systemd/sessions/ r, @{run}/systemd/sessions/* r, @{run}/systemd/inhibit/[0-9]*.ref rw, @@ -620,8 +620,8 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) { @{sys}/class/input/ r, @{sys}/class/net/ r, @{sys}/class/power_supply/ r, - @{sys}/devices/**/hwmon[0-9]*/{,name,temp*,fan*} r, - @{sys}/devices/**/hwmon[0-9]*/**/{,name,temp*,fan*} r, + @{sys}/devices/**/hwmon@{int}/{,name,temp*,fan*} r, + @{sys}/devices/**/hwmon@{int}/**/{,name,temp*,fan*} r, @{sys}/devices/**/hwmon/{,name,temp*,fan*} r, @{sys}/devices/**/hwmon/**/{,name,temp*,fan*} r, @{sys}/devices/**/power_supply/{,**} r, @@ -630,7 +630,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) { @{sys}/devices/pci[0-9]*/**/input[0-9]*/{properties,name} r, @{sys}/devices/pci[0-9]*/**/net/*/statistics/{rx_bytes,tx_bytes} r, @{sys}/devices/platform/**/input[0-9]*/{properties,name} r, - @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/scaling_cur_freq r, + @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_cur_freq r, @{sys}/devices/virtual/net/*/statistics/{rx_bytes,tx_bytes} r, @{PROC}/ r, @@ -650,9 +650,9 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) { owner @{PROC}/@{pid}/mounts r, owner @{PROC}/@{pid}/task/@{pid}/cmdline r, - /dev/input/event[0-9]* rw, - /dev/media[0-9]* rw, - /dev/tty[0-9]* rw, + /dev/input/event@{int} rw, + /dev/media@{int} rw, + /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/gnome/gnome-software b/apparmor.d/groups/gnome/gnome-software index b15d1bd6..faa955aa 100644 --- a/apparmor.d/groups/gnome/gnome-software +++ b/apparmor.d/groups/gnome/gnome-software @@ -59,7 +59,7 @@ profile gnome-software @{exec_path} { /var/cache/app-info/icons/**.png r, /var/cache/app-info/xmls/{,**} r, - /var/cache/gio-[0-9]*.[0-9]*/gnome-mimeapps.list r, + /var/cache/gio-@{int}.@{int}/gnome-mimeapps.list r, /var/lib/flatpak/app/{,**} r, /var/lib/flatpak/appstream/{,**} r, diff --git a/apparmor.d/groups/gnome/gnome-terminal-server b/apparmor.d/groups/gnome/gnome-terminal-server index c4141bd6..2fb87243 100644 --- a/apparmor.d/groups/gnome/gnome-terminal-server +++ b/apparmor.d/groups/gnome/gnome-terminal-server @@ -37,7 +37,7 @@ profile gnome-terminal-server @{exec_path} { @{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop rPx -> child-open, @{lib}/gio-launch-desktop rPx -> child-open, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/X11/xkb/{,**} r, /var/lib/flatpak/exports/share/icons/{,**} r, diff --git a/apparmor.d/groups/gnome/gsd-a11y-settings b/apparmor.d/groups/gnome/gsd-a11y-settings index 7c610f08..8a1440c6 100644 --- a/apparmor.d/groups/gnome/gsd-a11y-settings +++ b/apparmor.d/groups/gnome/gsd-a11y-settings @@ -61,7 +61,7 @@ profile gsd-a11y-settings @{exec_path} flags=(attach_disconnected) { /var/lib/gdm{3,}/.config/dconf/user r, /var/lib/gdm{3,}/greeter-dconf-defaults r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/gnome/gsd-color b/apparmor.d/groups/gnome/gsd-color index e9fc3d9b..2405ffe7 100644 --- a/apparmor.d/groups/gnome/gsd-color +++ b/apparmor.d/groups/gnome/gsd-color @@ -136,7 +136,7 @@ profile gsd-color @{exec_path} flags=(attach_disconnected) { owner @{run}/user/@{uid}/gdm/Xauthority r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/gnome/gsd-datetime b/apparmor.d/groups/gnome/gsd-datetime index bd544c67..acd19d13 100644 --- a/apparmor.d/groups/gnome/gsd-datetime +++ b/apparmor.d/groups/gnome/gsd-datetime @@ -66,7 +66,7 @@ profile gsd-datetime @{exec_path} flags=(attach_disconnected) { owner @{PROC}/@{pid}/stat r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/gnome/gsd-housekeeping b/apparmor.d/groups/gnome/gsd-housekeeping index 14c2e873..443db04f 100644 --- a/apparmor.d/groups/gnome/gsd-housekeeping +++ b/apparmor.d/groups/gnome/gsd-housekeeping @@ -81,7 +81,7 @@ profile gsd-housekeeping @{exec_path} flags=(attach_disconnected) { @{run}/mount/utab r, owner @{run}/user/@{uid}/gvfsd/socket-@{rand8} rw, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/gnome/gsd-keyboard b/apparmor.d/groups/gnome/gsd-keyboard index f1ccb143..01c39f99 100644 --- a/apparmor.d/groups/gnome/gsd-keyboard +++ b/apparmor.d/groups/gnome/gsd-keyboard @@ -110,7 +110,7 @@ profile gsd-keyboard @{exec_path} flags=(attach_disconnected) { owner @{run}/user/@{uid}/gdm/Xauthority r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/gnome/gsd-media-keys b/apparmor.d/groups/gnome/gsd-media-keys index bfad1351..4c03b968 100644 --- a/apparmor.d/groups/gnome/gsd-media-keys +++ b/apparmor.d/groups/gnome/gsd-media-keys @@ -185,7 +185,7 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) { @{run}/systemd/inhibit/[0-9]*.ref rw, owner @{run}/user/@{uid}/gdm/Xauthority r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, @{run}/udev/data/+sound:card[0-9]* r, # For sound @{run}/udev/data/c13:[0-9]* r, # for /dev/input/* diff --git a/apparmor.d/groups/gnome/gsd-power b/apparmor.d/groups/gnome/gsd-power index 1b17092c..8713ff7c 100644 --- a/apparmor.d/groups/gnome/gsd-power +++ b/apparmor.d/groups/gnome/gsd-power @@ -199,9 +199,9 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) { @{sys}/devices/pci[0-9]*/**/backlight/**/brightness rw, @{sys}/devices/pci[0-9]*/**/backlight/**/{max_brightness,actual_brightness} r, @{sys}/devices/pci[0-9]*/**/backlight/**/{uevent,type} r, - @{sys}/devices/pci[0-9]*/**/drm/card[0-9]*/**/brightness rw, - @{sys}/devices/pci[0-9]*/**/drm/card[0-9]*/**/{max_brightness,actual_brightness} r, - @{sys}/devices/pci[0-9]*/**/drm/card[0-9]*/**/{uevent,type,enabled} r, + @{sys}/devices/pci[0-9]*/**/drm/card@{int}/**/brightness rw, + @{sys}/devices/pci[0-9]*/**/drm/card@{int}/**/{max_brightness,actual_brightness} r, + @{sys}/devices/pci[0-9]*/**/drm/card@{int}/**/{uevent,type,enabled} r, @{sys}/devices/platform/**/leds/*backlight*/uevent r, @{sys}/devices/platform/**/leds/*backlight*/max_brightness r, @@ -211,7 +211,7 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) { @{PROC}/sys/kernel/osrelease r, owner @{PROC}/@{pid}/cgroup r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/gnome/gsd-print-notifications b/apparmor.d/groups/gnome/gsd-print-notifications index c31e1eef..32dd8d21 100644 --- a/apparmor.d/groups/gnome/gsd-print-notifications +++ b/apparmor.d/groups/gnome/gsd-print-notifications @@ -87,7 +87,7 @@ profile gsd-print-notifications @{exec_path} flags=(attach_disconnected) { owner @{PROC}/@{pid}/cgroup r, owner @{PROC}/@{pid}/fd/ r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/gnome/gsd-printer b/apparmor.d/groups/gnome/gsd-printer index b0fd5854..64b56cdd 100644 --- a/apparmor.d/groups/gnome/gsd-printer +++ b/apparmor.d/groups/gnome/gsd-printer @@ -56,7 +56,7 @@ profile gsd-printer @{exec_path} flags=(attach_disconnected) { owner @{PROC}/@{pid}/cgroup r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/gnome/gsd-rfkill b/apparmor.d/groups/gnome/gsd-rfkill index a4427736..f178d95c 100644 --- a/apparmor.d/groups/gnome/gsd-rfkill +++ b/apparmor.d/groups/gnome/gsd-rfkill @@ -90,7 +90,7 @@ profile gsd-rfkill @{exec_path} flags=(attach_disconnected) { @{run}/udev/data/c10:[0-9]* r, # for non-serial mice, misc features - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, /dev/rfkill rw, diff --git a/apparmor.d/groups/gnome/gsd-screensaver-proxy b/apparmor.d/groups/gnome/gsd-screensaver-proxy index 60638f8e..c94dc467 100644 --- a/apparmor.d/groups/gnome/gsd-screensaver-proxy +++ b/apparmor.d/groups/gnome/gsd-screensaver-proxy @@ -56,7 +56,7 @@ profile gsd-screensaver-proxy @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/gnome/gsd-sharing b/apparmor.d/groups/gnome/gsd-sharing index 9e370f5f..68daa16d 100644 --- a/apparmor.d/groups/gnome/gsd-sharing +++ b/apparmor.d/groups/gnome/gsd-sharing @@ -112,7 +112,7 @@ profile gsd-sharing @{exec_path} flags=(attach_disconnected) { /var/lib/gdm{3,}/.config/dconf/user r, /var/lib/gdm{3,}/greeter-dconf-defaults r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/gnome/gsd-smartcard b/apparmor.d/groups/gnome/gsd-smartcard index 86aae062..86862656 100644 --- a/apparmor.d/groups/gnome/gsd-smartcard +++ b/apparmor.d/groups/gnome/gsd-smartcard @@ -76,7 +76,7 @@ profile gsd-smartcard @{exec_path} flags=(attach_disconnected) { /var/tmp/ r, /tmp/ r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/gnome/gsd-sound b/apparmor.d/groups/gnome/gsd-sound index e20a34bc..69280869 100644 --- a/apparmor.d/groups/gnome/gsd-sound +++ b/apparmor.d/groups/gnome/gsd-sound @@ -72,7 +72,7 @@ profile gsd-sound @{exec_path} flags=(attach_disconnected) { owner @{user_share_dirs}/sounds/ rw, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/gnome/gsd-wacom b/apparmor.d/groups/gnome/gsd-wacom index b7926549..8049df0b 100644 --- a/apparmor.d/groups/gnome/gsd-wacom +++ b/apparmor.d/groups/gnome/gsd-wacom @@ -112,7 +112,7 @@ profile gsd-wacom @{exec_path} flags=(attach_disconnected) { /var/lib/gdm{3,}/.config/dconf/user r, /var/lib/gdm{3,}/greeter-dconf-defaults r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/gnome/gsd-xsettings b/apparmor.d/groups/gnome/gsd-xsettings index 64288cf3..76db087c 100644 --- a/apparmor.d/groups/gnome/gsd-xsettings +++ b/apparmor.d/groups/gnome/gsd-xsettings @@ -149,7 +149,7 @@ profile gsd-xsettings @{exec_path} { owner @{PROC}/@{pid}/fd/ r, /dev/tty rw, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, profile run-parts { include diff --git a/apparmor.d/groups/gnome/nautilus b/apparmor.d/groups/gnome/nautilus index 99fdee5b..5eab496a 100644 --- a/apparmor.d/groups/gnome/nautilus +++ b/apparmor.d/groups/gnome/nautilus @@ -50,7 +50,7 @@ profile nautilus @{exec_path} flags=(attach_disconnected) { @{lib}/gio-launch-desktop rPx -> child-open, /usr/share/*ubuntu/applications/{,**} r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/libdrm/*.ids r, /usr/share/nautilus/{,**} r, /usr/share/poppler/{,**} r, @@ -85,12 +85,12 @@ profile nautilus @{exec_path} flags=(attach_disconnected) { @{run}/mount/utab r, - @{sys}/devices/**/hwmon[0-9]*/{,name,temp*,fan*} r, - @{sys}/devices/**/hwmon[0-9]*/**/{,name,temp*,fan*} r, + @{sys}/devices/**/hwmon@{int}/{,name,temp*,fan*} r, + @{sys}/devices/**/hwmon@{int}/**/{,name,temp*,fan*} r, @{sys}/devices/**/hwmon/{,name,temp*,fan*} r, @{sys}/devices/**/hwmon/**/{,name,temp*,fan*} r, @{sys}/devices/pci[0-9]*/**/revision r, - @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/scaling_cur_freq r, + @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_cur_freq r, @{PROC}/@{pids}/net/wireless r, @{PROC}/sys/dev/i915/perf_stream_paranoid r, @@ -98,7 +98,7 @@ profile nautilus @{exec_path} flags=(attach_disconnected) { owner @{PROC}/@{pid}/mountinfo r, /dev/tty rw, - /dev/dri/card[0-9]* rw, + /dev/dri/card@{int} rw, include if exists } diff --git a/apparmor.d/groups/gnome/tracker-extract b/apparmor.d/groups/gnome/tracker-extract index d79baf9f..f30b1e3f 100644 --- a/apparmor.d/groups/gnome/tracker-extract +++ b/apparmor.d/groups/gnome/tracker-extract @@ -119,13 +119,13 @@ profile tracker-extract @{exec_path} flags=(attach_disconnected) { owner @{PROC}/@{pid}/mountinfo r, owner @{PROC}/@{pid}/task/@{tid}/comm rw, - /dev/dri/card[0-9]* rw, + /dev/dri/card@{int} rw, /dev/dri/renderD128 rw, - /dev/media[0-9]* r, - /dev/video[0-9]* rw, + /dev/media@{int} r, + /dev/video@{int} rw, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/gnome/tracker-miner b/apparmor.d/groups/gnome/tracker-miner index ece36469..7b216d01 100644 --- a/apparmor.d/groups/gnome/tracker-miner +++ b/apparmor.d/groups/gnome/tracker-miner @@ -110,7 +110,7 @@ profile tracker-miner @{exec_path} flags=(attach_disconnected) { owner @{PROC}/@{pid}/mounts r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/gpg/gpg-agent b/apparmor.d/groups/gpg/gpg-agent index b53735e8..1cd3091c 100644 --- a/apparmor.d/groups/gpg/gpg-agent +++ b/apparmor.d/groups/gpg/gpg-agent @@ -87,7 +87,7 @@ profile gpg-agent @{exec_path} { deny @{bin}/.gnupg/ w, # file inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/grub/grub-mkrelpath b/apparmor.d/groups/grub/grub-mkrelpath index a8f477fb..f6b9682f 100644 --- a/apparmor.d/groups/grub/grub-mkrelpath +++ b/apparmor.d/groups/grub/grub-mkrelpath @@ -23,8 +23,8 @@ profile grub-mkrelpath @{exec_path} { /boot/grub/themes/{,**} r, - /tmp/grub-btrfs.*/@snapshots/[0-9]*/snapshot/boot/ r, - /tmp/grub-btrfs.*/@/.snapshots/[0-9]*/snapshot/boot/ r, + /tmp/grub-btrfs.*/@snapshots/@{int}/snapshot/boot/ r, + /tmp/grub-btrfs.*/@/.snapshots/@{int}/snapshot/boot/ r, /tmp/grub-btrfs.*/@_backup_[0-9]*/boot/ r, /tmp/grub-btrfs.*/ r, diff --git a/apparmor.d/groups/grub/grub-probe b/apparmor.d/groups/grub/grub-probe index df234d1f..6e160f1f 100644 --- a/apparmor.d/groups/grub/grub-probe +++ b/apparmor.d/groups/grub/grub-probe @@ -34,7 +34,7 @@ profile grub-probe @{exec_path} { /dev/*vg*/ r, /dev/bsg/ r, /dev/cpu/ r, - /dev/cpu/[0-9]*/ r, + /dev/cpu/@{int}/ r, /dev/dri/ r, /dev/dri/by-path/ r, /dev/hugepages/ r, diff --git a/apparmor.d/groups/grub/update-grub b/apparmor.d/groups/grub/update-grub index 9d03e262..c3db281b 100644 --- a/apparmor.d/groups/grub/update-grub +++ b/apparmor.d/groups/grub/update-grub @@ -15,7 +15,7 @@ profile update-grub @{exec_path} { @{bin}/{,ba,da}sh rix, @{bin}/grub-mkconfig rPx, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor b/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor index 6305a5b4..5f22ae84 100644 --- a/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor @@ -88,12 +88,12 @@ profile gvfs-udisks2-volume-monitor @{exec_path} flags=(attach_disconnected) { @{PROC}/locks r, owner @{PROC}/@{pid}/cgroup r, owner @{PROC}/@{pid}/fd/ r, - owner @{PROC}/@{pid}/fdinfo/[0-9]* r, + owner @{PROC}/@{pid}/fdinfo/@{int} r, owner @{PROC}/@{pid}/mountinfo r, owner @{PROC}/@{pid}/mounts r, - /dev/dri/card[0-9]* r, - /dev/input/event[0-9]* r, + /dev/dri/card@{int} r, + /dev/input/event@{int} r, include if exists } diff --git a/apparmor.d/groups/kde/baloo b/apparmor.d/groups/kde/baloo index 284a26bf..b5ee52cb 100644 --- a/apparmor.d/groups/kde/baloo +++ b/apparmor.d/groups/kde/baloo @@ -25,7 +25,7 @@ profile baloo @{exec_path} { @{lib}/baloo_file_extractor rix, /usr/share/hwdata/pnp.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/poppler/{,**} r, /etc/fstab r, diff --git a/apparmor.d/groups/kde/drkonqi b/apparmor.d/groups/kde/drkonqi index 6cb02196..d5cd6e19 100644 --- a/apparmor.d/groups/kde/drkonqi +++ b/apparmor.d/groups/kde/drkonqi @@ -20,7 +20,7 @@ profile drkonqi @{exec_path} { @{exec_path} mr, /usr/share/drkonqi/{,**} r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, @{run}/user/@{uid}/xauth_@{rand6} rl, diff --git a/apparmor.d/groups/kde/gmenudbusmenuproxy b/apparmor.d/groups/kde/gmenudbusmenuproxy index 659642fb..ba0df0b6 100644 --- a/apparmor.d/groups/kde/gmenudbusmenuproxy +++ b/apparmor.d/groups/kde/gmenudbusmenuproxy @@ -18,7 +18,7 @@ profile gmenudbusmenuproxy @{exec_path} { @{exec_path} mr, /usr/share/hwdata/*.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /etc/machine-id r, diff --git a/apparmor.d/groups/kde/kaccess b/apparmor.d/groups/kde/kaccess index 2a48abec..88546bc4 100644 --- a/apparmor.d/groups/kde/kaccess +++ b/apparmor.d/groups/kde/kaccess @@ -21,7 +21,7 @@ profile kaccess @{exec_path} { /usr/share/hwdata/pnp.ids r, /usr/share/icons/{,**} r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/mime/{,**} r, /etc/xdg/kdeglobals r, diff --git a/apparmor.d/groups/kde/kactivitymanagerd b/apparmor.d/groups/kde/kactivitymanagerd index bf037b1b..4a598e85 100644 --- a/apparmor.d/groups/kde/kactivitymanagerd +++ b/apparmor.d/groups/kde/kactivitymanagerd @@ -17,7 +17,7 @@ profile kactivitymanagerd @{exec_path} { @{exec_path} mr, /usr/share/hwdata/*.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /etc/xdg/kdeglobals r, /etc/machine-id r, diff --git a/apparmor.d/groups/kde/kalendarac b/apparmor.d/groups/kde/kalendarac index 4801e75b..247b745f 100644 --- a/apparmor.d/groups/kde/kalendarac +++ b/apparmor.d/groups/kde/kalendarac @@ -25,7 +25,7 @@ profile kalendarac @{exec_path} { /usr/share/akonadi/firstrun/{,*} r, /usr/share/akonadi/plugins/serializer/{,*.desktop} r, /usr/share/hwdata/*.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /etc/machine-id r, /etc/xdg/kdeglobals r, diff --git a/apparmor.d/groups/kde/kauth-backlighthelper b/apparmor.d/groups/kde/kauth-backlighthelper index 1ee4df22..79aac9c4 100644 --- a/apparmor.d/groups/kde/kauth-backlighthelper +++ b/apparmor.d/groups/kde/kauth-backlighthelper @@ -16,7 +16,7 @@ profile kauth-backlighthelper @{exec_path} { @{exec_path} mr, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, @{sys}/class/backlight/ r, @{sys}/class/leds/ r, diff --git a/apparmor.d/groups/kde/kauth-chargethresholdhelper b/apparmor.d/groups/kde/kauth-chargethresholdhelper index 3f90323b..8e44d44f 100644 --- a/apparmor.d/groups/kde/kauth-chargethresholdhelper +++ b/apparmor.d/groups/kde/kauth-chargethresholdhelper @@ -13,7 +13,7 @@ profile kauth-chargethresholdhelper @{exec_path} { @{exec_path} mr, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, @{sys}/class/power_supply/ r, diff --git a/apparmor.d/groups/kde/kauth-discretegpuhelper b/apparmor.d/groups/kde/kauth-discretegpuhelper index 5999f995..34922e6f 100644 --- a/apparmor.d/groups/kde/kauth-discretegpuhelper +++ b/apparmor.d/groups/kde/kauth-discretegpuhelper @@ -13,7 +13,7 @@ profile kauth-discretegpuhelper @{exec_path} { @{exec_path} mr, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, include if exists } \ No newline at end of file diff --git a/apparmor.d/groups/kde/kauth-fontinst b/apparmor.d/groups/kde/kauth-fontinst index bc0fb1d0..82840b4f 100644 --- a/apparmor.d/groups/kde/kauth-fontinst +++ b/apparmor.d/groups/kde/kauth-fontinst @@ -13,7 +13,7 @@ profile kauth-fontinst @{exec_path} { @{exec_path} mr, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, include if exists } \ No newline at end of file diff --git a/apparmor.d/groups/kde/kauth-kded-smart-helper b/apparmor.d/groups/kde/kauth-kded-smart-helper index 360c2b7d..8ac550b2 100644 --- a/apparmor.d/groups/kde/kauth-kded-smart-helper +++ b/apparmor.d/groups/kde/kauth-kded-smart-helper @@ -15,7 +15,7 @@ profile kauth-kded-smart-helper @{exec_path} { @{bin}/smartctl rPx, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, include if exists } \ No newline at end of file diff --git a/apparmor.d/groups/kde/kcminit b/apparmor.d/groups/kde/kcminit index 0a49483e..4a44ec24 100644 --- a/apparmor.d/groups/kde/kcminit +++ b/apparmor.d/groups/kde/kcminit @@ -18,7 +18,7 @@ profile kcminit @{exec_path} { @{bin}/xrdb rPx, @{bin}/xsetroot rPx, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/hwdata/pnp.ids r, /etc/machine-id r, diff --git a/apparmor.d/groups/kde/kconf_update b/apparmor.d/groups/kde/kconf_update index 70d8a94f..7ffde8d1 100644 --- a/apparmor.d/groups/kde/kconf_update +++ b/apparmor.d/groups/kde/kconf_update @@ -29,7 +29,7 @@ profile kconf_update @{exec_path} { /usr/share/kconf_update/konsole_add_hamburgermenu_to_toolbar.sh rix, /usr/share/kconf_update/{,**} r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /etc/machine-id r, /etc/xdg/kdeglobals r, @@ -49,13 +49,13 @@ profile kconf_update @{exec_path} { owner @{user_config_dirs}/kmixrc r, owner @{user_config_dirs}/kscreenlockerrc r, owner @{user_config_dirs}/ksmserverrc r, - owner @{user_config_dirs}/kwinrc.?????? rwl -> @{user_config_dirs}/#[0-9]*, + owner @{user_config_dirs}/kwinrc.@{rand6} rwl -> @{user_config_dirs}/#@{int}, owner @{user_config_dirs}/kwinrc.lock rwk, owner @{user_config_dirs}/kwinrulesrc rw, - owner @{user_config_dirs}/kwinrulesrc.?????? rwl -> @{user_config_dirs}/#[0-9]*, + owner @{user_config_dirs}/kwinrulesrc.@{rand6} rwl -> @{user_config_dirs}/#@{int}, owner @{user_config_dirs}/kwinrulesrc.lock rwk, owner @{user_config_dirs}/kxkbrc rw, - owner @{user_config_dirs}/kxkbrc.?????? rwl -> @{user_config_dirs}/#[0-9]*, + owner @{user_config_dirs}/kxkbrc.@{rand6} rwl -> @{user_config_dirs}/#@{int}, owner @{user_config_dirs}/kxkbrc.lock rwk, owner @{user_config_dirs}/plasmashellrc r, diff --git a/apparmor.d/groups/kde/kde-powerdevil b/apparmor.d/groups/kde/kde-powerdevil index d3533f5d..d8c5e244 100644 --- a/apparmor.d/groups/kde/kde-powerdevil +++ b/apparmor.d/groups/kde/kde-powerdevil @@ -21,7 +21,7 @@ profile kde-powerdevil @{exec_path} flags=(attach_disconnected mediate_deleted) @{lib}/drkonqi rPx, /usr/share/hwdata/*.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /etc/fstab r, /etc/xdg/kdeglobals r, @@ -32,11 +32,11 @@ profile kde-powerdevil @{exec_path} flags=(attach_disconnected mediate_deleted) owner @{user_config_dirs}/#@{int} rw, owner @{user_config_dirs}/kdedefaults/kdeglobals r, owner @{user_config_dirs}/kdeglobals r, - owner @{user_config_dirs}/powerdevilrc rwl -> @{user_config_dirs}/#[0-9]*, + owner @{user_config_dirs}/powerdevilrc rwl -> @{user_config_dirs}/#@{int}, owner @{user_config_dirs}/powerdevilrc rwl, owner @{user_config_dirs}/powerdevilrc.lock rwk, owner @{user_config_dirs}/powermanagementprofilesrc r, - owner @{user_config_dirs}/powermanagementprofilesrc rwl -> @{user_config_dirs}/#[0-9]*, + owner @{user_config_dirs}/powermanagementprofilesrc rwl -> @{user_config_dirs}/#@{int}, owner @{user_config_dirs}/powermanagementprofilesrc.lock rwk, @{run}/systemd/inhibit/*.ref rw, @@ -49,7 +49,7 @@ profile kde-powerdevil @{exec_path} flags=(attach_disconnected mediate_deleted) @{sys}/class/ r, @{sys}/class/drm/ r, @{sys}/bus/ r, - @{sys}/devices/pci[0-9]*/[0-9]*/drm/card[0-9]*/*/status r, + @{sys}/devices/pci[0-9]*/@{int}/drm/card@{int}/*/status r, /dev/tty rw, /dev/rfkill r, diff --git a/apparmor.d/groups/kde/kded5 b/apparmor.d/groups/kde/kded5 index 10f43628..fd778286 100644 --- a/apparmor.d/groups/kde/kded5 +++ b/apparmor.d/groups/kde/kded5 @@ -48,7 +48,7 @@ profile kded5 @{exec_path} { @{lib}/utempter/utempter rPx, /usr/share/hwdata/*.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/kconf_update/ r, /usr/share/kded5/{,**} r, /usr/share/kf5/kcookiejar/* r, @@ -101,7 +101,7 @@ profile kded5 @{exec_path} { owner @{user_share_dirs}/icc/{,edid-*} r, owner @{user_share_dirs}/kcookiejar/#*[0-9] rw, owner @{user_share_dirs}/kcookiejar/cookies rw, - owner @{user_share_dirs}/kcookiejar/cookies.?????? rwlk, + owner @{user_share_dirs}/kcookiejar/cookies.@{rand6} rwlk, owner @{user_share_dirs}/kded5/{,**} rw, owner @{user_share_dirs}/kscreen/{,**} rwl, owner @{user_share_dirs}/ktp/cache.db rwk, @@ -116,7 +116,7 @@ profile kded5 @{exec_path} { @{PROC}/@{pids}/cmdline/ r, @{PROC}/@{pids}/fd/ r, - @{PROC}/@{pids}/fd/info/[0-9]* r, + @{PROC}/@{pids}/fd/info/@{int} r, @{PROC}/sys/fs/inotify/max_user_{instances,watches} r, @{PROC}/sys/kernel/core_pattern r, @{PROC}/sys/kernel/random/boot_id r, @@ -135,7 +135,7 @@ profile kded5 @{exec_path} { @{bin}/pgrep mr, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, + @{sys}/devices/system/node/node@{int}/meminfo r, @{PROC}/ r, @{PROC}/@{pids}/cgroup r, diff --git a/apparmor.d/groups/kde/kglobalaccel5 b/apparmor.d/groups/kde/kglobalaccel5 index 323d252d..1c3cd27c 100644 --- a/apparmor.d/groups/kde/kglobalaccel5 +++ b/apparmor.d/groups/kde/kglobalaccel5 @@ -16,7 +16,7 @@ profile kglobalaccel5 @{exec_path} { @{exec_path} mr, /usr/share/hwdata/*.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/kglobalaccel/{,**} r, /usr/share/mime/{,**} r, diff --git a/apparmor.d/groups/kde/kio_http_cache_cleaner b/apparmor.d/groups/kde/kio_http_cache_cleaner index 20e24fa8..588ff09a 100644 --- a/apparmor.d/groups/kde/kio_http_cache_cleaner +++ b/apparmor.d/groups/kde/kio_http_cache_cleaner @@ -12,7 +12,7 @@ profile kio_http_cache_cleaner @{exec_path} { @{exec_path} mr, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/qt{5,}/translations/*.qm r, owner @{user_cache_dirs}/kio_http/* rw, diff --git a/apparmor.d/groups/kde/kioslave5 b/apparmor.d/groups/kde/kioslave5 index 557b4c2d..3642bb24 100644 --- a/apparmor.d/groups/kde/kioslave5 +++ b/apparmor.d/groups/kde/kioslave5 @@ -36,7 +36,7 @@ profile kioslave5 @{exec_path} { @{lib}/kf5/kio_http_cache_cleaner rPx, /usr/share/hwdata/*.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/kservices5/{,**} r, /usr/share/kservicetypes5/*.desktop r, diff --git a/apparmor.d/groups/kde/kreadconfig b/apparmor.d/groups/kde/kreadconfig index 2122dad6..37b0c662 100644 --- a/apparmor.d/groups/kde/kreadconfig +++ b/apparmor.d/groups/kde/kreadconfig @@ -14,7 +14,7 @@ profile kreadconfig @{exec_path} { @{exec_path} mr, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /etc/xdg/kdeglobals r, /etc/xdg/kioslaverc r, diff --git a/apparmor.d/groups/kde/kscreen_backend_launcher b/apparmor.d/groups/kde/kscreen_backend_launcher index 6619ee91..55ed9eeb 100644 --- a/apparmor.d/groups/kde/kscreen_backend_launcher +++ b/apparmor.d/groups/kde/kscreen_backend_launcher @@ -15,7 +15,7 @@ profile kscreen_backend_launcher @{exec_path} { @{exec_path} mr, /usr/share/hwdata/*.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /dev/tty r, diff --git a/apparmor.d/groups/kde/kscreenlocker-greet b/apparmor.d/groups/kde/kscreenlocker-greet index 21907394..5422d98f 100644 --- a/apparmor.d/groups/kde/kscreenlocker-greet +++ b/apparmor.d/groups/kde/kscreenlocker-greet @@ -37,7 +37,7 @@ profile kscreenlocker-greet @{exec_path} { @{lib}/@{multiarch}/libexec/kcheckpass rPx, /usr/share/hwdata/pnp.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/plasma/** r, /usr/share/qt/translations/*.qm r, /usr/share/qt5ct/** r, @@ -93,7 +93,7 @@ profile kscreenlocker-greet @{exec_path} { @{run}/faillock/[a-zA-z0-9]* rwk, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, + @{sys}/devices/system/node/node@{int}/meminfo r, @{PROC}/@{pid}/cmdline r, @{PROC}/@{pid}/loginuid r, diff --git a/apparmor.d/groups/kde/ksmserver b/apparmor.d/groups/kde/ksmserver index dc3e4517..0e0b8809 100644 --- a/apparmor.d/groups/kde/ksmserver +++ b/apparmor.d/groups/kde/ksmserver @@ -32,7 +32,7 @@ profile ksmserver @{exec_path} flags=(attach_disconnected,mediate_deleted) { /usr/share/color-schemes/{,**} r, /usr/share/hwdata/pnp.ids r, /usr/share/icons/{,**} r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/knotifications5/*.notifyrc r, /usr/share/kservices5/{,**} r, /usr/share/mime/{,**} r, diff --git a/apparmor.d/groups/kde/kwalletd5 b/apparmor.d/groups/kde/kwalletd5 index f91fec79..aa156671 100644 --- a/apparmor.d/groups/kde/kwalletd5 +++ b/apparmor.d/groups/kde/kwalletd5 @@ -33,7 +33,7 @@ profile kwalletd5 @{exec_path} { /usr/share/color-schemes/{,**} r, /usr/share/hwdata/pnp.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/qt/translations/*.qm r, /usr/share/qt5/qtlogging.ini r, /usr/share/qt5ct/** r, diff --git a/apparmor.d/groups/kde/kwin_x11 b/apparmor.d/groups/kde/kwin_x11 index f5664c40..34c2a4fc 100644 --- a/apparmor.d/groups/kde/kwin_x11 +++ b/apparmor.d/groups/kde/kwin_x11 @@ -32,7 +32,7 @@ profile kwin_x11 @{exec_path} { @{lib}/drkonqi rPx, /usr/share/hwdata/pnp.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/kwin/{,**} r, /usr/share/plasma/desktoptheme/{,**} r, /usr/share/X11/xkb/{,**} r, @@ -75,7 +75,7 @@ profile kwin_x11 @{exec_path} { owner @{run}/user/@{uid}/xauth_@{rand6} rl, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, + @{sys}/devices/system/node/node@{int}/meminfo r, @{PROC}/sys/kernel/core_pattern r, diff --git a/apparmor.d/groups/kde/plasma-discover b/apparmor.d/groups/kde/plasma-discover index 725ca177..df373319 100644 --- a/apparmor.d/groups/kde/plasma-discover +++ b/apparmor.d/groups/kde/plasma-discover @@ -80,8 +80,8 @@ profile plasma-discover @{exec_path} { owner @{user_share_dirs}/knewstuff3/ r, owner @{user_share_dirs}/knewstuff3/ w, - owner @{run}/user/@{uid}/#[0-9]* rw, - owner @{run}/user/@{uid}/discover??????.* rwl -> @{run}/user/@{uid}/#[0-9]*, + owner @{run}/user/@{uid}/#@{int} rw, + owner @{run}/user/@{uid}/discover@{rand6}.* rwl -> @{run}/user/@{uid}/#@{int}, @{PROC}/sys/kernel/core_pattern r, @{PROC}/sys/kernel/random/boot_id r, diff --git a/apparmor.d/groups/kde/plasmashell b/apparmor.d/groups/kde/plasmashell index 09ba4eb4..5537ca65 100644 --- a/apparmor.d/groups/kde/plasmashell +++ b/apparmor.d/groups/kde/plasmashell @@ -53,7 +53,7 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) { /usr/share/akonadi/plugins/serializer/{,*.desktop} r, /usr/share/desktop-directories/kf5-*.directory r, /usr/share/hwdata/*.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/knotifications5/*.notifyrc r, /usr/share/konsole/ r, /usr/share/krunner/{,**} r, @@ -111,7 +111,7 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) { owner @{user_config_dirs}/eventviewsrc r, owner @{user_config_dirs}/kactivitymanagerd-statsrc r, owner @{user_config_dirs}/{KDE,kde.org}/ rw, - owner @{user_config_dirs}/{KDE,kde.org}/** rwkl -> @{user_config_dirs}/{KDE,kde.org}/#[0-9]*, + owner @{user_config_dirs}/{KDE,kde.org}/** rwkl -> @{user_config_dirs}/{KDE,kde.org}/#@{int}, owner @{user_config_dirs}/kdedefaults/kdeglobals r, owner @{user_config_dirs}/kdedefaults/kwinrc r, owner @{user_config_dirs}/kdedefaults/plasmarc r, @@ -156,7 +156,7 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) { @{sys}/class/ r, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, + @{sys}/devices/system/node/node@{int}/meminfo r, @{PROC}/ r, @{PROC}/sys/kernel/core_pattern r, diff --git a/apparmor.d/groups/kde/sddm b/apparmor.d/groups/kde/sddm index 7429b2fb..6904bdae 100644 --- a/apparmor.d/groups/kde/sddm +++ b/apparmor.d/groups/kde/sddm @@ -79,7 +79,7 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) { /usr/share/sddm/scripts/Xstop rix, /usr/share/desktop-base/softwaves-theme/login/*.svg r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/plasma/desktoptheme/** r, /usr/share/sddm/faces/.*.icon r, /usr/share/sddm/themes/** r, @@ -146,7 +146,7 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) { owner @{PROC}/@{pid}/uid_map r, owner @{PROC}/1/limits r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, /dev/tty rw, profile xauth { diff --git a/apparmor.d/groups/kde/sddm-greeter b/apparmor.d/groups/kde/sddm-greeter index f0422f50..f6e3169f 100644 --- a/apparmor.d/groups/kde/sddm-greeter +++ b/apparmor.d/groups/kde/sddm-greeter @@ -29,7 +29,7 @@ profile sddm-greeter @{exec_path} { /usr/share/desktop-base/softwaves-theme/login/*.svg r, /usr/share/hwdata/pnp.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/plasma/desktoptheme/** r, /usr/share/qt5ct/** r, /usr/share/sddm/{,**} r, diff --git a/apparmor.d/groups/kde/startplasma b/apparmor.d/groups/kde/startplasma index cbdf2d68..0b86cf23 100644 --- a/apparmor.d/groups/kde/startplasma +++ b/apparmor.d/groups/kde/startplasma @@ -22,7 +22,7 @@ profile startplasma @{exec_path} { /usr/share/color-schemes/{,**} r, /usr/share/desktop-directories/{,**} r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/knotifications5/{,**} r, /usr/share/kservices5/{,**} r, /usr/share/kservicetypes5/{,**} r, diff --git a/apparmor.d/groups/kde/xdm-xsession b/apparmor.d/groups/kde/xdm-xsession index 37d04784..3c3c4d94 100644 --- a/apparmor.d/groups/kde/xdm-xsession +++ b/apparmor.d/groups/kde/xdm-xsession @@ -91,7 +91,7 @@ profile xdm-xsession @{exec_path} { owner @{PROC}/@{pid}/fd/ r, /dev/tty rw, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile dbus { include diff --git a/apparmor.d/groups/kde/xembedsniproxy b/apparmor.d/groups/kde/xembedsniproxy index 3254991b..69395c6e 100644 --- a/apparmor.d/groups/kde/xembedsniproxy +++ b/apparmor.d/groups/kde/xembedsniproxy @@ -16,7 +16,7 @@ profile xembedsniproxy @{exec_path} { @{exec_path} mr, /usr/share/hwdata/*.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, owner /tmp/xauth_@{rand6} r, diff --git a/apparmor.d/groups/pacman/pacman b/apparmor.d/groups/pacman/pacman index c29ec7b7..df7209e4 100644 --- a/apparmor.d/groups/pacman/pacman +++ b/apparmor.d/groups/pacman/pacman @@ -157,8 +157,8 @@ profile pacman @{exec_path} { @{run}/utmp rk, - /dev/tty[0-9]* rw, - owner /dev/pts/[0-9]* rw, + /dev/tty@{int} rw, + owner /dev/pts/@{int} rw, # Silencer, deny /tmp/ r, @@ -184,8 +184,8 @@ profile pacman @{exec_path} { deny @{user_share_dirs}/sddm/* rw, - /dev/tty[0-9]* rw, - owner /dev/pts/[0-9]* rw, + /dev/tty@{int} rw, + owner /dev/pts/@{int} rw, deny network inet stream, deny network inet6 stream, diff --git a/apparmor.d/groups/pacman/pacman-conf b/apparmor.d/groups/pacman/pacman-conf index 66525583..94279790 100644 --- a/apparmor.d/groups/pacman/pacman-conf +++ b/apparmor.d/groups/pacman/pacman-conf @@ -17,7 +17,7 @@ profile pacman-conf @{exec_path} flags=(attach_disconnected) { /etc/pacman.d/mirrorlist r, /etc/pacman.d/*-mirrorlist r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, # Inherit Silencer deny network inet6 stream, diff --git a/apparmor.d/groups/pacman/pacman-hook-depmod b/apparmor.d/groups/pacman/pacman-hook-depmod index 88dd23e9..81ab5f62 100644 --- a/apparmor.d/groups/pacman/pacman-hook-depmod +++ b/apparmor.d/groups/pacman/pacman-hook-depmod @@ -24,8 +24,8 @@ profile pacman-hook-depmod @{exec_path} { /usr/lib/modules/*/{,**} rw, /dev/tty rw, - /dev/tty[0-9]* rw, - owner /dev/pts/[0-9]* rw, + /dev/tty@{int} rw, + owner /dev/pts/@{int} rw, # Inherit Silencer deny network inet6 stream, diff --git a/apparmor.d/groups/pacman/pacman-hook-gtk b/apparmor.d/groups/pacman/pacman-hook-gtk index 9d7eeeec..78d4663e 100644 --- a/apparmor.d/groups/pacman/pacman-hook-gtk +++ b/apparmor.d/groups/pacman/pacman-hook-gtk @@ -24,8 +24,8 @@ profile pacman-hook-gtk @{exec_path} { /usr/share/icons/{,**} rw, /dev/tty rw, - /dev/tty[0-9]* rw, - owner /dev/pts/[0-9]* rw, + /dev/tty@{int} rw, + owner /dev/pts/@{int} rw, # Inherit Silencer deny network inet6 stream, diff --git a/apparmor.d/groups/pacman/pacman-hook-perl b/apparmor.d/groups/pacman/pacman-hook-perl index 22030588..a1663cc2 100644 --- a/apparmor.d/groups/pacman/pacman-hook-perl +++ b/apparmor.d/groups/pacman/pacman-hook-perl @@ -24,8 +24,8 @@ profile pacman-hook-perl @{exec_path} { @{lib}/perl[0-9]*/{,**} r, /dev/tty rw, - /dev/tty[0-9]* rw, - owner /dev/pts/[0-9]* rw, + /dev/tty@{int} rw, + owner /dev/pts/@{int} rw, # Inherit silencer deny network inet6 stream, diff --git a/apparmor.d/groups/pacman/pacman-hook-systemd b/apparmor.d/groups/pacman/pacman-hook-systemd index 3b56bdf0..62be6128 100644 --- a/apparmor.d/groups/pacman/pacman-hook-systemd +++ b/apparmor.d/groups/pacman/pacman-hook-systemd @@ -31,8 +31,8 @@ profile pacman-hook-systemd @{exec_path} { /usr/ rw, /dev/tty rw, - /dev/tty[0-9]* rw, - owner /dev/pts/[0-9]* rw, + /dev/tty@{int} rw, + owner /dev/pts/@{int} rw, # Inherit silencer deny network inet6 stream, diff --git a/apparmor.d/groups/pacman/reflector b/apparmor.d/groups/pacman/reflector index 5e658e31..8f6f2da2 100644 --- a/apparmor.d/groups/pacman/reflector +++ b/apparmor.d/groups/pacman/reflector @@ -37,8 +37,8 @@ profile reflector @{exec_path} flags=(attach_disconnected) { @{PROC}/cmdline r, @{PROC}/sys/kernel/osrelease r, - /dev/tty[0-9]* rw, - owner /dev/pts/[0-9]* rw, + /dev/tty@{int} rw, + owner /dev/pts/@{int} rw, include if exists } diff --git a/apparmor.d/groups/ssh/ssh-agent b/apparmor.d/groups/ssh/ssh-agent index 8fc043ee..dc48cebb 100644 --- a/apparmor.d/groups/ssh/ssh-agent +++ b/apparmor.d/groups/ssh/ssh-agent @@ -39,7 +39,7 @@ profile ssh-agent @{exec_path} { @{run}/user/@{uid}/keyring/.ssh rw, @{run}/user/@{uid}/ssh-agent.[0-9A-Z]* w, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/ssh/ssh-keygen b/apparmor.d/groups/ssh/ssh-keygen index b314d158..5320885c 100644 --- a/apparmor.d/groups/ssh/ssh-keygen +++ b/apparmor.d/groups/ssh/ssh-keygen @@ -22,7 +22,7 @@ profile ssh-keygen @{exec_path} { owner @{HOME}/@{XDG_SSH_DIR}/ w, owner @{HOME}/@{XDG_SSH_DIR}/*_*{,.pub} rw, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, /dev/ttyS[0-9]* rw, include if exists diff --git a/apparmor.d/groups/ssh/sshd b/apparmor.d/groups/ssh/sshd index 29d7fc61..e9809d1c 100644 --- a/apparmor.d/groups/ssh/sshd +++ b/apparmor.d/groups/ssh/sshd @@ -98,7 +98,7 @@ profile sshd @{exec_path} flags=(attach_disconnected) { @{run}/systemd/sessions/*.ref rw, owner @{run}/sshd{,.init}.pid wl, - @{sys}/fs/cgroup/*/user/*/[0-9]*/ rw, + @{sys}/fs/cgroup/*/user/*/@{int}/ rw, @{sys}/fs/cgroup/systemd/user.slice/user-@{uid}.slice/session-*.scope/ rw, @{PROC}/@{pids}/fd/ r, @@ -113,7 +113,7 @@ profile sshd @{exec_path} flags=(attach_disconnected) { owner @{PROC}/@{pid}/uid_map r, /dev/ptmx rw, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, /dev/ttyS[0-9]* rw, include if exists diff --git a/apparmor.d/groups/systemd/coredumpctl b/apparmor.d/groups/systemd/coredumpctl index 0b3f3763..409e170e 100644 --- a/apparmor.d/groups/systemd/coredumpctl +++ b/apparmor.d/groups/systemd/coredumpctl @@ -27,7 +27,7 @@ profile coredumpctl @{exec_path} flags=(complain) { /var/lib/dbus/machine-id r, /etc/machine-id r, - /var/lib/systemd/coredump/core.*.[0-9]*.@{hex}.[0-9]*.[0-9]*.zst r, + /var/lib/systemd/coredump/core.*.@{int}.@{hex}.@{int}.@{int}.zst r, /{run,var}/log/journal/ r, /{run,var}/log/journal/@{md5}/ r, diff --git a/apparmor.d/groups/systemd/networkctl b/apparmor.d/groups/systemd/networkctl index 0e5e3629..afdd1ded 100644 --- a/apparmor.d/groups/systemd/networkctl +++ b/apparmor.d/groups/systemd/networkctl @@ -47,7 +47,7 @@ profile networkctl @{exec_path} flags=(attach_disconnected) { /{run,var}/log/journal/@{md5}/system.journal* r, /{run,var}/log/journal/@{md5}/system@@{hex}.journal* r, - @{run}/systemd/netif/links/[0-9]* r, + @{run}/systemd/netif/links/@{int} r, @{run}/systemd/netif/state r, @{run}/systemd/notify w, diff --git a/apparmor.d/groups/systemd/systemd-backlight b/apparmor.d/groups/systemd/systemd-backlight index 22cbf061..572b5d5c 100644 --- a/apparmor.d/groups/systemd/systemd-backlight +++ b/apparmor.d/groups/systemd/systemd-backlight @@ -27,15 +27,15 @@ profile systemd-backlight @{exec_path} { @{sys}/class/ r, @{sys}/class/backlight/ r, - @{sys}/devices/pci[0-9]*/*:[0-9]*.[0-9]*/**/ r, + @{sys}/devices/pci[0-9]*/*:@{int}.@{int}/**/ r, @{sys}/devices/pci[0-9]*/**/ r, @{sys}/devices/pci[0-9]*/**/backlight/**/{max_brightness,actual_brightness} r, @{sys}/devices/pci[0-9]*/**/backlight/**/{uevent,type} r, @{sys}/devices/pci[0-9]*/**/backlight/**/brightness rw, @{sys}/devices/pci[0-9]*/**/class r, - @{sys}/devices/pci[0-9]*/**/drm/card[0-9]*/**/{max_brightness,actual_brightness} r, - @{sys}/devices/pci[0-9]*/**/drm/card[0-9]*/**/{uevent,type} r, - @{sys}/devices/pci[0-9]*/**/drm/card[0-9]*/**/brightness rw, + @{sys}/devices/pci[0-9]*/**/drm/card@{int}/**/{max_brightness,actual_brightness} r, + @{sys}/devices/pci[0-9]*/**/drm/card@{int}/**/{uevent,type} r, + @{sys}/devices/pci[0-9]*/**/drm/card@{int}/**/brightness rw, @{sys}/devices/pci[0-9]*/**/uevent r, @{sys}/devices/platform/**/leds/*backlight*/brightness rw, diff --git a/apparmor.d/groups/systemd/systemd-coredump b/apparmor.d/groups/systemd/systemd-coredump index c35c2a55..46c5ec72 100644 --- a/apparmor.d/groups/systemd/systemd-coredump +++ b/apparmor.d/groups/systemd/systemd-coredump @@ -41,7 +41,7 @@ profile systemd-coredump @{exec_path} flags=(attach_disconnected,mediate_deleted @{PROC}/@{pids}/comm r, @{PROC}/@{pids}/environ r, @{PROC}/@{pids}/fd/ r, - @{PROC}/@{pids}/fdinfo/[0-9]* r, + @{PROC}/@{pids}/fdinfo/@{int} r, @{PROC}/@{pids}/limits r, @{PROC}/@{pids}/mountinfo r, @{PROC}/@{pids}/ns/ r, diff --git a/apparmor.d/groups/systemd/systemd-environment-d-generator b/apparmor.d/groups/systemd/systemd-environment-d-generator index 8ca83620..fdea976a 100644 --- a/apparmor.d/groups/systemd/systemd-environment-d-generator +++ b/apparmor.d/groups/systemd/systemd-environment-d-generator @@ -22,7 +22,7 @@ profile systemd-environment-d-generator @{exec_path} { @{etc_ro}/environment r, @{etc_ro}/environment.d/{,**} r, - /snap/snapd/[0-9]*/usr/lib/environment.d/{,*.conf} r, + /snap/snapd/@{int}/usr/lib/environment.d/{,*.conf} r, owner @{user_config_dirs}/environment.d/{,*.conf} r, diff --git a/apparmor.d/groups/systemd/systemd-hwdb b/apparmor.d/groups/systemd/systemd-hwdb index 56fc2be7..0bb79f72 100644 --- a/apparmor.d/groups/systemd/systemd-hwdb +++ b/apparmor.d/groups/systemd/systemd-hwdb @@ -15,7 +15,7 @@ profile systemd-hwdb @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, - @{lib}/udev/.#hwdb.bin[0-9a-zA-Z]* wl -> @{lib}/udev/#[0-9]*, + @{lib}/udev/.#hwdb.bin[0-9a-zA-Z]* wl -> @{lib}/udev/#@{int}, @{lib}/udev/hwdb.bin w, /etc/udev/.#hwdb.bind* rw, diff --git a/apparmor.d/groups/systemd/systemd-logind b/apparmor.d/groups/systemd/systemd-logind index d303709d..638d4623 100644 --- a/apparmor.d/groups/systemd/systemd-logind +++ b/apparmor.d/groups/systemd/systemd-logind @@ -108,7 +108,7 @@ profile systemd-logind @{exec_path} flags=(attach_disconnected,complain) { @{run}/systemd/notify rw, @{run}/systemd/seats/ rw, @{run}/systemd/seats/.#seat* rw, - @{run}/systemd/seats/seat[0-9]* rw, + @{run}/systemd/seats/seat@{int} rw, @{run}/systemd/sessions/{,*} rw, @{run}/systemd/sessions/*.ref rw, @{run}/systemd/shutdown/.#scheduled* rw, @@ -142,10 +142,10 @@ profile systemd-logind @{exec_path} flags=(attach_disconnected,complain) { @{PROC}/swaps r, @{PROC}/sysvipc/{shm,sem,msg} r, - /dev/dri/card[0-9]* rw, - /dev/input/event[0-9]* rw, # Input devices (keyboard, mouse, etc) + /dev/dri/card@{int} rw, + /dev/input/event@{int} rw, # Input devices (keyboard, mouse, etc) /dev/mqueue/ r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, owner /dev/shm/{,**/} rw, include if exists diff --git a/apparmor.d/groups/systemd/systemd-networkd-wait-online b/apparmor.d/groups/systemd/systemd-networkd-wait-online index cc73c1d2..2985cd80 100644 --- a/apparmor.d/groups/systemd/systemd-networkd-wait-online +++ b/apparmor.d/groups/systemd/systemd-networkd-wait-online @@ -17,7 +17,7 @@ profile systemd-networkd-wait-online @{exec_path} flags=(complain) { @{exec_path} mr, - @{run}/systemd/netif/links/[0-9]* r, + @{run}/systemd/netif/links/@{int} r, include if exists } diff --git a/apparmor.d/groups/systemd/systemd-sleep-nvidia b/apparmor.d/groups/systemd/systemd-sleep-nvidia index 77cd1d2e..30fe1e2d 100644 --- a/apparmor.d/groups/systemd/systemd-sleep-nvidia +++ b/apparmor.d/groups/systemd/systemd-sleep-nvidia @@ -27,7 +27,7 @@ profile systemd-sleep-nvidia @{exec_path} { @{PROC}/driver/nvidia/suspend w, /dev/tty rw, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } \ No newline at end of file diff --git a/apparmor.d/groups/systemd/systemd-sysusers b/apparmor.d/groups/systemd/systemd-sysusers index 32962c00..65cf6728 100644 --- a/apparmor.d/groups/systemd/systemd-sysusers +++ b/apparmor.d/groups/systemd/systemd-sysusers @@ -40,8 +40,8 @@ profile systemd-sysusers @{exec_path} flags=(attach_disconnected) { /etc/.#{group,gshadow}[0-9a-zA-Z]* rw, /etc/.pwd.lock rwk, - /dev/tty[0-9]* rw, - owner /dev/pts/[0-9]* rw, + /dev/tty@{int} rw, + owner /dev/pts/@{int} rw, # Inherit Silencer diff --git a/apparmor.d/groups/systemd/systemd-tty-ask-password-agent b/apparmor.d/groups/systemd/systemd-tty-ask-password-agent index 94440c8e..b353dbea 100644 --- a/apparmor.d/groups/systemd/systemd-tty-ask-password-agent +++ b/apparmor.d/groups/systemd/systemd-tty-ask-password-agent @@ -24,7 +24,7 @@ profile systemd-tty-ask-password-agent @{exec_path} { @{PROC}/@{pids}/stat r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/systemd/systemd-udevd b/apparmor.d/groups/systemd/systemd-udevd index 66b25bab..c9fe9d1b 100644 --- a/apparmor.d/groups/systemd/systemd-udevd +++ b/apparmor.d/groups/systemd/systemd-udevd @@ -94,7 +94,7 @@ profile systemd-udevd @{exec_path} flags=(attach_disconnected,complain) { @{run}/systemd/network/ r, @{run}/systemd/network/*.link rw, @{run}/systemd/notify rw, - @{run}/systemd/seats/seat[0-9]* r, + @{run}/systemd/seats/seat@{int} r, @{sys}/** rw, diff --git a/apparmor.d/groups/systemd/systemd-vconsole-setup b/apparmor.d/groups/systemd/systemd-vconsole-setup index c8aec27a..7820b560 100644 --- a/apparmor.d/groups/systemd/systemd-vconsole-setup +++ b/apparmor.d/groups/systemd/systemd-vconsole-setup @@ -34,7 +34,7 @@ profile systemd-vconsole-setup @{exec_path} { @{sys}/module/vt/parameters/default_utf8 w, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } \ No newline at end of file diff --git a/apparmor.d/groups/ubuntu/release-upgrade-motd b/apparmor.d/groups/ubuntu/release-upgrade-motd index b8dba571..2ec56884 100644 --- a/apparmor.d/groups/ubuntu/release-upgrade-motd +++ b/apparmor.d/groups/ubuntu/release-upgrade-motd @@ -22,7 +22,7 @@ profile release-upgrade-motd @{exec_path} { /var/lib/ubuntu-release-upgrader/release-upgrade-available rw, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/ubuntu/subiquity-console-conf b/apparmor.d/groups/ubuntu/subiquity-console-conf index 54a056db..11fdc78f 100644 --- a/apparmor.d/groups/ubuntu/subiquity-console-conf +++ b/apparmor.d/groups/ubuntu/subiquity-console-conf @@ -37,7 +37,7 @@ profile subiquity-console-conf @{exec_path} { @{bin}/journalctl rCx -> journalctl, @{bin}/ssh-keygen rPx, @{bin}/sshd rPx, - /{snap/snapd/[0-9]*/,}{usr/,}bin/snap rPx, # TODO: rCx, + /{snap/snapd/@{int}/,}{usr/,}bin/snap rPx, # TODO: rCx, /usr/lib/snapd/snap-recovery-chooser rPUx, /usr/share/netplan/netplan.script rPUx, # TODO: rPx, @@ -92,7 +92,7 @@ profile subiquity-console-conf @{exec_path} { owner @{PROC}/@{pid}/fd/ r, /dev/tty rw, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, /dev/ttyS[0-9]* rw, profile journalctl { diff --git a/apparmor.d/groups/ubuntu/update-motd-fsck-at-reboot b/apparmor.d/groups/ubuntu/update-motd-fsck-at-reboot index 5a866d28..8a210d3f 100644 --- a/apparmor.d/groups/ubuntu/update-motd-fsck-at-reboot +++ b/apparmor.d/groups/ubuntu/update-motd-fsck-at-reboot @@ -27,7 +27,7 @@ profile update-motd-fsck-at-reboot @{exec_path} { @{PROC}/uptime r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, profile mount { include @@ -43,7 +43,7 @@ profile update-motd-fsck-at-reboot @{exec_path} { @{PROC}/@{pid}/mountinfo r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, } diff --git a/apparmor.d/groups/virt/cockpit-bridge b/apparmor.d/groups/virt/cockpit-bridge index fc6dbaf5..c28a667b 100644 --- a/apparmor.d/groups/virt/cockpit-bridge +++ b/apparmor.d/groups/virt/cockpit-bridge @@ -55,8 +55,8 @@ profile cockpit-bridge @{exec_path} { @{run}/user/@{uid}/ssh-agent.[0-9A-Z]* rw, @{run}/utmp r, - @{sys}/devices/**/hwmon[0-9]*/ r, - @{sys}/devices/**/hwmon[0-9]*/{name,temp*} r, + @{sys}/devices/**/hwmon@{int}/ r, + @{sys}/devices/**/hwmon@{int}/{name,temp*} r, @{sys}/fs/cgroup/*.slice/**/memory* r, @{PROC}/ r, diff --git a/apparmor.d/groups/virt/cockpit-pcp b/apparmor.d/groups/virt/cockpit-pcp index 1b11bd6d..d7d3d654 100644 --- a/apparmor.d/groups/virt/cockpit-pcp +++ b/apparmor.d/groups/virt/cockpit-pcp @@ -30,8 +30,8 @@ profile cockpit-pcp @{exec_path} { @{sys}/fs/cgroup/{,**/} r, @{sys}/fs/cgroup/**/{memory,cpu}* r, - @{sys}/devices/platform/**/hwmon/hwmon[0-9]*/temp* r, - @{sys}/devices/platform/**/hwmon/hwmon[0-9]*/fan* r, + @{sys}/devices/platform/**/hwmon/hwmon@{int}/temp* r, + @{sys}/devices/platform/**/hwmon/hwmon@{int}/fan* r, @{PROC}/diskstats r, @{PROC}/swaps r, diff --git a/apparmor.d/groups/virt/containerd b/apparmor.d/groups/virt/containerd index 9f5073c4..e83afcbf 100644 --- a/apparmor.d/groups/virt/containerd +++ b/apparmor.d/groups/virt/containerd @@ -77,7 +77,7 @@ profile containerd @{exec_path} flags=(attach_disconnected) { /var/lib/kubelet/seccomp/{,**} r, /var/lib/security-profiles-operator/{,**} r, - /var/log/pods/**/[0-9]*.log{,*} w, + /var/log/pods/**/@{int}.log{,*} w, @{run}/calico/ w, @{run}/containerd/{,**} rwk, @@ -106,7 +106,7 @@ profile containerd @{exec_path} flags=(attach_disconnected) { /dev/bus/ r, /dev/char/ r, /dev/cpu/ r, - /dev/cpu/[0-9]*/ r, + /dev/cpu/@{int}/ r, /dev/dma_heap/ r, /dev/dri/ r, /dev/dri/by-path/ r, diff --git a/apparmor.d/groups/virt/containerd-shim-runc-v2 b/apparmor.d/groups/virt/containerd-shim-runc-v2 index a38a903d..c9f3ce12 100644 --- a/apparmor.d/groups/virt/containerd-shim-runc-v2 +++ b/apparmor.d/groups/virt/containerd-shim-runc-v2 @@ -36,7 +36,7 @@ profile containerd-shim-runc-v2 @{exec_path} flags=(attach_disconnected) { /tmp/pty[0-9]*/pty.sock rw, @{run}/containerd/{,containerd.sock.ttrpc} rw, - @{run}/containerd/io.containerd.grpc.v1.cri/containers/@{hex}/io/[0-9]*/@{hex}-{stdin,stdout,stderr} rw, + @{run}/containerd/io.containerd.grpc.v1.cri/containers/@{hex}/io/@{int}/@{hex}-{stdin,stdout,stderr} rw, @{run}/containerd/io.containerd.runtime.v2.task/{moby,k8s.io}/@{hex}/{,*} rw, @{run}/containerd/s/{,@{hex}} rw, diff --git a/apparmor.d/groups/virt/k3s b/apparmor.d/groups/virt/k3s index e3e892b4..5abc3e61 100644 --- a/apparmor.d/groups/virt/k3s +++ b/apparmor.d/groups/virt/k3s @@ -85,7 +85,7 @@ profile k3s @{exec_path} flags=(attach_disconnected) { /var/log/kubernetes/audit/** rw, /var/log/pods/{,**} r, /var/log/pods/{,**/} rw, - /var/log/pods/**/[0-9]*.log{,*} rw, + /var/log/pods/**/@{int}.log{,*} rw, owner @{HOME}/.kube/** rw, @@ -136,14 +136,14 @@ profile k3s @{exec_path} flags=(attach_disconnected) { @{sys}/devices/pci[0-9]*/**/net/*/{address,mtu,speed} r, @{sys}/devices/system/edac/mc/ r, - @{sys}/devices/system/cpu/cpu[0-9]*/cache/{,**} r, - @{sys}/devices/system/cpu/cpu[0-9]*/topology/{,**} r, - @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/cpuinfo_max_freq r, + @{sys}/devices/system/cpu/cpu@{int}/cache/{,**} r, + @{sys}/devices/system/cpu/cpu@{int}/topology/{,**} r, + @{sys}/devices/system/cpu/cpufreq/policy@{int}/cpuinfo_max_freq r, @{sys}/devices/system/cpu/present{,/} r, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/ r, - @{sys}/devices/system/node/node[0-9]*/{cpumap,distance,meminfo} r, - @{sys}/devices/system/node/node[0-9]*/hugepages/{,**} r, + @{sys}/devices/system/node/node@{int}/ r, + @{sys}/devices/system/node/node@{int}/{cpumap,distance,meminfo} r, + @{sys}/devices/system/node/node@{int}/hugepages/{,**} r, @{sys}/devices/virtual/block/*/** r, @{sys}/devices/virtual/dmi/id/* r, @@ -169,7 +169,7 @@ profile k3s @{exec_path} flags=(attach_disconnected) { @{sys}/module/apparmor/parameters/enabled r, /dev/kmsg r, - /dev/pts/[0-9]* rw, + /dev/pts/@{int} rw, include if exists } diff --git a/apparmor.d/groups/virt/libvirtd b/apparmor.d/groups/virt/libvirtd index 0fff7b9b..f9830424 100644 --- a/apparmor.d/groups/virt/libvirtd +++ b/apparmor.d/groups/virt/libvirtd @@ -207,20 +207,20 @@ profile libvirtd @{exec_path} flags=(attach_disconnected) { @{sys}/devices/pci[0-9]*/**/resource r, @{sys}/devices/pci[0-9]*/**/sriov_totalvfs r, - @{sys}/devices/system/cpu/cpu[0-9]*/cache/{,**} r, - @{sys}/devices/system/cpu/cpu[0-9]*/topology/{,**} r, + @{sys}/devices/system/cpu/cpu@{int}/cache/{,**} r, + @{sys}/devices/system/cpu/cpu@{int}/topology/{,**} r, @{sys}/devices/system/cpu/present r, @{sys}/devices/system/cpu/present/ r, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/ r, - @{sys}/devices/system/node/node[0-9]*/{cpumap,distance,meminfo} r, - @{sys}/devices/system/node/node[0-9]*/hugepages/{,**} r, + @{sys}/devices/system/node/node@{int}/ r, + @{sys}/devices/system/node/node@{int}/{cpumap,distance,meminfo} r, + @{sys}/devices/system/node/node@{int}/hugepages/{,**} r, @{sys}/devices/virtual/dmi/id/* r, @{sys}/devices/virtual/net/{,**} rw, @{sys}/kernel/debug/kvm/{,**} r, @{sys}/kernel/iommu_groups/ r, - @{sys}/kernel/iommu_groups/[0-9]*/devices/ r, + @{sys}/kernel/iommu_groups/@{int}/devices/ r, @{sys}/kernel/mm/hugepages/{,**} r, @{sys}/kernel/security/apparmor/profiles r, @@ -258,7 +258,7 @@ profile libvirtd @{exec_path} flags=(attach_disconnected) { /dev/mapper/control rw, /dev/net/tun rw, /dev/shm/libvirt/{,**} rw, - /dev/vfio/[0-9]* rwk, + /dev/vfio/@{int} rwk, /dev/vhost-net rw, /dev/ptmx rw, diff --git a/apparmor.d/groups/virt/virtinterfaced b/apparmor.d/groups/virt/virtinterfaced index 1753d2c5..8cfef1ff 100644 --- a/apparmor.d/groups/virt/virtinterfaced +++ b/apparmor.d/groups/virt/virtinterfaced @@ -35,7 +35,7 @@ profile virtinterfaced @{exec_path} flags=(attach_disconnected) { @{sys}/class/net/ r, @{sys}/devices/pci[0-9]*/**/net/{,**} r, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, + @{sys}/devices/system/node/node@{int}/meminfo r, @{sys}/devices/virtual/net/{,**} r, owner @{PROC}/@{pids}/stat r, diff --git a/apparmor.d/groups/virt/virtlogd b/apparmor.d/groups/virt/virtlogd index 4ffb2639..0fbad3b8 100644 --- a/apparmor.d/groups/virt/virtlogd +++ b/apparmor.d/groups/virt/virtlogd @@ -34,7 +34,7 @@ profile virtlogd @{exec_path} flags=(attach_disconnected) { @{run}/virtlogd.pid rwk, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, + @{sys}/devices/system/node/node@{int}/meminfo r, @{PROC}/1/environ r, @{PROC}/cmdline r, diff --git a/apparmor.d/groups/virt/virtnetworkd b/apparmor.d/groups/virt/virtnetworkd index be00b8d6..f0fa601a 100644 --- a/apparmor.d/groups/virt/virtnetworkd +++ b/apparmor.d/groups/virt/virtnetworkd @@ -27,7 +27,7 @@ profile virtnetworkd @{exec_path} flags=(attach_disconnected) { owner @{run}/user/@{uid}/libvirt/virtnetworkd* rwk, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, + @{sys}/devices/system/node/node@{int}/meminfo r, owner @{PROC}/@{pid}/stat r, owner @{PROC}/@{pids}/fd/ r, diff --git a/apparmor.d/groups/virt/virtnodedevd b/apparmor.d/groups/virt/virtnodedevd index 444450ca..4ab1f848 100644 --- a/apparmor.d/groups/virt/virtnodedevd +++ b/apparmor.d/groups/virt/virtnodedevd @@ -52,7 +52,7 @@ profile virtnodedevd @{exec_path} flags=(attach_disconnected) { @{run}/udev/data/c29:[0-9]* r, # For /dev/fb[0-9]* @{run}/udev/data/c90:[0-9]* r, # For RAM, ROM, Flash @{run}/udev/data/c116:[0-9]* r, # For ALSA - @{run}/udev/data/c226:[0-9]* r, # For /dev/dri/card[0-9]* + @{run}/udev/data/c226:[0-9]* r, # For /dev/dri/card@{int} @{run}/udev/data/c23[4-9]:[0-9]* r, # For dynamic assignment range 234 to 254 @{run}/udev/data/c24[0-9]:[0-9]* r, @{run}/udev/data/c25[0-4]:[0-9]* r, @@ -70,11 +70,11 @@ profile virtnodedevd @{exec_path} flags=(attach_disconnected) { @{sys}/devices/pci[0-9]*/**/numa_node r, @{sys}/devices/pci[0-9]*/**/sriov_totalvfs r, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, + @{sys}/devices/system/node/node@{int}/meminfo r, @{sys}/devices/virtual/dmi/id/{product_name,sys_vendor,board_vendor,bios_vendor,bios_date,bios_version,product_version} r, @{sys}/devices/virtual/net/{,**} r, @{sys}/kernel/iommu_groups/ r, - @{sys}/kernel/iommu_groups/[0-9]*/devices/ r, + @{sys}/kernel/iommu_groups/@{int}/devices/ r, owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/stat r, diff --git a/apparmor.d/groups/virt/virtsecretd b/apparmor.d/groups/virt/virtsecretd index 36a96a25..ab02f380 100644 --- a/apparmor.d/groups/virt/virtsecretd +++ b/apparmor.d/groups/virt/virtsecretd @@ -30,7 +30,7 @@ profile virtsecretd @{exec_path} flags=(attach_disconnected) { @{run}/utmp rk, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, + @{sys}/devices/system/node/node@{int}/meminfo r, owner @{PROC}/@{pids}/stat r, diff --git a/apparmor.d/groups/virt/virtstoraged b/apparmor.d/groups/virt/virtstoraged index 427dca0e..366f01e5 100644 --- a/apparmor.d/groups/virt/virtstoraged +++ b/apparmor.d/groups/virt/virtstoraged @@ -38,7 +38,7 @@ profile virtstoraged @{exec_path} flags=(attach_disconnected) { @{run}/utmp rwk, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, + @{sys}/devices/system/node/node@{int}/meminfo r, owner @{PROC}/@{pids}/stat r, owner @{PROC}/@{pids}/fd/ r, diff --git a/apparmor.d/profiles-a-f/aa-log b/apparmor.d/profiles-a-f/aa-log index 9a2323ac..9247dc9f 100644 --- a/apparmor.d/profiles-a-f/aa-log +++ b/apparmor.d/profiles-a-f/aa-log @@ -33,7 +33,7 @@ profile aa-log @{exec_path} { @{PROC}/sys/kernel/random/boot_id r, @{PROC}/sys/kernel/cap_last_cap r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-a-f/aa-notify b/apparmor.d/profiles-a-f/aa-notify index 0eeb04e5..014b5ecf 100644 --- a/apparmor.d/profiles-a-f/aa-notify +++ b/apparmor.d/profiles-a-f/aa-notify @@ -34,7 +34,7 @@ profile aa-notify @{exec_path} { /var/log/audit/audit.log r, owner @{HOME}/.inputrc r, - owner @{HOME}/.terminfo/[0-9]*/dumb r, + owner @{HOME}/.terminfo/@{int}/dumb r, owner /tmp/[a-z0-9]* rw, owner /tmp/apparmor-bugreport-*.txt rw, diff --git a/apparmor.d/profiles-a-f/aa-status b/apparmor.d/profiles-a-f/aa-status index 3972c971..3374f1a3 100644 --- a/apparmor.d/profiles-a-f/aa-status +++ b/apparmor.d/profiles-a-f/aa-status @@ -26,7 +26,7 @@ profile aa-status @{exec_path} { @{PROC}/@{pids}/attr/current r, owner @{PROC}/@{pid}/mounts r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-a-f/acpi-powerbtn b/apparmor.d/profiles-a-f/acpi-powerbtn index dae4595f..0b1e112b 100644 --- a/apparmor.d/profiles-a-f/acpi-powerbtn +++ b/apparmor.d/profiles-a-f/acpi-powerbtn @@ -43,7 +43,7 @@ profile acpi-powerbtn flags=(attach_disconnected) { @{bin}/fgconsole r, /dev/tty rw, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, } include if exists diff --git a/apparmor.d/profiles-a-f/agetty b/apparmor.d/profiles-a-f/agetty index 441f77f0..8310841c 100644 --- a/apparmor.d/profiles-a-f/agetty +++ b/apparmor.d/profiles-a-f/agetty @@ -38,9 +38,9 @@ profile agetty @{exec_path} { @{run}/resolvconf/resolv.conf r, owner @{run}/agetty.reload rw, - /dev/tty[0-9]* rw, - owner /dev/ttyGS[0-9]* rw, - owner /dev/ttyS[0-9]* rw, + /dev/tty@{int} rw, + owner /dev/ttyGS@{int} rw, + owner /dev/ttyS@{int} rw, include if exists } diff --git a/apparmor.d/profiles-a-f/amixer b/apparmor.d/profiles-a-f/amixer index 6dacb53f..d2f89433 100644 --- a/apparmor.d/profiles-a-f/amixer +++ b/apparmor.d/profiles-a-f/amixer @@ -26,7 +26,7 @@ profile amixer @{exec_path} { owner @{PROC}/@{pid}/task/@{tid}/comm rw, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-a-f/anki b/apparmor.d/profiles-a-f/anki index ebb3c954..58b9a683 100644 --- a/apparmor.d/profiles-a-f/anki +++ b/apparmor.d/profiles-a-f/anki @@ -137,7 +137,7 @@ profile anki @{exec_path} { /etc/machine-id r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, owner @{HOME}/.xsession-errors w, # Allowed apps to open @@ -170,10 +170,10 @@ profile anki @{exec_path} { /etc/machine-id r, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, + @{sys}/devices/system/node/node@{int}/meminfo r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, owner @{HOME}/.xsession-errors w, } diff --git a/apparmor.d/profiles-a-f/apparmor_parser b/apparmor.d/profiles-a-f/apparmor_parser index d751a4f6..763954e4 100644 --- a/apparmor.d/profiles-a-f/apparmor_parser +++ b/apparmor.d/profiles-a-f/apparmor_parser @@ -23,8 +23,8 @@ profile apparmor_parser @{exec_path} flags=(attach_disconnected) { /usr/share/apparmor-features/{,**} r, /usr/share/apparmor/{,**} r, - owner /snap/core[0-9]*/[0-9]*/etc/apparmor.d/{,**} r, - owner /snap/core[0-9]*/[0-9]*/etc/apparmor/* r, + owner /snap/core[0-9]*/@{int}/etc/apparmor.d/{,**} r, + owner /snap/core[0-9]*/@{int}/etc/apparmor/* r, owner /var/cache/apparmor/{,**} rw, owner /var/lib/docker/tmp/docker-default[0-9]* r, owner /var/lib/snapd/apparmor/{,**} r, diff --git a/apparmor.d/profiles-a-f/arandr b/apparmor.d/profiles-a-f/arandr index 2c7df462..26c11243 100644 --- a/apparmor.d/profiles-a-f/arandr +++ b/apparmor.d/profiles-a-f/arandr @@ -32,7 +32,7 @@ profile arandr @{exec_path} { /etc/fstab r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-a-f/arduino-builder b/apparmor.d/profiles-a-f/arduino-builder index 27988615..4d37a172 100644 --- a/apparmor.d/profiles-a-f/arduino-builder +++ b/apparmor.d/profiles-a-f/arduino-builder @@ -18,11 +18,11 @@ profile arduino-builder @{exec_path} { @{bin}/avr-gcc-ar rix, @{bin}/avr-size rix, @{bin}/avrdude rix, - @{lib}/gcc/avr/[0-9]*/cc1plus rix, - @{lib}/gcc/avr/[0-9]*/cc1 rix, - @{lib}/gcc/avr/[0-9]*/collect2 rix, - @{lib}/gcc/avr/[0-9]*/lto-wrapper rix, - @{lib}/gcc/avr/[0-9]*/lto1 rix, + @{lib}/gcc/avr/@{int}/cc1plus rix, + @{lib}/gcc/avr/@{int}/cc1 rix, + @{lib}/gcc/avr/@{int}/collect2 rix, + @{lib}/gcc/avr/@{int}/lto-wrapper rix, + @{lib}/gcc/avr/@{int}/lto1 rix, @{lib}/llvm-[0-9]*/bin/clang rix, @{lib}/avr/bin/as rix, @{lib}/avr/bin/ar rix, diff --git a/apparmor.d/profiles-a-f/birdtray b/apparmor.d/profiles-a-f/birdtray index d2494028..ce5f8a96 100644 --- a/apparmor.d/profiles-a-f/birdtray +++ b/apparmor.d/profiles-a-f/birdtray @@ -69,7 +69,7 @@ profile birdtray @{exec_path} { /etc/machine-id r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile open { diff --git a/apparmor.d/profiles-a-f/blueman b/apparmor.d/profiles-a-f/blueman index 4b15033d..350705cd 100644 --- a/apparmor.d/profiles-a-f/blueman +++ b/apparmor.d/profiles-a-f/blueman @@ -64,7 +64,7 @@ profile blueman @{exec_path} flags=(attach_disconnected) { owner @{PROC}/@{pid}/mounts r, @{PROC}/@{pids}/cmdline r, - /dev/dri/card[0-9]* rw, + /dev/dri/card@{int} rw, /dev/rfkill r, /dev/shm/ r, /dev/tty rw, diff --git a/apparmor.d/profiles-a-f/bluetoothd b/apparmor.d/profiles-a-f/bluetoothd index 0ec3deaa..020ba32e 100644 --- a/apparmor.d/profiles-a-f/bluetoothd +++ b/apparmor.d/profiles-a-f/bluetoothd @@ -42,7 +42,7 @@ profile bluetoothd @{exec_path} { /dev/uhid rw, /dev/uinput rw, /dev/rfkill rw, - /dev/hidraw[0-9]* rw, + /dev/hidraw@{int} rw, include if exists } diff --git a/apparmor.d/profiles-a-f/btop b/apparmor.d/profiles-a-f/btop index a71ec4a6..cab332e0 100644 --- a/apparmor.d/profiles-a-f/btop +++ b/apparmor.d/profiles-a-f/btop @@ -24,15 +24,15 @@ profile btop @{exec_path} { @{sys}/class/power_supply/ r, @{sys}/class/hwmon/ r, - @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/scaling_{cur,min,max}_freq r, + @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_{cur,min,max}_freq r, @{sys}/devices/virtual/thermal/thermal_zone[0-9]*/ r, - @{sys}/devices/virtual/thermal/thermal_zone[0-9]*/hwmon[0-9]*/{,*} r, - @{sys}/devices/platform/coretemp.[0-9]*/hwmon/hwmon[0-9]*/{,*} r, - @{sys}/devices/virtual/block/dm-[0-9]*/stat r, - @{sys}/devices/pci[0-9]*/**/host[0-9]*/*/*/block/*/*/stat r, + @{sys}/devices/virtual/thermal/thermal_zone@{int}/hwmon@{int}/{,*} r, + @{sys}/devices/platform/coretemp.@{int}/hwmon/hwmon@{int}/{,*} r, + @{sys}/devices/virtual/block/dm-@{int}/stat r, + @{sys}/devices/pci[0-9]*/**/host@{int}/*/*/block/*/*/stat r, @{sys}/devices/{pci[0-9]*,virtual}/{,**/}net/*/statistics/{rx,tx}_bytes r, @{sys}/devices/{pci[0-9]*,virtual}/{,**/}net/*/address r, - @{sys}/devices/pci[0-9]*/*/*/usb[0-9]*/**/power_supply/hidpp_battery_[0-9]*/{,hwmon[0-9]*/} r, + @{sys}/devices/pci[0-9]*/*/*/usb@{int}/**/power_supply/hidpp_battery_[@{int}/{,hwmon@{int}/} r, @{PROC} r, @{PROC}/loadavg r, diff --git a/apparmor.d/profiles-a-f/btrfs b/apparmor.d/profiles-a-f/btrfs index bb7c5382..8f43838b 100644 --- a/apparmor.d/profiles-a-f/btrfs +++ b/apparmor.d/profiles-a-f/btrfs @@ -42,14 +42,14 @@ profile btrfs @{exec_path} { @{run}/blkid/blkid.tab{,-@{rand6}} rw, @{run}/blkid/blkid.tab.old rwl -> @{run}/blkid/blkid.tab, - @{sys}/fs/btrfs/@{uuid}/devinfo/[0-9]*/fsid r, + @{sys}/fs/btrfs/@{uuid}/devinfo/@{int}/fsid r, @{PROC}/partitions r, owner @{PROC}/@{pid}/mounts r, /dev/btrfs-control rw, - /dev/tty[0-9]* rw, - owner /dev/pts/[0-9]* rw, + /dev/tty@{int} rw, + owner /dev/pts/@{int} rw, include if exists diff --git a/apparmor.d/profiles-a-f/code-extension-git-askpass b/apparmor.d/profiles-a-f/code-extension-git-askpass index e70fd9da..7812baa2 100644 --- a/apparmor.d/profiles-a-f/code-extension-git-askpass +++ b/apparmor.d/profiles-a-f/code-extension-git-askpass @@ -19,7 +19,7 @@ profile code-extension-git-askpass @{exec_path} { @{bin}/cat rix, @{bin}/mktemp rix, @{bin}/rm rix, - @{lib}/electron[0-9]*/electron rix, + @{lib}/electron@{int}/electron rix, /usr/share/terminfo/x/xterm-256color r, diff --git a/apparmor.d/profiles-a-f/code-extension-git-editor b/apparmor.d/profiles-a-f/code-extension-git-editor index 591df231..63fd2c8c 100644 --- a/apparmor.d/profiles-a-f/code-extension-git-editor +++ b/apparmor.d/profiles-a-f/code-extension-git-editor @@ -13,7 +13,7 @@ profile code-extension-git-editor @{exec_path} { @{exec_path} mr, @{bin}/{,ba,da}sh rix, - @{lib}/electron[0-9]*/electron rix, + @{lib}/electron@{int}/electron rix, /dev/tty rw, diff --git a/apparmor.d/profiles-a-f/compton b/apparmor.d/profiles-a-f/compton index baf8a38b..bbc9dc66 100644 --- a/apparmor.d/profiles-a-f/compton +++ b/apparmor.d/profiles-a-f/compton @@ -19,7 +19,7 @@ profile compton @{exec_path} { owner @{HOME}/.Xauthority r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, owner @{HOME}/.xsession-errors w, include if exists diff --git a/apparmor.d/profiles-a-f/conky b/apparmor.d/profiles-a-f/conky index 9ea58f41..542cecff 100644 --- a/apparmor.d/profiles-a-f/conky +++ b/apparmor.d/profiles-a-f/conky @@ -87,7 +87,7 @@ profile conky @{exec_path} { @{sys}/devices/system/cpu/present r, # Get the current frequency of the CPU - @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/scaling_cur_freq r, + @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_cur_freq r, # Get load average values for 1, 5 and 15 minutes @{PROC}/loadavg r, @@ -128,8 +128,8 @@ profile conky @{exec_path} { # Temperatures and Fans @{bin}/sensors rPUx, - @{sys}/devices/**/hwmon[0-9]*/temp[0-9]*_input r, - @{sys}/devices/**/hwmon/hwmon[0-9]*/temp[0-9]*_input r, + @{sys}/devices/**/hwmon@{int}/temp[0-9]*_input r, + @{sys}/devices/**/hwmon/hwmon@{int}/temp[0-9]*_input r, @{sys}/class/hwmon/ r, @{PROC}/acpi/ibm/fan r, @@ -146,7 +146,7 @@ profile conky @{exec_path} { /usr/share/X11/XErrorDB r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, owner @{HOME}/.xsession-errors w, @@ -187,7 +187,7 @@ profile conky @{exec_path} { /usr/share/publicsuffix/public_suffix_list.* r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, deny @{PROC}/@{pids}/net/dev r, deny @{PROC}/@{pids}/net/tcp r, deny @{PROC}/@{pids}/net/tcp6 r, diff --git a/apparmor.d/profiles-a-f/cpuid b/apparmor.d/profiles-a-f/cpuid index 98c184f6..99ae5634 100644 --- a/apparmor.d/profiles-a-f/cpuid +++ b/apparmor.d/profiles-a-f/cpuid @@ -14,7 +14,7 @@ profile cpuid @{exec_path} { @{exec_path} mr, - /dev/cpu/[0-9]*/cpuid r, + /dev/cpu/@{int}/cpuid r, owner /tmp/cpuid* rw, diff --git a/apparmor.d/profiles-a-f/dkms b/apparmor.d/profiles-a-f/dkms index a248af89..a494dc5d 100644 --- a/apparmor.d/profiles-a-f/dkms +++ b/apparmor.d/profiles-a-f/dkms @@ -55,7 +55,7 @@ profile dkms @{exec_path} flags=(attach_disconnected) { @{bin}/{,g,m}awk rix, @{bin}/update-secureboot-policy rPUx, - @{lib}/gcc/@{multiarch}/[0-9]*/* rix, + @{lib}/gcc/@{multiarch}/@{int}/* rix, @{lib}/linux-kbuild-*/scripts/** rix, @{lib}/linux-kbuild-*/tools/objtool/objtool rix, @{lib}/llvm-[0-9]*/bin/clang rix, diff --git a/apparmor.d/profiles-a-f/downloadhelper b/apparmor.d/profiles-a-f/downloadhelper index 11785c16..f6cdd450 100644 --- a/apparmor.d/profiles-a-f/downloadhelper +++ b/apparmor.d/profiles-a-f/downloadhelper @@ -37,7 +37,7 @@ profile downloadhelper @{exec_path} { owner /tmp/vdh-*.tmp rw, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, + @{sys}/devices/system/node/node@{int}/meminfo r, deny @{PROC}/version r, deny @{user_share_dirs}/gvfs-metadata/* r, diff --git a/apparmor.d/profiles-a-f/dring b/apparmor.d/profiles-a-f/dring index 86504f4b..9a1e20cc 100644 --- a/apparmor.d/profiles-a-f/dring +++ b/apparmor.d/profiles-a-f/dring @@ -27,7 +27,7 @@ profile dring @{exec_path} { @{sys}/class/ r, @{sys}/bus/ r, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, + @{sys}/devices/system/node/node@{int}/meminfo r, /var/lib/dbus/machine-id r, /etc/machine-id r, diff --git a/apparmor.d/profiles-a-f/dumpe2fs b/apparmor.d/profiles-a-f/dumpe2fs index ab4b42d1..b0da3ebe 100644 --- a/apparmor.d/profiles-a-f/dumpe2fs +++ b/apparmor.d/profiles-a-f/dumpe2fs @@ -21,7 +21,7 @@ profile dumpe2fs @{exec_path} { owner @{run}/blkid/blkid.tab{,-@{rand6}} rw, owner @{run}/blkid/blkid.tab.old rwl -> @{run}/blkid/blkid.tab, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-a-f/dunstify b/apparmor.d/profiles-a-f/dunstify index 612facd9..4617a00f 100644 --- a/apparmor.d/profiles-a-f/dunstify +++ b/apparmor.d/profiles-a-f/dunstify @@ -13,7 +13,7 @@ profile dunstify @{exec_path} { @{exec_path} mr, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-a-f/engrampa b/apparmor.d/profiles-a-f/engrampa index 43d3c185..edf0d8e9 100644 --- a/apparmor.d/profiles-a-f/engrampa +++ b/apparmor.d/profiles-a-f/engrampa @@ -133,7 +133,7 @@ profile engrampa @{exec_path} { owner @{PROC}/@{pid}/fd/ r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, deny owner @{user_share_dirs}/gvfs-metadata/{,*} r, diff --git a/apparmor.d/profiles-a-f/exo-helper b/apparmor.d/profiles-a-f/exo-helper index fcf7d795..5b51aae9 100644 --- a/apparmor.d/profiles-a-f/exo-helper +++ b/apparmor.d/profiles-a-f/exo-helper @@ -48,7 +48,7 @@ profile exo-helper @{exec_path} { /etc/fstab r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-a-f/f3read b/apparmor.d/profiles-a-f/f3read index be331ee1..d0221a99 100644 --- a/apparmor.d/profiles-a-f/f3read +++ b/apparmor.d/profiles-a-f/f3read @@ -18,9 +18,9 @@ profile f3read @{exec_path} { @{MOUNTS}/*/ r, # To be able to read h2w files - owner @{MOUNTDIRS}/[0-9]*.h2w r, - owner @{MOUNTS}/[0-9]*.h2w r, - owner @{MOUNTS}/*/[0-9]*.h2w r, + owner @{MOUNTDIRS}/@{int}.h2w r, + owner @{MOUNTS}/@{int}.h2w r, + owner @{MOUNTS}/*/@{int}.h2w r, include if exists } diff --git a/apparmor.d/profiles-a-f/f3write b/apparmor.d/profiles-a-f/f3write index aed9ce34..938b0a4e 100644 --- a/apparmor.d/profiles-a-f/f3write +++ b/apparmor.d/profiles-a-f/f3write @@ -22,9 +22,9 @@ profile f3write @{exec_path} { @{MOUNTS}/*/ r, # To be able to write h2w files - owner @{MOUNTDIRS}/[0-9]*.h2w w, - owner @{MOUNTS}/[0-9]*.h2w w, - owner @{MOUNTS}/*/[0-9]*.h2w w, + owner @{MOUNTDIRS}/@{int}.h2w w, + owner @{MOUNTS}/@{int}.h2w w, + owner @{MOUNTS}/*/@{int}.h2w w, include if exists } diff --git a/apparmor.d/profiles-a-f/flatpak-portal b/apparmor.d/profiles-a-f/flatpak-portal index c2b07033..e17b75de 100644 --- a/apparmor.d/profiles-a-f/flatpak-portal +++ b/apparmor.d/profiles-a-f/flatpak-portal @@ -32,9 +32,9 @@ profile flatpak-portal @{exec_path} flags=(attach_disconnected) { owner @{user_config_dirs}/user-dirs.dirs r, owner @{user_share_dirs}/mime/mime.cache r, - owner @{run}/user/@{uid}/.flatpak/[0-9]*/bwrapinfo.json r, - owner @{run}/user/@{uid}/.flatpak/[0-9]*/info r, - owner @{run}/user/@{uid}/.flatpak/[0-9]*/pid r, + owner @{run}/user/@{uid}/.flatpak/@{int}/bwrapinfo.json r, + owner @{run}/user/@{uid}/.flatpak/@{int}/info r, + owner @{run}/user/@{uid}/.flatpak/@{int}/pid r, include if exists } \ No newline at end of file diff --git a/apparmor.d/profiles-a-f/fwupd b/apparmor.d/profiles-a-f/fwupd index 302e13a3..a6b12dff 100644 --- a/apparmor.d/profiles-a-f/fwupd +++ b/apparmor.d/profiles-a-f/fwupd @@ -104,8 +104,8 @@ profile fwupd @{exec_path} flags=(complain,attach_disconnected) { /boot/{,**} r, /boot/EFI/*/.goutputstream-@{rand6} rw, /boot/EFI/*/fw/fwupd-*.cap{,.*} rw, - /boot/EFI/*/fwupdx[0-9]*.efi rw, - @{lib}/fwupd/efi/fwupdx[0-9]*.efi r, + /boot/EFI/*/fwupdx@{int}.efi rw, + @{lib}/fwupd/efi/fwupdx@{int}.efi r, /etc/machine-id r, /var/lib/dbus/machine-id r, @@ -129,7 +129,7 @@ profile fwupd @{exec_path} flags=(complain,attach_disconnected) { @{sys}/power/mem_sleep r, @{run}/motd.d/ r, - @{run}/motd.d/[0-9]*-fwupd* rw, + @{run}/motd.d/@{int}-fwupd* rw, @{run}/motd.d/fwupd/{,**} rw, @{run}/mount/utab r, @{run}/systemd/inhibit/[0-9]*.ref rw, @@ -145,17 +145,17 @@ profile fwupd @{exec_path} flags=(complain,attach_disconnected) { @{PROC}/sys/kernel/tainted r, /dev/bus/usb/ r, - /dev/bus/usb/[0-9]*/[0-9]* rw, - /dev/cpu/[0-9]*/msr rw, - /dev/drm_dp_aux[0-9]* rw, - /dev/gpiochip[0-9]* r, - /dev/hidraw[0-9]* rw, - /dev/mei[0-9]* rw, + /dev/bus/usb/@{int}/@{int} rw, + /dev/cpu/@{int}/msr rw, + /dev/drm_dp_aux@{int} rw, + /dev/gpiochip@{int} r, + /dev/hidraw@{int} rw, + /dev/mei@{int} rw, /dev/mem r, - /dev/mtd[0-9]* rw, + /dev/mtd@{int} rw, /dev/sd[a-z]* r, - /dev/tpm[0-9]* rw, - /dev/tpmrm[0-9]* rw, + /dev/tpm@{int} rw, + /dev/tpmrm@{int} rw, /dev/wmi/* r, profile gpg flags=(complain) { diff --git a/apparmor.d/profiles-g-l/gajim b/apparmor.d/profiles-g-l/gajim index 77741338..73a1f73c 100644 --- a/apparmor.d/profiles-g-l/gajim +++ b/apparmor.d/profiles-g-l/gajim @@ -105,7 +105,7 @@ profile gajim @{exec_path} { @{bin}/{,@{multiarch}-}gcc-[0-9]* rix, @{bin}/{,@{multiarch}-}g++-[0-9]* rix, @{bin}/{,@{multiarch}-}ld.bfd rix, - @{lib}/gcc/@{multiarch}/[0-9]*/collect2 rix, + @{lib}/gcc/@{multiarch}/@{int}/collect2 rix, owner /tmp/cc* rw, owner /tmp/tmp* rw, diff --git a/apparmor.d/profiles-g-l/games-wesnoth b/apparmor.d/profiles-g-l/games-wesnoth index d9af5f75..1573af6c 100644 --- a/apparmor.d/profiles-g-l/games-wesnoth +++ b/apparmor.d/profiles-g-l/games-wesnoth @@ -19,7 +19,7 @@ profile games-wesnoth @{exec_path} { @{exec_path} mrix, - /usr/share/games/wesnoth/[0-9]*/{,**} r, + /usr/share/games/wesnoth/@{int}/{,**} r, owner @{user_config_dirs}/wesnoth-[0-9]*/{,**} rw, diff --git a/apparmor.d/profiles-g-l/gdk-pixbuf-query-loaders b/apparmor.d/profiles-g-l/gdk-pixbuf-query-loaders index 2a665a5c..cf6f2b7e 100644 --- a/apparmor.d/profiles-g-l/gdk-pixbuf-query-loaders +++ b/apparmor.d/profiles-g-l/gdk-pixbuf-query-loaders @@ -15,8 +15,8 @@ profile gdk-pixbuf-query-loaders @{exec_path} { @{exec_path} mr, - @{lib}/gdk-pixbuf-[0-9].[0-9]*/{,*}/loaders.cache.* rw, - @{lib}/gdk-pixbuf-[0-9].[0-9]*/*/loaders.cache rw, + @{lib}/gdk-pixbuf-[0-9].@{int}/{,*}/loaders.cache.* rw, + @{lib}/gdk-pixbuf-[0-9].@{int}/*/loaders.cache rw, include if exists } \ No newline at end of file diff --git a/apparmor.d/profiles-g-l/globaltime b/apparmor.d/profiles-g-l/globaltime index c2bfd687..2b148a3e 100644 --- a/apparmor.d/profiles-g-l/globaltime +++ b/apparmor.d/profiles-g-l/globaltime @@ -20,7 +20,7 @@ profile globaltime @{exec_path} { owner @{user_config_dirs}/globaltime/globaltimerc{,.*} rw, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-g-l/gpa b/apparmor.d/profiles-g-l/gpa index 2ef5bb0d..654a4f8b 100644 --- a/apparmor.d/profiles-g-l/gpa +++ b/apparmor.d/profiles-g-l/gpa @@ -48,7 +48,7 @@ profile gpa @{exec_path} { @{lib}/firefox/firefox rPUx, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-g-l/gparted b/apparmor.d/profiles-g-l/gparted index e7e7106e..b75914d7 100644 --- a/apparmor.d/profiles-g-l/gparted +++ b/apparmor.d/profiles-g-l/gparted @@ -55,7 +55,7 @@ profile gparted @{exec_path} { @{PROC}/@{pids}/stat r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile udevadm { diff --git a/apparmor.d/profiles-g-l/gpodder b/apparmor.d/profiles-g-l/gpodder index fa4c2e5a..a798e6c8 100644 --- a/apparmor.d/profiles-g-l/gpodder +++ b/apparmor.d/profiles-g-l/gpodder @@ -64,7 +64,7 @@ profile gpodder @{exec_path} { @{lib}/firefox/firefox rPUx, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile open { diff --git a/apparmor.d/profiles-g-l/groups b/apparmor.d/profiles-g-l/groups index 6de8a0a2..ea6ef03b 100644 --- a/apparmor.d/profiles-g-l/groups +++ b/apparmor.d/profiles-g-l/groups @@ -16,7 +16,7 @@ profile groups @{exec_path} { /etc/group r, /etc/nsswitch.conf r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-g-l/gsettings b/apparmor.d/profiles-g-l/gsettings index fba7f30c..8ad1f814 100644 --- a/apparmor.d/profiles-g-l/gsettings +++ b/apparmor.d/profiles-g-l/gsettings @@ -22,7 +22,7 @@ profile gsettings @{exec_path} { /var/lib/gdm{3,}/.config/dconf/user r, /var/lib/gdm{3,}/greeter-dconf-defaults r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, owner @{run}/user/@{uid}/bus rw, diff --git a/apparmor.d/profiles-g-l/hardinfo b/apparmor.d/profiles-g-l/hardinfo index adc91951..1470a3db 100644 --- a/apparmor.d/profiles-g-l/hardinfo +++ b/apparmor.d/profiles-g-l/hardinfo @@ -42,7 +42,7 @@ profile hardinfo @{exec_path} { @{bin}/python2.[0-9]* rix, @{bin}/python3.[0-9]* rix, @{bin}/route rix, - @{bin}/ruby[0-9].[0-9]* rix, + @{bin}/ruby[0-9].@{int} rix, @{bin}/strace rix, @{bin}/tr rix, @{bin}/valgrind{,.bin} rix, @@ -72,10 +72,10 @@ profile hardinfo @{exec_path} { @{sys}/devices/virtual/dmi/id/* r, @{sys}/devices/virtual/thermal/thermal_zone[0-9]/hwmon[0-9]/temp* r, @{sys}/devices/virtual/thermal/thermal_zone[0-9]/temp* r, - @{sys}/devices/platform/**/hwmon/hwmon[0-9]*/temp* r, - @{sys}/devices/platform/**/hwmon/hwmon[0-9]*/fan* r, + @{sys}/devices/platform/**/hwmon/hwmon@{int}/temp* r, + @{sys}/devices/platform/**/hwmon/hwmon@{int}/fan* r, @{sys}/devices/pci[0-9]*/**/eeprom r, - @{sys}/devices/pci[0-9]*/**/hwmon/hwmon[0-9]*/temp* r, + @{sys}/devices/pci[0-9]*/**/hwmon/hwmon@{int}/temp* r, @{sys}/devices/**/power_supply/** r, @{PROC}/@{pid}/net/wireless r, @@ -118,7 +118,7 @@ profile hardinfo @{exec_path} { deny /usr/share/gdb/python/** w, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile ccache { diff --git a/apparmor.d/profiles-g-l/hexchat b/apparmor.d/profiles-g-l/hexchat index 539bf83a..18456e2f 100644 --- a/apparmor.d/profiles-g-l/hexchat +++ b/apparmor.d/profiles-g-l/hexchat @@ -48,7 +48,7 @@ profile hexchat @{exec_path} { @{lib}/firefox/firefox rPUx, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-g-l/htop b/apparmor.d/profiles-g-l/htop index b624b7c6..8f1ef80e 100644 --- a/apparmor.d/profiles-g-l/htop +++ b/apparmor.d/profiles-g-l/htop @@ -85,10 +85,10 @@ profile htop @{exec_path} { @{sys}/class/hwmon/ r, @{sys}/class/i2c-adapter/ r, @{sys}/class/power_supply/ r, - @{sys}/devices/**/hwmon[0-9]*/ r, - @{sys}/devices/**/hwmon[0-9]*/{name,temp*} r, - @{sys}/devices/**/hwmon[0-9]*/**/ r, - @{sys}/devices/**/hwmon[0-9]*/**/{name,temp*} r, + @{sys}/devices/**/hwmon@{int}/ r, + @{sys}/devices/**/hwmon@{int}/{name,temp*} r, + @{sys}/devices/**/hwmon@{int}/**/ r, + @{sys}/devices/**/hwmon@{int}/**/{name,temp*} r, @{sys}/devices/**/hwmon/ r, @{sys}/devices/**/hwmon/{name,temp*} r, @{sys}/devices/**/hwmon/**/ r, @@ -98,15 +98,15 @@ profile htop @{exec_path} { @{sys}/devices/i2c-[0-9]*/name r, @{sys}/devices/pci[0-9]*/**/i2c-[0-9]*/name r, @{sys}/devices/platform/*/i2c-[0-9]*/name r, - @{sys}/devices/system/cpu/cpu[0-9]*/online r, - @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/cpuinfo_{cur,min,max}_freq r, - @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/scaling_{cur,min,max}_freq r, + @{sys}/devices/system/cpu/cpu@{int}/online r, + @{sys}/devices/system/cpu/cpufreq/policy@{int}/cpuinfo_{cur,min,max}_freq r, + @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_{cur,min,max}_freq r, @{sys}/devices/virtual/block/zram[0-9]*/{disksize,mm_stat} r, @{sys}/devices/virtual/thermal/thermal_zone[0-9]*/temp r, @{sys}/kernel/mm/hugepages/ r, @{sys}/kernel/mm/hugepages/hugepages-*/nr_hugepages r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-g-l/hwinfo b/apparmor.d/profiles-g-l/hwinfo index 92f8a891..1f75703b 100644 --- a/apparmor.d/profiles-g-l/hwinfo +++ b/apparmor.d/profiles-g-l/hwinfo @@ -87,7 +87,7 @@ profile hwinfo @{exec_path} { /dev/ttyS0 r, /dev/ttyS1 r, owner /tmp/hwinfo*.txt rw, - @{sys}/devices/pci[0-9]*/**/drm/card[0-9]*/ r, + @{sys}/devices/pci[0-9]*/**/drm/card@{int}/ r, } diff --git a/apparmor.d/profiles-g-l/hypnotix b/apparmor.d/profiles-g-l/hypnotix index e22905fd..37909623 100644 --- a/apparmor.d/profiles-g-l/hypnotix +++ b/apparmor.d/profiles-g-l/hypnotix @@ -89,7 +89,7 @@ profile hypnotix @{exec_path} { owner @{HOME}/.Xauthority r, # file_inherit - /dev/dri/card[0-9]* rw, + /dev/dri/card@{int} rw, network inet stream, network inet6 stream, } diff --git a/apparmor.d/profiles-g-l/i3lock b/apparmor.d/profiles-g-l/i3lock index 1932029d..b4527560 100644 --- a/apparmor.d/profiles-g-l/i3lock +++ b/apparmor.d/profiles-g-l/i3lock @@ -33,7 +33,7 @@ profile i3lock @{exec_path} { owner /tmp/tmp.*.png r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-g-l/i3lock-fancy b/apparmor.d/profiles-g-l/i3lock-fancy index 81f544d6..c5af2e3c 100644 --- a/apparmor.d/profiles-g-l/i3lock-fancy +++ b/apparmor.d/profiles-g-l/i3lock-fancy @@ -38,7 +38,7 @@ profile i3lock-fancy @{exec_path} { /usr/share/i3lock-fancy/{,*} r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile imagemagic { @@ -63,7 +63,7 @@ profile i3lock-fancy @{exec_path} { owner /tmp/tmp.*.png rw, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, } diff --git a/apparmor.d/profiles-g-l/im-launch b/apparmor.d/profiles-g-l/im-launch index 755ac411..2fc5af4c 100644 --- a/apparmor.d/profiles-g-l/im-launch +++ b/apparmor.d/profiles-g-l/im-launch @@ -30,7 +30,7 @@ profile im-launch @{exec_path} { owner @{HOME}/.xinputrc r, # file inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-g-l/inxi b/apparmor.d/profiles-g-l/inxi index e1cfaef8..bd74d198 100644 --- a/apparmor.d/profiles-g-l/inxi +++ b/apparmor.d/profiles-g-l/inxi @@ -75,11 +75,11 @@ profile inxi @{exec_path} { /etc/apt/sources.list.d/{,*.list} r, /var/log/ r, - /var/log/Xorg.[0-9]*.log r, + /var/log/Xorg.@{int}.log r, /home/ r, @{user_share_dirs}/xorg/ r, - @{user_share_dirs}/xorg/Xorg.[0-9]*.log r, + @{user_share_dirs}/xorg/Xorg.@{int}.log r, # For shell pwd /root/ r, diff --git a/apparmor.d/profiles-g-l/ip b/apparmor.d/profiles-g-l/ip index e6faeaff..9ef3a7ce 100644 --- a/apparmor.d/profiles-g-l/ip +++ b/apparmor.d/profiles-g-l/ip @@ -43,7 +43,7 @@ profile ip @{exec_path} flags=(attach_disconnected) { owner @{PROC}/@{pid}/net/igmp{,6} r, owner @{PROC}/sys/net/ipv{4,6}/route/flush w, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-g-l/irqbalance b/apparmor.d/profiles-g-l/irqbalance index 1c8d6cfb..17da1fc0 100644 --- a/apparmor.d/profiles-g-l/irqbalance +++ b/apparmor.d/profiles-g-l/irqbalance @@ -22,18 +22,18 @@ profile irqbalance @{exec_path} { @{sys}/devices/pci[0-9]*/**/{class,numa_node,local_cpus,irq} r, @{sys}/devices/pci[0-9]*/**/{vendor,device,subsystem_vendor,subsystem_device} r, @{sys}/devices/pci[0-9]*/**/msi_irqs/ r, - @{sys}/devices/system/cpu/cpu[0-9]*/ r, - @{sys}/devices/system/cpu/cpu[0-9]*/cache/index[0-9]*/shared_cpu_map r, - @{sys}/devices/system/cpu/cpu[0-9]*/topology/{,**} r, + @{sys}/devices/system/cpu/cpu@{int}/ r, + @{sys}/devices/system/cpu/cpu@{int}/cache/index[0-9]*/shared_cpu_map r, + @{sys}/devices/system/cpu/cpu@{int}/topology/{,**} r, @{sys}/devices/system/cpu/isolated r, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/ r, - @{sys}/devices/system/node/node[0-9]*/{cpumap,meminfo} r, + @{sys}/devices/system/node/node@{int}/ r, + @{sys}/devices/system/node/node@{int}/{cpumap,meminfo} r, @{sys}/devices/system/cpu/nohz_full r, @{PROC}/interrupts r, - @{PROC}/irq/[0-9]*/node r, - @{PROC}/irq/[0-9]*/smp_affinity rw, + @{PROC}/irq/@{int}/node r, + @{PROC}/irq/@{int}/smp_affinity rw, include if exists } \ No newline at end of file diff --git a/apparmor.d/profiles-g-l/iw b/apparmor.d/profiles-g-l/iw index ec0cac8c..fd5a2054 100644 --- a/apparmor.d/profiles-g-l/iw +++ b/apparmor.d/profiles-g-l/iw @@ -23,7 +23,7 @@ profile iw @{exec_path} { @{sys}/devices/pci[0-9]*/**/ieee80211/phy[0-9]*/index r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-g-l/jdownloader b/apparmor.d/profiles-g-l/jdownloader index e8154382..59655ec1 100644 --- a/apparmor.d/profiles-g-l/jdownloader +++ b/apparmor.d/profiles-g-l/jdownloader @@ -54,9 +54,9 @@ profile jdownloader @{exec_path} { owner @{HOME}/.oracle_jre_usage/@{hex}.timestamp rw, owner @{HOME}/.java/.userPrefs/.user.lock.* rwk, owner @{HOME}/.java/.userPrefs/com/install4j/installations/prefs.xml rw, - owner @{HOME}/.java/fonts/[0-9]*/ rw, - owner @{HOME}/.java/fonts/[0-9]*/fcinfo*.tmp rw, - owner @{HOME}/.java/fonts/[0-9]*/fcinfo-*.properties rw, + owner @{HOME}/.java/fonts/@{int}/ rw, + owner @{HOME}/.java/fonts/@{int}/fcinfo*.tmp rw, + owner @{HOME}/.java/fonts/@{int}/fcinfo-*.properties rw, owner @{HOME}/.install4j rw, diff --git a/apparmor.d/profiles-g-l/jekyll b/apparmor.d/profiles-g-l/jekyll index 9daf41e3..47afa96e 100644 --- a/apparmor.d/profiles-g-l/jekyll +++ b/apparmor.d/profiles-g-l/jekyll @@ -14,7 +14,7 @@ profile jekyll @{exec_path} { include @{exec_path} r, - @{bin}/ruby[0-9].[0-9]* rix, + @{bin}/ruby[0-9].@{int} rix, @{lib}/ruby/gems/*/specifications/ r, @{lib}/ruby/gems/*/specifications/** r, diff --git a/apparmor.d/profiles-g-l/jgmenu b/apparmor.d/profiles-g-l/jgmenu index e236e673..46e57329 100644 --- a/apparmor.d/profiles-g-l/jgmenu +++ b/apparmor.d/profiles-g-l/jgmenu @@ -52,7 +52,7 @@ profile jgmenu @{exec_path} { /usr/share/**.desktop r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-g-l/keepassxc b/apparmor.d/profiles-g-l/keepassxc index 3d237cd9..68a7257e 100644 --- a/apparmor.d/profiles-g-l/keepassxc +++ b/apparmor.d/profiles-g-l/keepassxc @@ -100,7 +100,7 @@ profile keepassxc @{exec_path} { /dev/shm/#@{int} rw, /dev/tty rw, /dev/urandom rw, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, # Silencer deny @{user_share_dirs}/gvfs-metadata/* r, diff --git a/apparmor.d/profiles-g-l/keepassxc-proxy b/apparmor.d/profiles-g-l/keepassxc-proxy index 721e658c..7161f204 100644 --- a/apparmor.d/profiles-g-l/keepassxc-proxy +++ b/apparmor.d/profiles-g-l/keepassxc-proxy @@ -32,7 +32,7 @@ profile keepassxc-proxy @{exec_path} { deny owner @{run}/user/@{uid}/.[a-zA-Z]*/{,s} rw, deny owner @{run}/user/@{uid}/kpxc_server rw, deny /dev/shm/org.chromium.* rw, - deny owner /dev/shm/org.mozilla.ipc.[0-9]*.[0-9]* rw, + deny owner /dev/shm/org.mozilla.ipc.@{int}.@{int} rw, deny owner @{HOME}/.mozilla/** rw, deny owner @{user_cache_dirs}/mozilla/** rw, deny owner @{MOUNTS}/.mozilla/** rw, diff --git a/apparmor.d/profiles-g-l/kexec b/apparmor.d/profiles-g-l/kexec index fbdec078..409f60c3 100644 --- a/apparmor.d/profiles-g-l/kexec +++ b/apparmor.d/profiles-g-l/kexec @@ -17,7 +17,7 @@ profile kexec @{exec_path} flags=(complain) { owner /boot/{initrd.img,vmlinuz}-* r, @{sys}/firmware/memmap/ r, - @{sys}/firmware/memmap/[0-9]*/{start,end,type} r, + @{sys}/firmware/memmap/@{int}/{start,end,type} r, @{sys}/kernel/boot_params/data r, @{PROC}/cmdline r, diff --git a/apparmor.d/profiles-g-l/kodi b/apparmor.d/profiles-g-l/kodi index 00c63206..b4c4b885 100644 --- a/apparmor.d/profiles-g-l/kodi +++ b/apparmor.d/profiles-g-l/kodi @@ -65,8 +65,8 @@ profile kodi @{exec_path} { @{sys}/devices/pci[0-9]*/**/usb[0-9]/{bDeviceClass,idProduct,idVendor} r, @{sys}/devices/pci[0-9]*/**/usb[0-9]/**/{bDeviceClass,idProduct,idVendor} r, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, - @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/scaling_cur_freq r, + @{sys}/devices/system/node/node@{int}/meminfo r, + @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_cur_freq r, @{sys}/devices/virtual/thermal/thermal_zone[0-9]*/temp r, @{run}/udev/data/* r, @@ -84,7 +84,7 @@ profile kodi @{exec_path} { # file_inherit /usr/share/kodi/** r, /sys/devices/virtual/thermal/thermal_zone[0-9]*/temp r, - /sys/devices/system/cpu/cpufreq/policy[0-9]*/scaling_cur_freq r, + /sys/devices/system/cpu/cpufreq/policy@{int}/scaling_cur_freq r, /home/morfik/.kodi/temp/kodi.log w, } diff --git a/apparmor.d/profiles-g-l/kvm-ok b/apparmor.d/profiles-g-l/kvm-ok index a4490bb3..c05507f8 100644 --- a/apparmor.d/profiles-g-l/kvm-ok +++ b/apparmor.d/profiles-g-l/kvm-ok @@ -23,7 +23,7 @@ profile kvm-ok @{exec_path} { #/proc/cpuinfo r, #/dev/kvm r, - #/dev/cpu/[0-9]*/msr r, + #/dev/cpu/@{int}/msr r, # For shell pwd /root/ r, diff --git a/apparmor.d/profiles-g-l/labwc b/apparmor.d/profiles-g-l/labwc index 3e399fdf..345e0035 100644 --- a/apparmor.d/profiles-g-l/labwc +++ b/apparmor.d/profiles-g-l/labwc @@ -37,7 +37,7 @@ profile labwc @{exec_path} flags=(attach_disconnected) { owner @{user_config_dirs}/labwc/ r, owner @{user_config_dirs}/labwc/* r, - owner /dev/shm/wayland.mozilla.ipc.[0-9]* rw, + owner /dev/shm/wayland.mozilla.ipc.@{int} rw, @{sys}/class/drm/ r, @{sys}/class/input/ r, @@ -56,7 +56,7 @@ profile labwc @{exec_path} flags=(attach_disconnected) { @{run}/udev/data/c226:[0-9]* r, # for /dev/dri/card* @{run}/systemd/sessions/* r, - @{run}/systemd/seats/seat[0-9]* r, + @{run}/systemd/seats/seat@{int} r, @{run}/user/@{uid}/wayland-@{int}.lock k, diff --git a/apparmor.d/profiles-g-l/landscape-sysinfo b/apparmor.d/profiles-g-l/landscape-sysinfo index 30d944c3..428f1945 100644 --- a/apparmor.d/profiles-g-l/landscape-sysinfo +++ b/apparmor.d/profiles-g-l/landscape-sysinfo @@ -41,7 +41,7 @@ profile landscape-sysinfo @{exec_path} { owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/mounts r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } \ No newline at end of file diff --git a/apparmor.d/profiles-g-l/landscape-sysinfo.wrapper b/apparmor.d/profiles-g-l/landscape-sysinfo.wrapper index 34615593..71ec9950 100644 --- a/apparmor.d/profiles-g-l/landscape-sysinfo.wrapper +++ b/apparmor.d/profiles-g-l/landscape-sysinfo.wrapper @@ -28,7 +28,7 @@ profile landscape-sysinfo.wrapper @{exec_path} { @{PROC}/loadavg r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } \ No newline at end of file diff --git a/apparmor.d/profiles-g-l/light b/apparmor.d/profiles-g-l/light index e4a462f7..cca9a850 100644 --- a/apparmor.d/profiles-g-l/light +++ b/apparmor.d/profiles-g-l/light @@ -30,7 +30,7 @@ profile light @{exec_path} { @{sys}/devices/pci[0-9]*/**/backlight/*/brightness rw, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, owner @{HOME}/.xsession-errors w, include if exists diff --git a/apparmor.d/profiles-g-l/light-locker b/apparmor.d/profiles-g-l/light-locker index 16eac48d..87d4a1bc 100644 --- a/apparmor.d/profiles-g-l/light-locker +++ b/apparmor.d/profiles-g-l/light-locker @@ -33,7 +33,7 @@ profile light-locker @{exec_path} { @{sys}/devices/pci[0-9]*/**/subsystem_device r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-g-l/lightdm b/apparmor.d/profiles-g-l/lightdm index 12b0778a..c340c654 100644 --- a/apparmor.d/profiles-g-l/lightdm +++ b/apparmor.d/profiles-g-l/lightdm @@ -106,7 +106,7 @@ profile lightdm @{exec_path} { @{etc_ro}/environment r, /etc/default/locale r, - /dev/tty[0-9]* r, + /dev/tty@{int} r, # Xsession logs owner @{HOME}/.xsession-errors{,.old} rw, diff --git a/apparmor.d/profiles-g-l/linssid b/apparmor.d/profiles-g-l/linssid index 3291d6c6..9f2ef1b4 100644 --- a/apparmor.d/profiles-g-l/linssid +++ b/apparmor.d/profiles-g-l/linssid @@ -73,7 +73,7 @@ profile linssid @{exec_path} { /root/ r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile iw { @@ -90,7 +90,7 @@ profile linssid @{exec_path} { owner @{HOME}/.linssid.prefs rw, owner @{HOME}/LinSSID.datalog rw, owner /tmp/linssid_* rw, - owner /dev/dri/card[0-9]* rw, + owner /dev/dri/card@{int} rw, } diff --git a/apparmor.d/profiles-g-l/login b/apparmor.d/profiles-g-l/login index bec1cf74..d97105d8 100644 --- a/apparmor.d/profiles-g-l/login +++ b/apparmor.d/profiles-g-l/login @@ -69,7 +69,7 @@ profile login @{exec_path} flags=(attach_disconnected) { owner @{PROC}/@{pid}/loginuid rw, owner @{PROC}/@{pid}/uid_map r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-g-l/lscpu b/apparmor.d/profiles-g-l/lscpu index 96dba234..102025b3 100644 --- a/apparmor.d/profiles-g-l/lscpu +++ b/apparmor.d/profiles-g-l/lscpu @@ -23,11 +23,11 @@ profile lscpu @{exec_path} { @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/cpumap r, + @{sys}/devices/system/node/node@{int}/cpumap r, owner @{sys}/kernel/cpu_byteorder r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists diff --git a/apparmor.d/profiles-g-l/lspci b/apparmor.d/profiles-g-l/lspci index 2f28c61d..f29be792 100644 --- a/apparmor.d/profiles-g-l/lspci +++ b/apparmor.d/profiles-g-l/lspci @@ -32,7 +32,7 @@ profile lspci @{exec_path} flags=(attach_disconnected) { @{sys}/bus/pci/devices/ r, @{sys}/bus/pci/slots/ r, - @{sys}/bus/pci/slots/[0-9]*/address r, + @{sys}/bus/pci/slots/@{int}/address r, @{sys}/devices/pci[0-9]*/** r, @{PROC}/cmdline r, diff --git a/apparmor.d/profiles-g-l/lxappearance b/apparmor.d/profiles-g-l/lxappearance index fc083377..96136866 100644 --- a/apparmor.d/profiles-g-l/lxappearance +++ b/apparmor.d/profiles-g-l/lxappearance @@ -47,7 +47,7 @@ profile lxappearance @{exec_path} { /var/lib/dbus/machine-id r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile dbus { diff --git a/apparmor.d/profiles-m-r/megasync b/apparmor.d/profiles-m-r/megasync index e00f278b..bb918460 100644 --- a/apparmor.d/profiles-m-r/megasync +++ b/apparmor.d/profiles-m-r/megasync @@ -80,7 +80,7 @@ profile megasync @{exec_path} { @{bin}/spacefm rPx, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile open { diff --git a/apparmor.d/profiles-m-r/merkaartor b/apparmor.d/profiles-m-r/merkaartor index d9909288..424a3a71 100644 --- a/apparmor.d/profiles-m-r/merkaartor +++ b/apparmor.d/profiles-m-r/merkaartor @@ -56,7 +56,7 @@ profile merkaartor @{exec_path} { owner /tmp/qtsingleapp-merkaa-*-lockfile rwk, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, + @{sys}/devices/system/node/node@{int}/meminfo r, include if exists } diff --git a/apparmor.d/profiles-m-r/minitube b/apparmor.d/profiles-m-r/minitube index 0e290fd3..3cc90611 100644 --- a/apparmor.d/profiles-m-r/minitube +++ b/apparmor.d/profiles-m-r/minitube @@ -95,7 +95,7 @@ profile minitube @{exec_path} { @{lib}/firefox/firefox rPx, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile open { @@ -139,7 +139,7 @@ profile minitube @{exec_path} { owner @{HOME}/.Xauthority r, # file_inherit - /dev/dri/card[0-9]* rw, + /dev/dri/card@{int} rw, network inet stream, network inet6 stream, } diff --git a/apparmor.d/profiles-m-r/mkvmerge b/apparmor.d/profiles-m-r/mkvmerge index 11c50571..29aa675d 100644 --- a/apparmor.d/profiles-m-r/mkvmerge +++ b/apparmor.d/profiles-m-r/mkvmerge @@ -23,7 +23,7 @@ profile mkvmerge @{exec_path} { owner /tmp/MKVToolNix-GUI-MuxJob-*.json r, # file_inherit - /dev/dri/card[0-9]* rw, + /dev/dri/card@{int} rw, include if exists } diff --git a/apparmor.d/profiles-m-r/mkvtoolnix-gui b/apparmor.d/profiles-m-r/mkvtoolnix-gui index 51d71c50..2ec08120 100644 --- a/apparmor.d/profiles-m-r/mkvtoolnix-gui +++ b/apparmor.d/profiles-m-r/mkvtoolnix-gui @@ -65,7 +65,7 @@ profile mkvtoolnix-gui @{exec_path} { @{PROC}/@{pid}/mountinfo r, @{PROC}/@{pid}/mounts r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-m-r/mount-zfs b/apparmor.d/profiles-m-r/mount-zfs index 1c035b0a..3bdc3f89 100644 --- a/apparmor.d/profiles-m-r/mount-zfs +++ b/apparmor.d/profiles-m-r/mount-zfs @@ -16,7 +16,7 @@ profile mount-zfs @{exec_path} flags=(complain) { @{exec_path} mr, - /dev/pts/[0-9]* rw, + /dev/pts/@{int} rw, @{MOUNTDIRS}/ r, @{MOUNTS}/ r, diff --git a/apparmor.d/profiles-m-r/mpv b/apparmor.d/profiles-m-r/mpv index cf14169e..c737b6d9 100644 --- a/apparmor.d/profiles-m-r/mpv +++ b/apparmor.d/profiles-m-r/mpv @@ -60,7 +60,7 @@ profile mpv @{exec_path} { owner /tmp/mpsyt-input* rw, owner /tmp/mpsyt-mpv*.sock rw, owner /tmp/smplayer-mpv-* rw, - owner /tmp/smplayer_preview/[0-9]*.{jpg,png} w, + owner /tmp/smplayer_preview/@{int}.{jpg,png} w, owner /tmp/smplayer_screenshots/cap_*.{jpg,png} w, owner @{run}/user/@{uid}/gvfs/smb-share:server=*,share=**/ r, @@ -83,8 +83,8 @@ profile mpv @{exec_path} { @{sys}/devices/**/sound/**/capabilities/* r, @{sys}/devices/**/sound/**/uevent r, - /dev/input/event[0-9]* r, - owner /dev/tty[0-9]* rw, + /dev/input/event@{int} r, + owner /dev/tty@{int} rw, profile xdg-screensaver { include @@ -105,7 +105,7 @@ profile mpv @{exec_path} { owner @{HOME}/.Xauthority r, # file_inherit - /dev/dri/card[0-9]* rw, + /dev/dri/card@{int} rw, network inet stream, network inet6 stream, } diff --git a/apparmor.d/profiles-m-r/mumble b/apparmor.d/profiles-m-r/mumble index b417b073..7f9fc1ad 100644 --- a/apparmor.d/profiles-m-r/mumble +++ b/apparmor.d/profiles-m-r/mumble @@ -74,7 +74,7 @@ profile mumble @{exec_path} { @{lib}/firefox/firefox rPUx, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile open { diff --git a/apparmor.d/profiles-m-r/needrestart-iucode-scan-versions b/apparmor.d/profiles-m-r/needrestart-iucode-scan-versions index 8d2041d7..5b8995ce 100644 --- a/apparmor.d/profiles-m-r/needrestart-iucode-scan-versions +++ b/apparmor.d/profiles-m-r/needrestart-iucode-scan-versions @@ -27,11 +27,11 @@ profile needrestart-iucode-scan-versions @{exec_path} { /boot/intel-ucode.img r, /boot/early_ucode.cpio r, - @{sys}/devices/system/cpu/cpu[0-9]*/microcode/processor_flags r, + @{sys}/devices/system/cpu/cpu@{int}/microcode/processor_flags r, /dev/tty rw, - /dev/tty[0-9]* rw, - owner /dev/pts/[0-9]* rw, + /dev/tty@{int} rw, + owner /dev/pts/@{int} rw, include if exists } diff --git a/apparmor.d/profiles-m-r/numlockx b/apparmor.d/profiles-m-r/numlockx index 4f59005b..6ad154ac 100644 --- a/apparmor.d/profiles-m-r/numlockx +++ b/apparmor.d/profiles-m-r/numlockx @@ -15,7 +15,7 @@ profile numlockx @{exec_path} { owner @{HOME}/.Xauthority r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, owner @{HOME}/.xsession-errors w, include if exists diff --git a/apparmor.d/profiles-m-r/nvtop b/apparmor.d/profiles-m-r/nvtop index 339d8548..1a359116 100644 --- a/apparmor.d/profiles-m-r/nvtop +++ b/apparmor.d/profiles-m-r/nvtop @@ -37,16 +37,16 @@ profile nvtop @{exec_path} flags=(attach_disconnected) { @{sys}/bus/ r, @{sys}/class/ r, @{sys}/class/drm/ r, - @{sys}/devices/pci[0-9]*/**/drm/card[0-9]*/gt_cur_freq_mhz r, + @{sys}/devices/pci[0-9]*/**/drm/card@{int}/gt_cur_freq_mhz r, @{sys}/devices/pci[0-9]*/**/enable r, - @{sys}/devices/system/node/node[0-9]*/cpumap r, + @{sys}/devices/system/node/node@{int}/cpumap r, @{PROC}/ r, @{PROC}/@{pids}/ r, @{PROC}/@{pids}/cmdline r, @{PROC}/@{pids}/fd/ r, @{PROC}/@{pids}/fdinfo/ r, - @{PROC}/@{pids}/fdinfo/[0-9]* r, + @{PROC}/@{pids}/fdinfo/@{int} r, @{PROC}/@{pids}/stat r, @{PROC}/driver/nvidia/capabilities/mig/{config,monitor} r, diff --git a/apparmor.d/profiles-m-r/obconf b/apparmor.d/profiles-m-r/obconf index dfa88355..3c52dd16 100644 --- a/apparmor.d/profiles-m-r/obconf +++ b/apparmor.d/profiles-m-r/obconf @@ -33,7 +33,7 @@ profile obconf @{exec_path} { /etc/fstab r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-m-r/openbox b/apparmor.d/profiles-m-r/openbox index a9ff5874..8f516375 100644 --- a/apparmor.d/profiles-m-r/openbox +++ b/apparmor.d/profiles-m-r/openbox @@ -46,7 +46,7 @@ profile openbox @{exec_path} { owner @{PROC}/@{pid}/fd/ r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, owner @{HOME}/.xsession-errors w, @@ -79,7 +79,7 @@ profile openbox @{exec_path} { # file_inherit owner @{HOME}/.xsession-errors w, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-m-r/openbox-session b/apparmor.d/profiles-m-r/openbox-session index e7d302ed..6cef5ec5 100644 --- a/apparmor.d/profiles-m-r/openbox-session +++ b/apparmor.d/profiles-m-r/openbox-session @@ -21,7 +21,7 @@ profile openbox-session @{exec_path} { # file_inherit owner @{HOME}/.xsession-errors w, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-m-r/orage b/apparmor.d/profiles-m-r/orage index 19576ce6..ae7746c9 100644 --- a/apparmor.d/profiles-m-r/orage +++ b/apparmor.d/profiles-m-r/orage @@ -40,7 +40,7 @@ profile orage @{exec_path} { @{lib}/firefox/firefox rPUx, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile open { diff --git a/apparmor.d/profiles-m-r/packagekitd b/apparmor.d/profiles-m-r/packagekitd index 7e4ddb1c..d6158b67 100644 --- a/apparmor.d/profiles-m-r/packagekitd +++ b/apparmor.d/profiles-m-r/packagekitd @@ -127,7 +127,7 @@ profile packagekitd @{exec_path} flags=(attach_disconnected) { owner @{run}/systemd/users/@{uid} r, owner @{run}/zypp-rpm.pid rwk, # only: opensuse - owner /dev/shm/AP_0x??????/{,**} rw, + owner /dev/shm/AP_0x@{rand6}/{,**} rw, owner /dev/shm/ r, @{sys}/**/ r, diff --git a/apparmor.d/profiles-m-r/pactl b/apparmor.d/profiles-m-r/pactl index a3861a8f..5490c5e1 100644 --- a/apparmor.d/profiles-m-r/pactl +++ b/apparmor.d/profiles-m-r/pactl @@ -27,7 +27,7 @@ profile pactl @{exec_path} { owner @{user_config_dirs}/pulse/ rw, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, owner @{HOME}/.xsession-errors w, owner @{HOME}/.anyRemote/anyremote.stdout w, diff --git a/apparmor.d/profiles-m-r/pavucontrol b/apparmor.d/profiles-m-r/pavucontrol index 2f86ca01..41eaee9c 100644 --- a/apparmor.d/profiles-m-r/pavucontrol +++ b/apparmor.d/profiles-m-r/pavucontrol @@ -33,7 +33,7 @@ profile pavucontrol @{exec_path} { /usr/share/**/icons/**/*.png r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-m-r/picom b/apparmor.d/profiles-m-r/picom index a1d8da4f..97abb147 100644 --- a/apparmor.d/profiles-m-r/picom +++ b/apparmor.d/profiles-m-r/picom @@ -32,7 +32,7 @@ profile picom @{exec_path} { owner @{PROC}/@{pid}/fd/ r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-m-r/pidof b/apparmor.d/profiles-m-r/pidof index f0e7ca4a..4a3fa08a 100644 --- a/apparmor.d/profiles-m-r/pidof +++ b/apparmor.d/profiles-m-r/pidof @@ -23,7 +23,7 @@ profile pidof @{exec_path} { @{PROC}/@{pids}/stat r, @{PROC}/sys/kernel/osrelease r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } \ No newline at end of file diff --git a/apparmor.d/profiles-m-r/pkexec b/apparmor.d/profiles-m-r/pkexec index 8930e937..96e5fa8e 100644 --- a/apparmor.d/profiles-m-r/pkexec +++ b/apparmor.d/profiles-m-r/pkexec @@ -70,7 +70,7 @@ profile pkexec @{exec_path} { owner @{PROC}/@{pid}/fd/ r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, owner @{HOME}/.xsession-errors w, # Silencer diff --git a/apparmor.d/profiles-m-r/power-profiles-daemon b/apparmor.d/profiles-m-r/power-profiles-daemon index df946a72..31633993 100644 --- a/apparmor.d/profiles-m-r/power-profiles-daemon +++ b/apparmor.d/profiles-m-r/power-profiles-daemon @@ -52,10 +52,10 @@ profile power-profiles-daemon @{exec_path} flags=(attach_disconnected) { @{sys}/devices/**/power_supply/*/uevent r, @{sys}/devices/system/cpu/*_pstate/{no_turbo,turbo_pct} r, @{sys}/devices/system/cpu/*_pstate/status r, - @{sys}/devices/system/cpu/cpu[0-9]*/power/energy_perf_bias rw, + @{sys}/devices/system/cpu/cpu@{int}/power/energy_perf_bias rw, @{sys}/devices/system/cpu/cpufreq/ r, - @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/energy_performance_preference rw, - @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/scaling_governor rw, + @{sys}/devices/system/cpu/cpufreq/policy@{int}/energy_performance_preference rw, + @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_governor rw, @{sys}/firmware/acpi/platform_profile* rw, @{sys}/firmware/acpi/pm_profile* rw, diff --git a/apparmor.d/profiles-m-r/ps b/apparmor.d/profiles-m-r/ps index 4e1418b5..e82f9777 100644 --- a/apparmor.d/profiles-m-r/ps +++ b/apparmor.d/profiles-m-r/ps @@ -23,8 +23,8 @@ profile ps @{exec_path} flags=(attach_disconnected) { @{run}/systemd/sessions/* r, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/cpumap r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, + @{sys}/devices/system/node/node@{int}/cpumap r, + @{sys}/devices/system/node/node@{int}/meminfo r, @{PROC}/ r, @{PROC}/@{pids}/attr/current r, @@ -47,7 +47,7 @@ profile ps @{exec_path} flags=(attach_disconnected) { # file_inherit owner @{HOME}/.xsession-errors w, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, deny @{user_share_dirs}/gvfs-metadata/* r, diff --git a/apparmor.d/profiles-m-r/psi b/apparmor.d/profiles-m-r/psi index 266d10d6..8c0cf7d1 100644 --- a/apparmor.d/profiles-m-r/psi +++ b/apparmor.d/profiles-m-r/psi @@ -78,7 +78,7 @@ profile psi @{exec_path} { /dev/shm/#@{int} rw, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile aplay { include @@ -95,7 +95,7 @@ profile psi @{exec_path} { owner @{HOME}/.Xauthority r, # file_inherit - /dev/dri/card[0-9]* rw, + /dev/dri/card@{int} rw, } @@ -108,7 +108,7 @@ profile psi @{exec_path} { owner @{HOME}/.gnupg/** rwkl -> @{HOME}/.gnupg/**, # file_inherit - /dev/dri/card[0-9]* rw, + /dev/dri/card@{int} rw, } diff --git a/apparmor.d/profiles-m-r/psi-plus b/apparmor.d/profiles-m-r/psi-plus index 57761905..b375c710 100644 --- a/apparmor.d/profiles-m-r/psi-plus +++ b/apparmor.d/profiles-m-r/psi-plus @@ -77,7 +77,7 @@ profile psi-plus @{exec_path} { /dev/shm/#@{int} rw, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile aplay { include @@ -94,7 +94,7 @@ profile psi-plus @{exec_path} { owner @{HOME}/.Xauthority r, # file_inherit - /dev/dri/card[0-9]* rw, + /dev/dri/card@{int} rw, } @@ -107,7 +107,7 @@ profile psi-plus @{exec_path} { owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**, # file_inherit - /dev/dri/card[0-9]* rw, + /dev/dri/card@{int} rw, } diff --git a/apparmor.d/profiles-m-r/pulseeffects b/apparmor.d/profiles-m-r/pulseeffects index 1d270b8b..8afef641 100644 --- a/apparmor.d/profiles-m-r/pulseeffects +++ b/apparmor.d/profiles-m-r/pulseeffects @@ -33,7 +33,7 @@ profile pulseeffects @{exec_path} { owner @{PROC}/@{pid}/fd/ r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-m-r/qbittorrent b/apparmor.d/profiles-m-r/qbittorrent index 0f4717aa..a9cc491c 100644 --- a/apparmor.d/profiles-m-r/qbittorrent +++ b/apparmor.d/profiles-m-r/qbittorrent @@ -163,7 +163,7 @@ profile qbittorrent @{exec_path} { owner /tmp/xauth-[0-9]*-_[0-9] rw, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, # gnome-tiny /usr/share/gvfs/remote-volume-monitors/{,*} r, @@ -267,7 +267,7 @@ profile qbittorrent @{exec_path} { # file_inherit owner @{MOUNTS}/torrent/** r, - deny /dev/dri/card[0-9]* rw, + deny /dev/dri/card@{int} rw, include if exists } diff --git a/apparmor.d/profiles-m-r/qnapi b/apparmor.d/profiles-m-r/qnapi index d42a38dd..db179df5 100644 --- a/apparmor.d/profiles-m-r/qnapi +++ b/apparmor.d/profiles-m-r/qnapi @@ -81,7 +81,7 @@ profile qnapi @{exec_path} { owner @{PROC}/@{pid}/mounts r, deny @{PROC}/sys/kernel/random/boot_id r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile open { include diff --git a/apparmor.d/profiles-m-r/qpdfview b/apparmor.d/profiles-m-r/qpdfview index ebef6c9b..627763e9 100644 --- a/apparmor.d/profiles-m-r/qpdfview +++ b/apparmor.d/profiles-m-r/qpdfview @@ -67,7 +67,7 @@ profile qpdfview @{exec_path} { deny @{PROC}/sys/kernel/random/boot_id r, deny owner @{PROC}/@{pid}/cmdline r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-m-r/qtox b/apparmor.d/profiles-m-r/qtox index b78851a9..a3e58b4c 100644 --- a/apparmor.d/profiles-m-r/qtox +++ b/apparmor.d/profiles-m-r/qtox @@ -63,10 +63,10 @@ profile qtox @{exec_path} { owner /tmp/qipc_{systemsem,sharedmemory}_*@{hex} rw, @{sys}/devices/system/node/ r, # for ld-linux-x86-64.so -> libnuma1.so - @{sys}/devices/system/node/node[0-9]*/meminfo r, # for ld-linux-x86-64.so -> libnuma1.so + @{sys}/devices/system/node/node@{int}/meminfo r, # for ld-linux-x86-64.so -> libnuma1.so /dev/ r, - /dev/video[0-9]* rw, + /dev/video@{int} rw, profile open { @@ -91,7 +91,7 @@ profile qtox @{exec_path} { # file_inherit owner @{HOME}/.xsession-errors w, owner @{user_cache_dirs}/qTox/qtox.log w, - deny /dev/video[0-9]* rw, + deny /dev/video@{int} rw, } diff --git a/apparmor.d/profiles-m-r/quiterss b/apparmor.d/profiles-m-r/quiterss index 382adeec..2179eb5b 100644 --- a/apparmor.d/profiles-m-r/quiterss +++ b/apparmor.d/profiles-m-r/quiterss @@ -73,7 +73,7 @@ profile quiterss @{exec_path} { @{lib}/firefox/firefox rPUx, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile open { diff --git a/apparmor.d/profiles-m-r/rdmsr b/apparmor.d/profiles-m-r/rdmsr index 5ef9e0ad..c2af5b2f 100644 --- a/apparmor.d/profiles-m-r/rdmsr +++ b/apparmor.d/profiles-m-r/rdmsr @@ -15,7 +15,7 @@ profile rdmsr @{exec_path} { @{exec_path} mr, - owner /dev/cpu/[0-9]*/msr r, + owner /dev/cpu/@{int}/msr r, include if exists } diff --git a/apparmor.d/profiles-m-r/redshift b/apparmor.d/profiles-m-r/redshift index 47d36acc..51a0a492 100644 --- a/apparmor.d/profiles-m-r/redshift +++ b/apparmor.d/profiles-m-r/redshift @@ -36,7 +36,7 @@ profile redshift @{exec_path} { owner /tmp/xauth-[0-9]*-_[0-9] r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-m-r/run-parts b/apparmor.d/profiles-m-r/run-parts index 0e4f7189..06f0a7ca 100644 --- a/apparmor.d/profiles-m-r/run-parts +++ b/apparmor.d/profiles-m-r/run-parts @@ -104,7 +104,7 @@ profile run-parts @{exec_path} { # Motd /etc/update-motd.d/ r, - /etc/update-motd.d/[0-9]*-[a-z]* rCx -> motd, + /etc/update-motd.d/@{int}-[a-z]* rCx -> motd, # Kernel /etc/kernel/header_postinst.d/ r, @@ -135,7 +135,7 @@ profile run-parts @{exec_path} { owner @{sys}/class/power_supply/ r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, profile motd { include @@ -161,7 +161,7 @@ profile run-parts @{exec_path} { / r, /etc/default/motd-news r, /etc/lsb-release r, - /etc/update-motd.d/[0-9]*-[a-z]* r, + /etc/update-motd.d/@{int}-[a-z]* r, /var/cache/motd-news rw, /var/lib/update-notifier/updates-available r, @@ -171,7 +171,7 @@ profile run-parts @{exec_path} { @{PROC}/@{pids}/mounts r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, } profile kernel { diff --git a/apparmor.d/profiles-m-r/rustdesk b/apparmor.d/profiles-m-r/rustdesk index 6f53f680..516e90be 100644 --- a/apparmor.d/profiles-m-r/rustdesk +++ b/apparmor.d/profiles-m-r/rustdesk @@ -68,7 +68,7 @@ profile rustdesk @{exec_path} { owner @{user_share_dirs}/logs/[rR]ust[dD]esk/{,**} rw, owner @{user_config_dirs}/[rR]ust[dD]esk/{,**} rw, - @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/scaling_{cur,min,max}_freq r, + @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_{cur,min,max}_freq r, @{PROC}/uptime r, owner @{PROC}/@{pid}/cgroup r, diff --git a/apparmor.d/profiles-s-z/sensors b/apparmor.d/profiles-s-z/sensors index 4670bf5c..bf1cfce8 100644 --- a/apparmor.d/profiles-s-z/sensors +++ b/apparmor.d/profiles-s-z/sensors @@ -24,14 +24,14 @@ profile sensors @{exec_path} { @{sys}/devices/**/hwmon*/{in[0-9]_label,in[0-9]_min,in[0-9]_max} r, @{sys}/devices/**/hwmon*/{name,temp*,*_input} r, @{sys}/devices/**/hwmon*/**/{name,temp*,*_input} r, - @{sys}/devices/**/hwmon/hwmon[0-9]*/power[0-9]*_crit r, + @{sys}/devices/**/hwmon/hwmon@{int}/power[0-9]*_crit r, @{sys}/devices/{,platform/*.{i2c,hdmi}/}i2c-[0-9]*/name r, @{sys}/devices/pci[0-9]*/**/name r, - @{sys}/devices/platform/**/power_supply/**/hwmon[0-9]*/curr1_max r, + @{sys}/devices/platform/**/power_supply/**/hwmon@{int}/curr1_max r, @{sys}/devices/virtual/hwmon/hwmon[0-9]* r, - @{sys}/devices/virtual/hwmon/hwmon[0-9]*/ r, - @{sys}/devices/virtual/hwmon/hwmon[0-9]*/{name,temp*} r, - @{sys}/devices/virtual/hwmon/hwmon[0-9]*/fan[0-9]_label r, + @{sys}/devices/virtual/hwmon/hwmon@{int}/ r, + @{sys}/devices/virtual/hwmon/hwmon@{int}/{name,temp*} r, + @{sys}/devices/virtual/hwmon/hwmon@{int}/fan[0-9]_label r, # file_inherit deny @{PROC}/@{pid}/net/dev r, diff --git a/apparmor.d/profiles-s-z/smplayer b/apparmor.d/profiles-s-z/smplayer index f8130927..6f84b00f 100644 --- a/apparmor.d/profiles-s-z/smplayer +++ b/apparmor.d/profiles-s-z/smplayer @@ -69,7 +69,7 @@ profile smplayer @{exec_path} { owner /tmp/qtsingleapp-smplay-* rw, owner /tmp/qtsingleapp-smplay-*-lockfile rwk, owner /tmp/smplayer_preview/ rw, - owner /tmp/smplayer_preview/[0-9]*.{jpg,png} rw, + owner /tmp/smplayer_preview/@{int}.{jpg,png} rw, owner /tmp/smplayer-mpv-* w, owner @{run}/user/@{uid}/gvfs/smb-share:server=*,share=**/ r, @@ -84,7 +84,7 @@ profile smplayer @{exec_path} { @{PROC}/@{pid}/mounts r, /dev/ r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-s-z/smtube b/apparmor.d/profiles-s-z/smtube index f958a0e0..3aa94901 100644 --- a/apparmor.d/profiles-s-z/smtube +++ b/apparmor.d/profiles-s-z/smtube @@ -77,7 +77,7 @@ profile smtube @{exec_path} { @{lib}/firefox/firefox rPUx, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile open { diff --git a/apparmor.d/profiles-s-z/snap b/apparmor.d/profiles-s-z/snap index c9ddb14b..456c899e 100644 --- a/apparmor.d/profiles-s-z/snap +++ b/apparmor.d/profiles-s-z/snap @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{snap/snapd/[0-9]*/,}{usr/,}bin/snap +@{exec_path} = /{snap/snapd/@{int}/,}{usr/,}bin/snap profile snap @{exec_path} { include include @@ -43,9 +43,9 @@ profile snap @{exec_path} { @{bin}/systemctl rPx -> child-systemctl, /snap/{,**} rw, - /{snap/snapd/[0-9]*/,}{usr/,}lib/snapd/snap-confine rPx, - /{snap/snapd/[0-9]*/,}{usr/,}lib/snapd/snap-seccomp rPx, - /{snap/snapd/[0-9]*/,}{usr/,}lib/snapd/snapd r, + /{snap/snapd/@{int}/,}{usr/,}lib/snapd/snap-confine rPx, + /{snap/snapd/@{int}/,}{usr/,}lib/snapd/snap-seccomp rPx, + /{snap/snapd/@{int}/,}{usr/,}lib/snapd/snapd r, /etc/fstab r, @@ -77,7 +77,7 @@ profile snap @{exec_path} { @{PROC}/sys/kernel/seccomp/actions_avail r, @{PROC}/version r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, /dev/ttyS[0-9]* rw, deny @{user_share_dirs}/gvfs-metadata/* r, diff --git a/apparmor.d/profiles-s-z/snap-discard-ns b/apparmor.d/profiles-s-z/snap-discard-ns index 7d39be68..278faabf 100644 --- a/apparmor.d/profiles-s-z/snap-discard-ns +++ b/apparmor.d/profiles-s-z/snap-discard-ns @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{snap/snapd/[0-9]*/,}{usr/,}lib/snapd/snap-discard-ns +@{exec_path} = /{snap/snapd/@{int}/,}{usr/,}lib/snapd/snap-discard-ns profile snap-discard-ns @{exec_path} { include diff --git a/apparmor.d/profiles-s-z/snap-failure b/apparmor.d/profiles-s-z/snap-failure index 4f6a5a97..3ce23d70 100644 --- a/apparmor.d/profiles-s-z/snap-failure +++ b/apparmor.d/profiles-s-z/snap-failure @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{snap/snapd/[0-9]*/,}{usr/,}lib/snapd/snap-failure +@{exec_path} = /{snap/snapd/@{int}/,}{usr/,}lib/snapd/snap-failure profile snap-failure @{exec_path} { include diff --git a/apparmor.d/profiles-s-z/snap-seccomp b/apparmor.d/profiles-s-z/snap-seccomp index 791d716c..a1e69f44 100644 --- a/apparmor.d/profiles-s-z/snap-seccomp +++ b/apparmor.d/profiles-s-z/snap-seccomp @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{snap/snapd/[0-9]*/,}{usr/,}lib/snapd/snap-seccomp +@{exec_path} = /{snap/snapd/@{int}/,}{usr/,}lib/snapd/snap-seccomp profile snap-seccomp @{exec_path} { include include @@ -16,7 +16,7 @@ profile snap-seccomp @{exec_path} { @{exec_path} mr, - /snap/snapd/[0-9]*/usr/lib/snapd/snap-seccomp r, + /snap/snapd/@{int}/usr/lib/snapd/snap-seccomp r, /var/lib/snapd/seccomp/bpf/{,**} rw, diff --git a/apparmor.d/profiles-s-z/snap-update-ns b/apparmor.d/profiles-s-z/snap-update-ns index 19cb2ea4..61f3b815 100644 --- a/apparmor.d/profiles-s-z/snap-update-ns +++ b/apparmor.d/profiles-s-z/snap-update-ns @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{snap/snapd/[0-9]*/,}{usr/,}lib/snapd/snap-update-ns +@{exec_path} = /{snap/snapd/@{int}/,}{usr/,}lib/snapd/snap-update-ns profile snap-update-ns @{exec_path} { include diff --git a/apparmor.d/profiles-s-z/snapd b/apparmor.d/profiles-s-z/snapd index 066ab505..e0bfd90f 100644 --- a/apparmor.d/profiles-s-z/snapd +++ b/apparmor.d/profiles-s-z/snapd @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{snap/snapd/[0-9]*/,}{usr/,}lib/snapd/snapd +@{exec_path} = /{snap/snapd/@{int}/,}{usr/,}lib/snapd/snapd profile snapd @{exec_path} { include include @@ -84,15 +84,15 @@ profile snapd @{exec_path} { @{bin}/unsquashfs rix, @{bin}/update-desktop-database rPx, - /{snap/snapd/[0-9]*/,}{usr/,}bin/fc-cache-* mr, - /{snap/snapd/[0-9]*/,}{usr/,}bin/snap rPx, - /{snap/snapd/[0-9]*/,}{usr/,}bin/xdelta3 rix, # TODO: rPx ? - /{snap/snapd/[0-9]*/,}{usr/,}lib/@{multiarch}/** mr, - /{snap/snapd/[0-9]*/,}{usr/,}lib/@{multiarch}/ld-*.so rix, - /{snap/snapd/[0-9]*/,}{usr/,}lib/snapd/snap-discard-ns rPx, - /{snap/snapd/[0-9]*/,}{usr/,}lib/snapd/snap-seccomp rPx, - /{snap/snapd/[0-9]*/,}{usr/,}lib/snapd/snap-update-ns rPx, - /{snap/snapd/[0-9]*/,}{usr/,}lib/snapd/snapd rix, + /{snap/snapd/@{int}/,}{usr/,}bin/fc-cache-* mr, + /{snap/snapd/@{int}/,}{usr/,}bin/snap rPx, + /{snap/snapd/@{int}/,}{usr/,}bin/xdelta3 rix, # TODO: rPx ? + /{snap/snapd/@{int}/,}{usr/,}lib/@{multiarch}/** mr, + /{snap/snapd/@{int}/,}{usr/,}lib/@{multiarch}/ld-*.so rix, + /{snap/snapd/@{int}/,}{usr/,}lib/snapd/snap-discard-ns rPx, + /{snap/snapd/@{int}/,}{usr/,}lib/snapd/snap-seccomp rPx, + /{snap/snapd/@{int}/,}{usr/,}lib/snapd/snap-update-ns rPx, + /{snap/snapd/@{int}/,}{usr/,}lib/snapd/snapd rix, /usr/share/bash-completion/{,**} r, /usr/share/dbus-1/{system,session}.d/{,snapd*} r, diff --git a/apparmor.d/profiles-s-z/spacefm b/apparmor.d/profiles-s-z/spacefm index c7a82d06..ab835852 100644 --- a/apparmor.d/profiles-s-z/spacefm +++ b/apparmor.d/profiles-s-z/spacefm @@ -48,7 +48,7 @@ profile spacefm @{exec_path} { @{sys}/class/ r, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, + @{sys}/devices/system/node/node@{int}/meminfo r, @{sys}/fs/cgroup/{,**} r, diff --git a/apparmor.d/profiles-s-z/spectre-meltdown-checker b/apparmor.d/profiles-s-z/spectre-meltdown-checker index 66b4f8a5..fee70838 100644 --- a/apparmor.d/profiles-s-z/spectre-meltdown-checker +++ b/apparmor.d/profiles-s-z/spectre-meltdown-checker @@ -11,7 +11,7 @@ profile spectre-meltdown-checker @{exec_path} { include include - # Needed to read the /dev/cpu/[0-9]*/msr device + # Needed to read the /dev/cpu/@{int}/msr device capability sys_rawio, # Needed to read system logs @@ -84,8 +84,8 @@ profile spectre-meltdown-checker @{exec_path} { /tmp/ r, owner /tmp/{config,kernel}-* rw, - owner /dev/cpu/[0-9]*/cpuid r, - owner /dev/cpu/[0-9]*/msr rw, + owner /dev/cpu/@{int}/cpuid r, + owner /dev/cpu/@{int}/msr rw, owner /dev/kmsg r, /boot/ r, diff --git a/apparmor.d/profiles-s-z/spice-vdagent b/apparmor.d/profiles-s-z/spice-vdagent index cb695796..2444f88d 100644 --- a/apparmor.d/profiles-s-z/spice-vdagent +++ b/apparmor.d/profiles-s-z/spice-vdagent @@ -64,7 +64,7 @@ profile spice-vdagent @{exec_path} { owner @{PROC}/@{pids}/task/@{tid}/comm rw, - /dev/dri/card[0-9]* rw, + /dev/dri/card@{int} rw, include if exists } diff --git a/apparmor.d/profiles-s-z/spice-vdagentd b/apparmor.d/profiles-s-z/spice-vdagentd index 85e488cd..91ab1b08 100644 --- a/apparmor.d/profiles-s-z/spice-vdagentd +++ b/apparmor.d/profiles-s-z/spice-vdagentd @@ -22,7 +22,7 @@ profile spice-vdagentd @{exec_path} flags=(attach_disconnected) { owner @{run}/spice-vdagentd/spice-vdagent-sock r, owner @{run}/spice-vdagentd/spice-vdagentd.pid rw, @{run}/systemd/journal/dev-log w, - @{run}/systemd/seats/seat[0-9]* r, + @{run}/systemd/seats/seat@{int} r, @{run}/systemd/sessions/* r, @{run}/systemd/users/@{uid} r, diff --git a/apparmor.d/profiles-s-z/startx b/apparmor.d/profiles-s-z/startx index 5605a7e4..a7a8e82c 100644 --- a/apparmor.d/profiles-s-z/startx +++ b/apparmor.d/profiles-s-z/startx @@ -43,7 +43,7 @@ profile startx @{exec_path} flags=(attach_disconnected) { owner /tmp/serverauth.* rw, /dev/ r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-s-z/steam b/apparmor.d/profiles-s-z/steam index b265ea2c..4bc831a7 100644 --- a/apparmor.d/profiles-s-z/steam +++ b/apparmor.d/profiles-s-z/steam @@ -223,12 +223,12 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted,complain) owner @{PROC}/@{pid}/task/@{tid}/comm rw, owner @{PROC}/@{pid}/task/@{tid}/status r, - /dev/hidraw[0-9]* rw, + /dev/hidraw@{int} rw, /dev/input/ r, - /dev/input/event[0-9]* r, + /dev/input/event@{int} r, /dev/tty rw, /dev/uinput w, - /dev/video[0-9]* rw, + /dev/video@{int} rw, audit deny /**.steam_exec_test.sh rw, deny owner @{user_share_dirs}/gvfs-metadata/{,*} r, @@ -244,7 +244,7 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted,complain) @{sys}/bus/pci/devices/ r, @{sys}/bus/pci/slots/ r, - @{sys}/bus/pci/slots/[0-9]*/address r, + @{sys}/bus/pci/slots/@{int}/address r, @{sys}/devices/pci[0-9]*/** r, owner /dev/shm/ValveIPCSHM_@{uid} rw, diff --git a/apparmor.d/profiles-s-z/steam-fossilize b/apparmor.d/profiles-s-z/steam-fossilize index 40522a1d..5c168490 100644 --- a/apparmor.d/profiles-s-z/steam-fossilize +++ b/apparmor.d/profiles-s-z/steam-fossilize @@ -22,15 +22,15 @@ profile steam-fossilize @{exec_path} flags=(attach_disconnected) { owner @{HOME}/.steam/steam.pipe r, - owner @{user_share_dirs}/Steam/steamapps/shadercache/[0-9]*/fozpipelinesv[0-9]*/{,**} rw, - owner @{user_share_dirs}/Steam/steamapps/shadercache/[0-9]*/mesa_shader_cache_sf/{,**} rwk, - owner @{user_share_dirs}/Steam/steamapps/shadercache/[0-9]*/nvidiav[0-9]*/GLCache/ rw, - owner @{user_share_dirs}/Steam/steamapps/shadercache/[0-9]*/nvidiav[0-9]*/GLCache/** rwk, + owner @{user_share_dirs}/Steam/steamapps/shadercache/@{int}/fozpipelinesv[0-9]*/{,**} rw, + owner @{user_share_dirs}/Steam/steamapps/shadercache/@{int}/mesa_shader_cache_sf/{,**} rwk, + owner @{user_share_dirs}/Steam/steamapps/shadercache/@{int}/nvidiav[0-9]*/GLCache/ rw, + owner @{user_share_dirs}/Steam/steamapps/shadercache/@{int}/nvidiav[0-9]*/GLCache/** rwk, owner @{run}/user/@{uid}/.mutter-Xwaylandauth.[0-9A-Z]* rw, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/cpumap r, + @{sys}/devices/system/node/node@{int}/cpumap r, @{PROC}/@{pids}/statm r, @{PROC}/pressure/io r, diff --git a/apparmor.d/profiles-s-z/steam-game b/apparmor.d/profiles-s-z/steam-game index b31521e1..95703701 100644 --- a/apparmor.d/profiles-s-z/steam-game +++ b/apparmor.d/profiles-s-z/steam-game @@ -111,7 +111,7 @@ profile steam-game @{exec_path} flags=(attach_disconnected) { @{user_share_dirs}/Steam/steamapps/common/Proton*/files/bin/* mrix, @{user_share_dirs}/Steam/steamapps/common/Proton*/files/lib{,32,64}/** mrix, @{user_share_dirs}/Steam/steamapps/common/Proton*/proton rix, - @{user_share_dirs}/Steam/steamapps/compatdata/[0-9]*/pfx/**.dll rm, + @{user_share_dirs}/Steam/steamapps/compatdata/@{int}/pfx/**.dll rm, @{user_games_dirs}/*/* mr, @{user_games_dirs}/*/**.dll mr, @@ -236,7 +236,7 @@ profile steam-game @{exec_path} flags=(attach_disconnected) { owner @{PROC}/@{pid}/task/@{tid}/stat r, owner @{PROC}/@{pid}/uid_map rw, - /dev/hidraw[0-9]* rw, + /dev/hidraw@{int} rw, /dev/input/ r, /dev/input/* rw, /dev/tty rw, diff --git a/apparmor.d/profiles-s-z/steam-gameoverlayui b/apparmor.d/profiles-s-z/steam-gameoverlayui index 55d16d57..dc7d8cda 100644 --- a/apparmor.d/profiles-s-z/steam-gameoverlayui +++ b/apparmor.d/profiles-s-z/steam-gameoverlayui @@ -38,7 +38,7 @@ profile steam-gameoverlayui @{exec_path} { owner @{user_share_dirs}/Steam/config/DialogConfigOverlay*.vdf rw, owner @{user_share_dirs}/Steam/public/* rk, owner @{user_share_dirs}/Steam/resource/{,**} rk, - owner @{user_share_dirs}/Steam/userdata/[0-9]*/{,**} rk, + owner @{user_share_dirs}/Steam/userdata/@{int}/{,**} rk, owner /var/cache/fontconfig/ rw, @@ -54,7 +54,7 @@ profile steam-gameoverlayui @{exec_path} { owner /tmp/miles_image_* mrw, @{sys}/ r, - @{sys}/devices/system/cpu/cpu[0-9]*/** r, + @{sys}/devices/system/cpu/cpu@{int}/** r, @{sys}/kernel/ r, @{PROC}/version r, diff --git a/apparmor.d/profiles-s-z/steam-reaper b/apparmor.d/profiles-s-z/steam-reaper index e6fd3070..92e6035b 100644 --- a/apparmor.d/profiles-s-z/steam-reaper +++ b/apparmor.d/profiles-s-z/steam-reaper @@ -29,7 +29,7 @@ profile steam-reaper @{exec_path} { owner /dev/shm/u@{uid}-Shm_@{hex} rw, owner /dev/shm/u@{uid}-ValveIPCSharedObj-Steam rwk, - @{sys}/devices/system/cpu/cpu[0-9]*/** r, + @{sys}/devices/system/cpu/cpu@{int}/** r, deny owner @{user_share_dirs}/gvfs-metadata/{,*} r, diff --git a/apparmor.d/profiles-s-z/strawberry b/apparmor.d/profiles-s-z/strawberry index b9971fc2..ac56cb7d 100644 --- a/apparmor.d/profiles-s-z/strawberry +++ b/apparmor.d/profiles-s-z/strawberry @@ -100,7 +100,7 @@ profile strawberry @{exec_path} { @{lib}/firefox/firefox rPUx, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, owner @{HOME}/.anyRemote/anyremote.stdout w, diff --git a/apparmor.d/profiles-s-z/strawberry-tagreader b/apparmor.d/profiles-s-z/strawberry-tagreader index 229dad80..ccf2b2de 100644 --- a/apparmor.d/profiles-s-z/strawberry-tagreader +++ b/apparmor.d/profiles-s-z/strawberry-tagreader @@ -25,7 +25,7 @@ profile strawberry-tagreader @{exec_path} { # file_inherit owner @{HOME}/.xsession-errors w, owner @{HOME}/.anyRemote/anyremote.stdout w, - owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp@{rand6}} rw, + owner @{user_cache_dirs}/gstreamer-@{int}/registry.*.bin{,.tmp@{rand6}} rw, include if exists } diff --git a/apparmor.d/profiles-s-z/su b/apparmor.d/profiles-s-z/su index d3bbbc3a..0502fa50 100644 --- a/apparmor.d/profiles-s-z/su +++ b/apparmor.d/profiles-s-z/su @@ -64,7 +64,7 @@ profile su @{exec_path} { @{sys}/devices/virtual/tty/console/active r, /dev/{,pts/}ptmx rw, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-s-z/sudo b/apparmor.d/profiles-s-z/sudo index db41f1e6..d66d1d78 100644 --- a/apparmor.d/profiles-s-z/sudo +++ b/apparmor.d/profiles-s-z/sudo @@ -57,7 +57,7 @@ profile sudo @{exec_path} { @{bin}/{c,k,tc,z}sh rUx, @{lib}/cockpit/cockpit-askpass rPx, @{lib}/molly-guard/molly-guard rPx, - /snap/snapd/[0-9]*/usr/bin/snap rPx, + /snap/snapd/@{int}/usr/bin/snap rPx, @{etc_ro}/environment r, @{etc_ro}/security/limits.d/{,*} r, @@ -95,7 +95,7 @@ profile sudo @{exec_path} { /dev/ r, # interactive login /dev/ptmx rw, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, deny @{user_share_dirs}/gvfs-metadata/* r, diff --git a/apparmor.d/profiles-s-z/sulogin b/apparmor.d/profiles-s-z/sulogin index 7b20324b..1cfbe35c 100644 --- a/apparmor.d/profiles-s-z/sulogin +++ b/apparmor.d/profiles-s-z/sulogin @@ -20,7 +20,7 @@ profile sulogin @{exec_path} { /etc/shadow r, /dev/ r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, @{PROC}/consoles r, diff --git a/apparmor.d/profiles-s-z/swtpm b/apparmor.d/profiles-s-z/swtpm index 95b1f8f9..3f56ab57 100644 --- a/apparmor.d/profiles-s-z/swtpm +++ b/apparmor.d/profiles-s-z/swtpm @@ -21,9 +21,9 @@ profile swtpm @{exec_path} { /var/log/swtpm/libvirt/qemu/*-swtpm.log w, /tmp/.swtpm_setup.pidfile.* rw, - /tmp/[0-9]*/.lock rwk, - /tmp/[0-9]*/TMP* rw, - /tmp/[0-9]*/vtpm.sock rw, + /tmp/@{int}/.lock rwk, + /tmp/@{int}/TMP* rw, + /tmp/@{int}/vtpm.sock rw, @{run}/libvirt/qemu/swtpm/*.sock w, @{run}/libvirt/qemu/swtpm/*.pid w, diff --git a/apparmor.d/profiles-s-z/system-config-printer b/apparmor.d/profiles-s-z/system-config-printer index ed268af4..83c63576 100644 --- a/apparmor.d/profiles-s-z/system-config-printer +++ b/apparmor.d/profiles-s-z/system-config-printer @@ -70,7 +70,7 @@ profile system-config-printer @{exec_path} flags=(complain) { owner @{PROC}/@{pid}/mounts r, owner @{PROC}/@{pid}/mountinfo r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-s-z/thermald b/apparmor.d/profiles-s-z/thermald index 860c08e1..da3ade1f 100644 --- a/apparmor.d/profiles-s-z/thermald +++ b/apparmor.d/profiles-s-z/thermald @@ -55,8 +55,8 @@ profile thermald @{exec_path} flags=(attach_disconnected) { @{sys}/devices/pci[0-9]*/**/power_limits/power_limit_[0-9]*_tmax_us r, @{sys}/devices/pci[0-9]*/**/power_limits/power_limit_[0-9]*_tmin_us r, - @{sys}/devices/**/hwmon[0-9]*/name r, - @{sys}/devices/**/hwmon[0-9]*/temp[0-9]*_{max,crit} r, + @{sys}/devices/**/hwmon@{int}/name r, + @{sys}/devices/**/hwmon@{int}/temp[0-9]*_{max,crit} r, @{sys}/devices/**/path r, @{sys}/devices/virtual/dmi/id/product_name r, @@ -87,7 +87,7 @@ profile thermald @{exec_path} flags=(attach_disconnected) { /dev/acpi_thermal_rel rw, /dev/input/ r, - /dev/input/event[0-9]* r, + /dev/input/event@{int} r, include if exists } diff --git a/apparmor.d/profiles-s-z/thunderbird b/apparmor.d/profiles-s-z/thunderbird index be3e75b0..b761b8a0 100644 --- a/apparmor.d/profiles-s-z/thunderbird +++ b/apparmor.d/profiles-s-z/thunderbird @@ -193,13 +193,13 @@ profile thunderbird @{exec_path} { /dev/shm/ r, owner /dev/shm/org.chromium.* rw, - owner /dev/shm/org.mozilla.ipc.@{pid}.[0-9]* rw, - owner /dev/shm/wayland.mozilla.ipc.[0-9]* rw, + owner /dev/shm/org.mozilla.ipc.@{pid}.@{int} rw, + owner /dev/shm/wayland.mozilla.ipc.@{int} rw, /dev/tty rw, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, owner @{HOME}/.xsession-errors w, # Silencer diff --git a/apparmor.d/profiles-s-z/thunderbird-glxtest b/apparmor.d/profiles-s-z/thunderbird-glxtest index 80c764b3..9e9d9f9c 100644 --- a/apparmor.d/profiles-s-z/thunderbird-glxtest +++ b/apparmor.d/profiles-s-z/thunderbird-glxtest @@ -26,7 +26,7 @@ profile thunderbird-glxtest @{exec_path} { owner /tmp/thunderbird/.parentlock rw, - owner @{run}/user/@{uid}/xauth_?????? r, + owner @{run}/user/@{uid}/xauth_@{rand6} r, @{sys}/bus/pci/devices/ r, @{sys}/devices/pci[0-9]*/**/class r, diff --git a/apparmor.d/profiles-s-z/tint2 b/apparmor.d/profiles-s-z/tint2 index b657f8f8..e8c3704a 100644 --- a/apparmor.d/profiles-s-z/tint2 +++ b/apparmor.d/profiles-s-z/tint2 @@ -56,7 +56,7 @@ profile tint2 @{exec_path} { owner @{PROC}/@{pid}/mountinfo r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, owner @{HOME}/.xsession-errors w, include if exists diff --git a/apparmor.d/profiles-s-z/tint2conf b/apparmor.d/profiles-s-z/tint2conf index 58303b84..b8ab3956 100644 --- a/apparmor.d/profiles-s-z/tint2conf +++ b/apparmor.d/profiles-s-z/tint2conf @@ -36,7 +36,7 @@ profile tint2conf @{exec_path} { /etc/fstab r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-s-z/top b/apparmor.d/profiles-s-z/top index cc954cc5..8c657671 100644 --- a/apparmor.d/profiles-s-z/top +++ b/apparmor.d/profiles-s-z/top @@ -66,8 +66,8 @@ profile top @{exec_path} flags=(attach_disconnected) { /etc/toprc r, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, - @{sys}/devices/system/node/node[0-9]*/cpumap r, + @{sys}/devices/system/node/node@{int}/meminfo r, + @{sys}/devices/system/node/node@{int}/cpumap r, owner @{user_config_dirs}/procps/ rw, owner @{user_config_dirs}/procps/toprc rw, diff --git a/apparmor.d/profiles-s-z/udisksd b/apparmor.d/profiles-s-z/udisksd index c854a4f0..63252226 100644 --- a/apparmor.d/profiles-s-z/udisksd +++ b/apparmor.d/profiles-s-z/udisksd @@ -131,7 +131,7 @@ profile udisksd @{exec_path} flags=(attach_disconnected) { @{run}/mount/utab{,.*} rw, @{run}/mount/utab.lock rwk, @{run}/udisks2/{,**} rw, - @{run}/systemd/seats/seat[0-9]* r, + @{run}/systemd/seats/seat@{int} r, @{run}/systemd/inhibit/[0-9]*.ref rw, @{run}/cryptsetup/ r, @{run}/cryptsetup/L* rwk, diff --git a/apparmor.d/profiles-s-z/unix-chkpwd b/apparmor.d/profiles-s-z/unix-chkpwd index d30da5c0..4333ea13 100644 --- a/apparmor.d/profiles-s-z/unix-chkpwd +++ b/apparmor.d/profiles-s-z/unix-chkpwd @@ -21,7 +21,7 @@ profile unix-chkpwd @{exec_path} { /etc/shadow r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-s-z/update-ca-certificates b/apparmor.d/profiles-s-z/update-ca-certificates index 3d3a99ce..2d33d3fd 100644 --- a/apparmor.d/profiles-s-z/update-ca-certificates +++ b/apparmor.d/profiles-s-z/update-ca-certificates @@ -62,7 +62,7 @@ profile update-ca-certificates @{exec_path} { /etc/ca-certificates/update.d/ r, # file_inherit - owner /dev/pts/[0-9]* rw, + owner /dev/pts/@{int} rw, } diff --git a/apparmor.d/profiles-s-z/utox b/apparmor.d/profiles-s-z/utox index fe38d12b..63e126f1 100644 --- a/apparmor.d/profiles-s-z/utox +++ b/apparmor.d/profiles-s-z/utox @@ -61,7 +61,7 @@ profile utox @{exec_path} { owner @{HOME}/.xsession-errors w, owner @{user_config_dirs}/tox/[0-9A-F].ftinfo w, owner @{user_config_dirs}/tox/[0-9A-F].ftoutfo w, - deny /dev/video[0-9]* rw, + deny /dev/video@{int} rw, } diff --git a/apparmor.d/profiles-s-z/vidcutter b/apparmor.d/profiles-s-z/vidcutter index 281414fd..8fc3b46a 100644 --- a/apparmor.d/profiles-s-z/vidcutter +++ b/apparmor.d/profiles-s-z/vidcutter @@ -69,7 +69,7 @@ profile vidcutter @{exec_path} { owner @{user_config_dirs}/qt5ct/{,**} r, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, + @{sys}/devices/system/node/node@{int}/meminfo r, owner /tmp/vidcutter-@{uuid} w, owner /tmp/#@{int} rw, @@ -86,7 +86,7 @@ profile vidcutter @{exec_path} { /dev/shm/#@{int} rw, /dev/disk/*/ r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-s-z/virt-manager b/apparmor.d/profiles-s-z/virt-manager index 0b2d194d..15980a19 100644 --- a/apparmor.d/profiles-s-z/virt-manager +++ b/apparmor.d/profiles-s-z/virt-manager @@ -102,8 +102,8 @@ profile virt-manager @{exec_path} flags=(attach_disconnected) { owner @{PROC}/@{pid}/fd/ r, @{PROC}/@{pids}/net/route r, - /dev/media[0-9]* r, - /dev/video[0-9]* rw, + /dev/media@{int} r, + /dev/video@{int} rw, # Silence the noise deny /usr/share/virt-manager/{,**} w, diff --git a/apparmor.d/profiles-s-z/vnstat b/apparmor.d/profiles-s-z/vnstat index 22d095ee..7f6ff8d7 100644 --- a/apparmor.d/profiles-s-z/vnstat +++ b/apparmor.d/profiles-s-z/vnstat @@ -61,7 +61,7 @@ profile vnstat @{exec_path} { deny @{PROC}/diskstats r, deny @{PROC}/loadavg r, deny @{sys}/devices/**/hwmon/**/temp*_input r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, deny network inet dgram, deny network inet6 dgram, diff --git a/apparmor.d/profiles-s-z/volumeicon b/apparmor.d/profiles-s-z/volumeicon index 241da201..39e17f8f 100644 --- a/apparmor.d/profiles-s-z/volumeicon +++ b/apparmor.d/profiles-s-z/volumeicon @@ -38,7 +38,7 @@ profile volumeicon @{exec_path} { @{bin}/pulseeffects rPUx, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-s-z/wireplumber b/apparmor.d/profiles-s-z/wireplumber index 30a951e8..982b3d7f 100644 --- a/apparmor.d/profiles-s-z/wireplumber +++ b/apparmor.d/profiles-s-z/wireplumber @@ -61,7 +61,7 @@ profile wireplumber @{exec_path} { owner @{PROC}/@{pid}/task/@{tid}/comm rw, - /dev/media[0-9]* rw, + /dev/media@{int} rw, /dev/snd/ r, include if exists diff --git a/apparmor.d/profiles-s-z/wireshark b/apparmor.d/profiles-s-z/wireshark index 13732d3b..e01c6147 100644 --- a/apparmor.d/profiles-s-z/wireshark +++ b/apparmor.d/profiles-s-z/wireshark @@ -84,7 +84,7 @@ profile wireshark @{exec_path} { @{lib}/firefox/firefox rPUx, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile open { diff --git a/apparmor.d/profiles-s-z/wpa-gui b/apparmor.d/profiles-s-z/wpa-gui index b356eb29..dec258b0 100644 --- a/apparmor.d/profiles-s-z/wpa-gui +++ b/apparmor.d/profiles-s-z/wpa-gui @@ -32,7 +32,7 @@ profile wpa-gui @{exec_path} { owner @{PROC}/@{pid}/cmdline r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-s-z/wrmsr b/apparmor.d/profiles-s-z/wrmsr index 909504a0..683f9d74 100644 --- a/apparmor.d/profiles-s-z/wrmsr +++ b/apparmor.d/profiles-s-z/wrmsr @@ -15,7 +15,7 @@ profile wrmsr @{exec_path} { @{exec_path} mr, - owner /dev/cpu/[0-9]*/msr w, + owner /dev/cpu/@{int}/msr w, include if exists } diff --git a/apparmor.d/profiles-s-z/xarchiver b/apparmor.d/profiles-s-z/xarchiver index 2800b152..3a270929 100644 --- a/apparmor.d/profiles-s-z/xarchiver +++ b/apparmor.d/profiles-s-z/xarchiver @@ -69,7 +69,7 @@ profile xarchiver @{exec_path} { @{bin}/viewnior rPUx, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile open { diff --git a/apparmor.d/profiles-s-z/xautolock b/apparmor.d/profiles-s-z/xautolock index 57f28572..7112ce9f 100644 --- a/apparmor.d/profiles-s-z/xautolock +++ b/apparmor.d/profiles-s-z/xautolock @@ -25,7 +25,7 @@ profile xautolock @{exec_path} { owner @{HOME}/.Xauthority r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-s-z/xbrlapi b/apparmor.d/profiles-s-z/xbrlapi index a64db6c6..88853900 100644 --- a/apparmor.d/profiles-s-z/xbrlapi +++ b/apparmor.d/profiles-s-z/xbrlapi @@ -15,7 +15,7 @@ profile xbrlapi @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-s-z/xfce4-notifyd b/apparmor.d/profiles-s-z/xfce4-notifyd index 3ddd0a13..0b84dd37 100644 --- a/apparmor.d/profiles-s-z/xfce4-notifyd +++ b/apparmor.d/profiles-s-z/xfce4-notifyd @@ -28,7 +28,7 @@ profile xfce4-notifyd @{exec_path} { owner @{user_config_dirs}/calibre/resources/images/*.png r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-s-z/xfconfd b/apparmor.d/profiles-s-z/xfconfd index c61297c3..319a57bb 100644 --- a/apparmor.d/profiles-s-z/xfconfd +++ b/apparmor.d/profiles-s-z/xfconfd @@ -25,7 +25,7 @@ profile xfconfd @{exec_path} { owner @{user_share_dirs}/ r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, owner @{HOME}/.xsession-errors w, include if exists diff --git a/apparmor.d/profiles-s-z/xinit b/apparmor.d/profiles-s-z/xinit index 498dc4d8..28355328 100644 --- a/apparmor.d/profiles-s-z/xinit +++ b/apparmor.d/profiles-s-z/xinit @@ -80,7 +80,7 @@ profile xinit @{exec_path} { /etc/X11/Xresources/ r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, owner @{HOME}/.xsession-errors w, } @@ -108,7 +108,7 @@ profile xinit @{exec_path} { @{run}/udev/data/* r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, owner @{HOME}/.xsession-errors w, } diff --git a/apparmor.d/profiles-s-z/xsel b/apparmor.d/profiles-s-z/xsel index d69656c6..36a94c9b 100644 --- a/apparmor.d/profiles-s-z/xsel +++ b/apparmor.d/profiles-s-z/xsel @@ -21,7 +21,7 @@ profile xsel @{exec_path} { owner /tmp/xauth-[0-9]*-_[0-9] r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, owner @{HOME}/.xsession-errors w, include if exists diff --git a/apparmor.d/profiles-s-z/zed b/apparmor.d/profiles-s-z/zed index e9251686..c2fa6162 100644 --- a/apparmor.d/profiles-s-z/zed +++ b/apparmor.d/profiles-s-z/zed @@ -46,7 +46,7 @@ profile zed @{exec_path} { owner /tmp/tmp.* rw, @{sys}/bus/pci/slots/ r, - @{sys}/bus/pci/slots/[0-9]*/address r, + @{sys}/bus/pci/slots/@{int}/address r, @{sys}/module/zfs/parameters/zfs_zevent_len_max rw, @{PROC}/@{pids}/mounts r, diff --git a/apparmor.d/profiles-s-z/zpool b/apparmor.d/profiles-s-z/zpool index 3ad0e837..00472ab2 100644 --- a/apparmor.d/profiles-s-z/zpool +++ b/apparmor.d/profiles-s-z/zpool @@ -28,13 +28,13 @@ profile zpool @{exec_path} { /tmp/tmp.* rw, @{sys}/bus/pci/slots/ r, - @{sys}/bus/pci/slots/[0-9]*/address r, + @{sys}/bus/pci/slots/@{int}/address r, @{PROC}/@{pids}/mountinfo r, @{PROC}/@{pids}/mounts r, @{PROC}/sys/kernel/spl/hostid r, - /dev/pts/[0-9]* rw, + /dev/pts/@{int} rw, /dev/zfs rw, include if exists diff --git a/apparmor.d/profiles-s-z/zsysd b/apparmor.d/profiles-s-z/zsysd index 56d1283c..3be0e384 100644 --- a/apparmor.d/profiles-s-z/zsysd +++ b/apparmor.d/profiles-s-z/zsysd @@ -42,7 +42,7 @@ profile zsysd @{exec_path} flags=(complain) { @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, - /dev/pts/[0-9]* rw, + /dev/pts/@{int} rw, /dev/zfs rw, include if exists