feat(profile): clean superfluous openssl abstraction includes

apparmor.d equivalent of https://gitlab.com/apparmor/apparmor/-/merge_requests/1179
2025-01-31 07:17:22 +01:00 · 2024-03-12 16:00:44 +00:00 · 2024-03-12 16:00:44 +00:00 · 467c38724a
commit 467c38724a
parent d5972cdf1d
173 changed files with 0 additions and 180 deletions
--- a/apparmor.d/abstractions/bwrap-app
+++ b/apparmor.d/abstractions/bwrap-app
@ -24,7 +24,6 @@
  include <abstractions/graphics>
  include <abstractions/gstreamer>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/p11-kit>
  include <abstractions/ssl_certs>
  include <abstractions/video>
--- a/apparmor.d/groups/_full/default
+++ b/apparmor.d/groups/_full/default
@ -20,7 +20,6 @@ profile default @{exec_path} flags=(attach_disconnected,mediate_deleted) {
  include <abstractions/devices-usb>
  include <abstractions/graphics>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/p11-kit>
  include <abstractions/ssl_certs>
  include <abstractions/video>
--- a/apparmor.d/groups/akonadi/akonadi_maildispatcher_agent
+++ b/apparmor.d/groups/akonadi/akonadi_maildispatcher_agent
@ -13,7 +13,6 @@ profile akonadi_maildispatcher_agent @{exec_path} {
  include <abstractions/freedesktop.org>
  include <abstractions/graphics>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/qt5>
  include <abstractions/ssl_certs>
  include <abstractions/X-strict>
--- a/apparmor.d/groups/apps/calibre
+++ b/apparmor.d/groups/apps/calibre
@ -29,7 +29,6 @@ profile calibre @{exec_path} {
  include <abstractions/nameservice-strict>
  include <abstractions/nvidia>
  include <abstractions/opencl-intel>
-  include <abstractions/openssl>
  include <abstractions/python>
  include <abstractions/qt5-compose-cache-write>
  include <abstractions/qt5-settings-write>
--- a/apparmor.d/groups/apps/dropbox
+++ b/apparmor.d/groups/apps/dropbox
@ -22,7 +22,6 @@ profile dropbox @{exec_path} {
  include <abstractions/python>
  include <abstractions/nameservice-strict>
  include <abstractions/qt5-settings-write>
-  include <abstractions/openssl>
  include <abstractions/ssl_certs>

  ptrace peer=@{profile_name},
--- a/apparmor.d/groups/apps/flameshot
+++ b/apparmor.d/groups/apps/flameshot
@ -22,7 +22,6 @@ profile flameshot @{exec_path} {
  include <abstractions/thumbnails-cache-read>
  include <abstractions/user-download-strict>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/ssl_certs>

  network inet dgram,
--- a/apparmor.d/groups/apps/telegram-desktop
+++ b/apparmor.d/groups/apps/telegram-desktop
@ -27,7 +27,6 @@ profile telegram-desktop @{exec_path} {
  include <abstractions/mesa>
  include <abstractions/nameservice-strict>
  include <abstractions/enchant>
-  include <abstractions/openssl>
  include <abstractions/ssl_certs>

  network inet dgram,
--- a/apparmor.d/groups/apt/apt
+++ b/apparmor.d/groups/apt/apt
@ -17,7 +17,6 @@ profile apt @{exec_path} flags=(attach_disconnected) {
  include <abstractions/bus/org.freedesktop.PolicyKit1>
  include <abstractions/consoles>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/python>
  include <abstractions/ssl_certs>

--- a/apparmor.d/groups/apt/apt-listbugs
+++ b/apparmor.d/groups/apt/apt-listbugs
@ -13,7 +13,6 @@ profile apt-listbugs @{exec_path} {
  include <abstractions/consoles>
  include <abstractions/ruby>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>

  #capability sys_tty_config,

--- a/apparmor.d/groups/apt/debsecan
+++ b/apparmor.d/groups/apt/debsecan
@ -13,7 +13,6 @@ profile debsecan @{exec_path} {
  include <abstractions/consoles>
  include <abstractions/python>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/ssl_certs>

  network inet dgram,
--- a/apparmor.d/groups/apt/querybts
+++ b/apparmor.d/groups/apt/querybts
@ -16,7 +16,6 @@ profile querybts @{exec_path} {
  include <abstractions/freedesktop.org>
  include <abstractions/nameservice-strict>
  include <abstractions/python>
-  include <abstractions/openssl>
  include <abstractions/ssl_certs>
  include <abstractions/apt-common>

--- a/apparmor.d/groups/apt/unattended-upgrade
+++ b/apparmor.d/groups/apt/unattended-upgrade
@ -17,7 +17,6 @@ profile unattended-upgrade @{exec_path} flags=(attach_disconnected) {
  include <abstractions/bus/org.freedesktop.PackageKit>
  include <abstractions/consoles>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/python>

  capability chown,
--- a/apparmor.d/groups/browsers/firefox-crashreporter
+++ b/apparmor.d/groups/browsers/firefox-crashreporter
@ -19,7 +19,6 @@ profile firefox-crashreporter @{exec_path} flags=(attach_disconnected) {
  include <abstractions/desktop>
  include <abstractions/fontconfig-cache-read>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>

  signal (receive) set=(term, kill) peer=firefox,

--- a/apparmor.d/groups/browsers/firefox-pingsender
+++ b/apparmor.d/groups/browsers/firefox-pingsender
@ -15,7 +15,6 @@ include <tunables/global>
 profile firefox-pingsender @{exec_path} {
  include <abstractions/base>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/ssl_certs>

  network inet stream,
--- a/apparmor.d/groups/browsers/opera-crashreporter
+++ b/apparmor.d/groups/browsers/opera-crashreporter
@ -18,7 +18,6 @@ profile opera-crashreporter @{exec_path} {
  include <abstractions/fonts>
  include <abstractions/freedesktop.org>
  include <abstractions/nameservice>
-  include <abstractions/openssl>
  include <abstractions/ssl_certs>

  ptrace (trace, read) peer=opera,
--- a/apparmor.d/groups/freedesktop/colord
+++ b/apparmor.d/groups/freedesktop/colord
@ -15,7 +15,6 @@ profile colord @{exec_path} flags=(attach_disconnected) {
  include <abstractions/bus/org.freedesktop.PolicyKit1>
  include <abstractions/devices-usb>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>

  network inet dgram,
  network inet6 dgram,
--- a/apparmor.d/groups/freedesktop/pulseaudio
+++ b/apparmor.d/groups/freedesktop/pulseaudio
@ -27,7 +27,6 @@ profile pulseaudio @{exec_path} {
  include <abstractions/gstreamer>
  include <abstractions/hosts_access>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/X-strict>

  ptrace (trace) peer=@{profile_name},
--- a/apparmor.d/groups/gnome/chrome-gnome-shell
+++ b/apparmor.d/groups/gnome/chrome-gnome-shell
@ -11,7 +11,6 @@ profile chrome-gnome-shell @{exec_path} {
  include <abstractions/base>
  include <abstractions/dconf-write>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/python>
  include <abstractions/ssl_certs>

--- a/apparmor.d/groups/gnome/evolution-alarm-notify
+++ b/apparmor.d/groups/gnome/evolution-alarm-notify
@ -17,7 +17,6 @@ profile evolution-alarm-notify @{exec_path} {
  include <abstractions/gnome-strict>
  include <abstractions/nameservice-strict>
  include <abstractions/graphics>
-  include <abstractions/openssl>

  network netlink raw,

--- a/apparmor.d/groups/gnome/gdm-xsession
+++ b/apparmor.d/groups/gnome/gdm-xsession
@ -13,7 +13,6 @@ profile gdm-xsession @{exec_path} {
  include <abstractions/consoles>
  include <abstractions/dconf-write>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>

  @{exec_path} mr,

--- a/apparmor.d/groups/gnome/gjs-console
+++ b/apparmor.d/groups/gnome/gjs-console
@ -23,7 +23,6 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) {
  include <abstractions/gnome-strict>
  include <abstractions/graphics>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>

  network netlink raw,

--- a/apparmor.d/groups/gnome/gnome-calendar
+++ b/apparmor.d/groups/gnome/gnome-calendar
@ -21,7 +21,6 @@ profile gnome-calendar @{exec_path} {
  include <abstractions/gnome-strict>
  include <abstractions/graphics>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/p11-kit>
  include <abstractions/ssl_certs>

--- a/apparmor.d/groups/gnome/gnome-contacts
+++ b/apparmor.d/groups/gnome/gnome-contacts
@ -18,7 +18,6 @@ profile gnome-contacts @{exec_path} {
  include <abstractions/graphics>
  include <abstractions/gstreamer>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/ssl_certs>

  network netlink raw,
--- a/apparmor.d/groups/gnome/gnome-contacts-search-provider
+++ b/apparmor.d/groups/gnome/gnome-contacts-search-provider
@ -13,7 +13,6 @@ profile gnome-contacts-search-provider @{exec_path} {
  include <abstractions/dconf-write>
  include <abstractions/gnome-strict>
  include <abstractions/graphics>
-  include <abstractions/openssl>

  signal (send) set=(term) peer=unconfined,

--- a/apparmor.d/groups/gnome/gnome-control-center-goa-helper
+++ b/apparmor.d/groups/gnome/gnome-control-center-goa-helper
@ -19,7 +19,6 @@ profile gnome-control-center-goa-helper @{exec_path} {
  include <abstractions/gnome-strict>
  include <abstractions/graphics>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/p11-kit>
  include <abstractions/ssl_certs>

--- a/apparmor.d/groups/gnome/gnome-extension-gsconnect
+++ b/apparmor.d/groups/gnome/gnome-extension-gsconnect
@ -21,7 +21,6 @@ profile gnome-extension-gsconnect @{exec_path} {
  include <abstractions/freedesktop.org>
  include <abstractions/gtk>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/p11-kit>
  include <abstractions/ssl_certs>

--- a/apparmor.d/groups/gnome/gnome-keyring-daemon
+++ b/apparmor.d/groups/gnome/gnome-keyring-daemon
@ -15,7 +15,6 @@ profile gnome-keyring-daemon @{exec_path} flags=(attach_disconnected) {
  include <abstractions/bus/org.freedesktop.login1.Session>
  include <abstractions/bus/org.freedesktop.portal.Desktop>
  include <abstractions/bus/org.gnome.SessionManager>
-  include <abstractions/openssl>

  capability ipc_lock,

--- a/apparmor.d/groups/gnome/gnome-music
+++ b/apparmor.d/groups/gnome/gnome-music
@ -15,7 +15,6 @@ profile gnome-music @{exec_path} flags=(attach_disconnected) {
  include <abstractions/graphics>
  include <abstractions/gstreamer>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/p11-kit>
  include <abstractions/python>
  include <abstractions/ssl_certs>
--- a/apparmor.d/groups/gnome/gnome-remote-desktop-daemon
+++ b/apparmor.d/groups/gnome/gnome-remote-desktop-daemon
@ -12,7 +12,6 @@ profile gnome-remote-desktop-daemon @{exec_path} {
  include <abstractions/bus-session>
  include <abstractions/dconf-write>
  include <abstractions/graphics>
-  include <abstractions/openssl>

  network inet stream,
  network inet6 stream,
--- a/apparmor.d/groups/gnome/gnome-software
+++ b/apparmor.d/groups/gnome/gnome-software
@ -14,7 +14,6 @@ profile gnome-software @{exec_path} {
  include <abstractions/gnome-strict>
  include <abstractions/graphics>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/p11-kit>
  include <abstractions/ssl_certs>

--- a/apparmor.d/groups/gnome/goa-daemon
+++ b/apparmor.d/groups/gnome/goa-daemon
@ -15,7 +15,6 @@ profile goa-daemon @{exec_path} {
  include <abstractions/dconf-write>
  include <abstractions/gnome-strict>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/p11-kit>
  include <abstractions/ssl_certs>

--- a/apparmor.d/groups/gnome/nautilus
+++ b/apparmor.d/groups/gnome/nautilus
@ -24,7 +24,6 @@ profile nautilus @{exec_path} flags=(attach_disconnected) {
  include <abstractions/gnome-strict>
  include <abstractions/graphics>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/trash>

  # userns,
--- a/apparmor.d/groups/gnome/org.gnome.NautilusPreviewer
+++ b/apparmor.d/groups/gnome/org.gnome.NautilusPreviewer
@ -18,7 +18,6 @@ profile org.gnome.NautilusPreviewer @{exec_path} {
  include <abstractions/nameservice-strict>
  include <abstractions/private-files-strict>
  include <abstractions/video>
-  include <abstractions/openssl>

  network netlink raw,

--- a/apparmor.d/groups/gnome/seahorse
+++ b/apparmor.d/groups/gnome/seahorse
@ -18,7 +18,6 @@ profile seahorse @{exec_path} {
  include <abstractions/bus/org.freedesktop.secrets>
  include <abstractions/dconf-write>
  include <abstractions/gnome-strict>
-  include <abstractions/openssl>
  include <abstractions/p11-kit>
  include <abstractions/ssl_certs>

--- a/apparmor.d/groups/gnome/tracker-extract
+++ b/apparmor.d/groups/gnome/tracker-extract
@ -21,7 +21,6 @@ profile tracker-extract @{exec_path} flags=(attach_disconnected) {
  include <abstractions/graphics>
  include <abstractions/gstreamer>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>

  network netlink raw,

--- a/apparmor.d/groups/kde/kiod
+++ b/apparmor.d/groups/kde/kiod
@ -12,7 +12,6 @@ profile kiod @{exec_path} {
  include <abstractions/graphics>
  include <abstractions/kde-strict>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>

  network netlink raw,

--- a/apparmor.d/groups/kde/kioworker
+++ b/apparmor.d/groups/kde/kioworker
@ -14,7 +14,6 @@ profile kioworker @{exec_path} {
  include <abstractions/graphics>
  include <abstractions/kde-strict>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/ssl_certs>
  include <abstractions/thumbnails-cache-write>
  include <abstractions/trash>
--- a/apparmor.d/groups/kde/plasma-discover
+++ b/apparmor.d/groups/kde/plasma-discover
@ -14,7 +14,6 @@ profile plasma-discover @{exec_path} {
  include <abstractions/graphics>
  include <abstractions/kde-strict>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/qt5-shader-cache>
  include <abstractions/ssl_certs>

--- a/apparmor.d/groups/kde/sddm-xsession
+++ b/apparmor.d/groups/kde/sddm-xsession
@ -93,7 +93,6 @@ profile sddm-xsession @{exec_path} {
    profile gpg {
    include <abstractions/base>
    include <abstractions/nameservice-strict>
-    include <abstractions/openssl>
    include <abstractions/ssl_certs>

    capability dac_read_search,
--- a/apparmor.d/groups/kde/xdm-xsession
+++ b/apparmor.d/groups/kde/xdm-xsession
@ -12,7 +12,6 @@ profile xdm-xsession @{exec_path} {
  include <abstractions/bash>
  include <abstractions/dconf-write>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/X-strict>

  @{exec_path} mr,
--- a/apparmor.d/groups/network/NetworkManager
+++ b/apparmor.d/groups/network/NetworkManager
@ -18,7 +18,6 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) {
  include <abstractions/bus/org.freedesktop.PolicyKit1>
  include <abstractions/bus/org.freedesktop.resolve1>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/ssl_certs>

  capability audit_write,
--- a/apparmor.d/groups/network/networkd-dispatcher
+++ b/apparmor.d/groups/network/networkd-dispatcher
@ -11,7 +11,6 @@ profile networkd-dispatcher @{exec_path} {
  include <abstractions/base>
  include <abstractions/bus-system>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/python>

  dbus receive bus=system path=/org/freedesktop/network1{,/link/*}
--- a/apparmor.d/groups/network/openvpn
+++ b/apparmor.d/groups/network/openvpn
@ -26,7 +26,6 @@ include <tunables/global>
 profile openvpn @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>

  # Needed to remove the following errors:
  #  ERROR: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1)
--- a/apparmor.d/groups/pacman/arch-audit
+++ b/apparmor.d/groups/pacman/arch-audit
@ -10,7 +10,6 @@ include <tunables/global>
 profile arch-audit @{exec_path} {
  include <abstractions/base>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/ssl_certs>

  capability dac_read_search,
--- a/apparmor.d/groups/pacman/aurpublish
+++ b/apparmor.d/groups/pacman/aurpublish
@ -11,7 +11,6 @@ profile aurpublish @{exec_path} {
  include <abstractions/base>
  include <abstractions/nameservice-strict>
  include <abstractions/ssl_certs>
-  include <abstractions/openssl>

  network inet dgram,
  network inet6 dgram,
--- a/apparmor.d/groups/pacman/paccache
+++ b/apparmor.d/groups/pacman/paccache
@ -10,7 +10,6 @@ include <tunables/global>
 profile paccache @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>

  capability dac_read_search,
  capability mknod,
--- a/apparmor.d/groups/pacman/pacman
+++ b/apparmor.d/groups/pacman/pacman
@ -12,7 +12,6 @@ profile pacman @{exec_path} {
  include <abstractions/consoles>
  include <abstractions/disks-read>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/ssl_certs>

  capability audit_write,
@ -169,7 +168,6 @@ profile pacman @{exec_path} {
  profile gpg {
    include <abstractions/base>
    include <abstractions/nameservice-strict>
-    include <abstractions/openssl>
    include <abstractions/ssl_certs>

    capability dac_read_search,
--- a/apparmor.d/groups/pacman/pacman-hook-mkinitcpio
+++ b/apparmor.d/groups/pacman/pacman-hook-mkinitcpio
@ -50,7 +50,6 @@ profile pacman-hook-mkinitcpio @{exec_path} flags=(attach_disconnected) {

  profile pacman {
    include <abstractions/base>
-    include <abstractions/openssl>

    capability dac_read_search,

--- a/apparmor.d/groups/pacman/reflector
+++ b/apparmor.d/groups/pacman/reflector
@ -10,7 +10,6 @@ include <tunables/global>
 profile reflector @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/python>
  include <abstractions/ssl_certs>

--- a/apparmor.d/groups/ssh/sftp-server
+++ b/apparmor.d/groups/ssh/sftp-server
@ -10,7 +10,6 @@ include <tunables/global>
@{exec_path} += @{lib}/ssh/sftp-server
 profile sftp-server @{exec_path} {
  include <abstractions/base>
-  include <abstractions/openssl>
  include <abstractions/nameservice-strict>

  capability dac_read_search,
--- a/apparmor.d/groups/ssh/ssh
+++ b/apparmor.d/groups/ssh/ssh
@ -12,7 +12,6 @@ profile ssh @{exec_path} {
  include <abstractions/base>
  include <abstractions/consoles>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>

  signal (receive) set=(term) peer=gnome-keyring-daemon,

--- a/apparmor.d/groups/ssh/ssh-agent
+++ b/apparmor.d/groups/ssh/ssh-agent
@ -11,7 +11,6 @@ include <tunables/global>
 profile ssh-agent @{exec_path} {
  include <abstractions/base>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>

  signal (receive) set=term peer=cockpit-bridge,
  signal (receive) set=term peer=gnome-keyring-daemon,
--- a/apparmor.d/groups/ssh/ssh-keygen
+++ b/apparmor.d/groups/ssh/ssh-keygen
@ -13,7 +13,6 @@ profile ssh-keygen @{exec_path} {
  include <abstractions/base>
  include <abstractions/consoles>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>

  @{exec_path} mr,

--- a/apparmor.d/groups/ssh/sshd
+++ b/apparmor.d/groups/ssh/sshd
@ -23,7 +23,6 @@ profile sshd @{exec_path} flags=(attach_disconnected) {
  include <abstractions/consoles>
  include <abstractions/hosts_access>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/ssl_certs>
  include <abstractions/wutmp>

--- a/apparmor.d/groups/systemd/coredumpctl
+++ b/apparmor.d/groups/systemd/coredumpctl
@ -47,7 +47,6 @@ profile coredumpctl @{exec_path} flags=(complain) {

  profile gdb {
    include <abstractions/base>
-    include <abstractions/openssl>
    include <abstractions/python>

    ptrace (trace),
--- a/apparmor.d/groups/systemd/systemd-coredump
+++ b/apparmor.d/groups/systemd/systemd-coredump
@ -11,7 +11,6 @@ include <tunables/global>
 profile systemd-coredump @{exec_path} flags=(attach_disconnected,mediate_deleted) {
  include <abstractions/base>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/systemd-common>

  # userns,
--- a/apparmor.d/groups/systemd/systemd-cryptsetup
+++ b/apparmor.d/groups/systemd/systemd-cryptsetup
@ -11,7 +11,6 @@ profile systemd-cryptsetup @{exec_path} {
  include <abstractions/base>
  include <abstractions/systemd-common>
  include <abstractions/disks-write>
-  include <abstractions/openssl>

  capability ipc_lock,
  capability net_admin,
--- a/apparmor.d/groups/systemd/systemd-homed
+++ b/apparmor.d/groups/systemd/systemd-homed
@ -12,7 +12,6 @@ profile systemd-homed @{exec_path} flags=(attach_disconnected) {
  include <abstractions/bus-system>
  include <abstractions/disks-write>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/systemd-common>

  capability chown,
--- a/apparmor.d/groups/systemd/systemd-resolved
+++ b/apparmor.d/groups/systemd/systemd-resolved
@ -12,7 +12,6 @@ profile systemd-resolved @{exec_path} flags=(attach_disconnected) {
  include <abstractions/bus-system>
  include <abstractions/bus/org.freedesktop.login1>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/p11-kit>
  include <abstractions/ssl_certs>
  include <abstractions/systemd-common>
--- a/apparmor.d/groups/ubuntu/apport
+++ b/apparmor.d/groups/ubuntu/apport
@ -13,7 +13,6 @@ profile apport @{exec_path} flags=(attach_disconnected) {
  include <abstractions/bus-session>
  include <abstractions/bus/org.gnome.SessionManager>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/python>

  capability chown,
--- a/apparmor.d/groups/ubuntu/apport-checkreports
+++ b/apparmor.d/groups/ubuntu/apport-checkreports
@ -10,7 +10,6 @@ include <tunables/global>
 profile apport-checkreports @{exec_path} flags=(attach_disconnected)  {
  include <abstractions/base>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/python>

  @{exec_path} mr,
--- a/apparmor.d/groups/ubuntu/apport-gtk
+++ b/apparmor.d/groups/ubuntu/apport-gtk
@ -17,7 +17,6 @@ profile apport-gtk @{exec_path} {
  include <abstractions/dconf-write>
  include <abstractions/gnome-strict>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/python>
  include <abstractions/ssl_certs>

--- a/apparmor.d/groups/ubuntu/check-new-release-gtk
+++ b/apparmor.d/groups/ubuntu/check-new-release-gtk
@ -16,7 +16,6 @@ profile check-new-release-gtk @{exec_path} {
  include <abstractions/dconf-write>
  include <abstractions/gnome-strict>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/python>
  include <abstractions/ssl_certs>

--- a/apparmor.d/groups/ubuntu/do-release-upgrade
+++ b/apparmor.d/groups/ubuntu/do-release-upgrade
@ -12,7 +12,6 @@ profile do-release-upgrade @{exec_path} {
  include <abstractions/apt-common>
  include <abstractions/consoles>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/python>
  include <abstractions/ssl_certs>

--- a/apparmor.d/groups/ubuntu/hwe-support-status
+++ b/apparmor.d/groups/ubuntu/hwe-support-status
@ -11,7 +11,6 @@ profile hwe-support-status @{exec_path} {
  include <abstractions/base>
  include <abstractions/apt-common>
  include <abstractions/python>
-  include <abstractions/openssl>

  @{exec_path} mr,

--- a/apparmor.d/groups/ubuntu/list-oem-metapackages
+++ b/apparmor.d/groups/ubuntu/list-oem-metapackages
@ -10,7 +10,6 @@ include <tunables/global>
 profile list-oem-metapackages @{exec_path} {
  include <abstractions/base>
  include <abstractions/python>
-  include <abstractions/openssl>
  include <abstractions/apt-common>

  @{exec_path} mr,
--- a/apparmor.d/groups/ubuntu/software-properties-dbus
+++ b/apparmor.d/groups/ubuntu/software-properties-dbus
@ -12,7 +12,6 @@ profile software-properties-dbus @{exec_path} {
  include <abstractions/apt-common>
  include <abstractions/bus-system>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/python>

  # dbus: own bus=system name=com.ubuntu.SoftwareProperties
--- a/apparmor.d/groups/ubuntu/software-properties-gtk
+++ b/apparmor.d/groups/ubuntu/software-properties-gtk
@ -18,7 +18,6 @@ profile software-properties-gtk @{exec_path} {
  include <abstractions/dconf-write>
  include <abstractions/gnome-strict>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/python>

  dbus bind bus=session name=com.ubuntu.SoftwareProperties,
--- a/apparmor.d/groups/ubuntu/subiquity-console-conf
+++ b/apparmor.d/groups/ubuntu/subiquity-console-conf
@ -12,7 +12,6 @@ profile subiquity-console-conf @{exec_path} {
  include <abstractions/disks-read>
  include <abstractions/nameservice-strict>
  include <abstractions/python>
-  include <abstractions/openssl>

  capability chown,
  capability fsetid,
--- a/apparmor.d/groups/ubuntu/ubuntu-advantage
+++ b/apparmor.d/groups/ubuntu/ubuntu-advantage
@ -12,7 +12,6 @@ profile ubuntu-advantage @{exec_path} {
  include <abstractions/apt-common>
  include <abstractions/consoles>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/python>
  include <abstractions/ssl_certs> 

--- a/apparmor.d/groups/ubuntu/update-manager
+++ b/apparmor.d/groups/ubuntu/update-manager
@ -23,7 +23,6 @@ profile update-manager @{exec_path} flags=(attach_disconnected) {
  include <abstractions/dconf-write>
  include <abstractions/gnome-strict>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/python>
  include <abstractions/ssl_certs>

--- a/apparmor.d/groups/ubuntu/update-motd-updates-available
+++ b/apparmor.d/groups/ubuntu/update-motd-updates-available
@ -12,7 +12,6 @@ profile update-motd-updates-available @{exec_path} {
  include <abstractions/apt-common>
  include <abstractions/consoles>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/python>

  capability dac_read_search,
--- a/apparmor.d/groups/ubuntu/update-notifier
+++ b/apparmor.d/groups/ubuntu/update-notifier
@ -19,7 +19,6 @@ profile update-notifier @{exec_path} {
  include <abstractions/dconf-write>
  include <abstractions/gnome-strict>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/python>

  unix (bind) type=stream addr=@@{hex}/bus/systemd/bus-api-user,
--- a/apparmor.d/groups/virt/cockpit-bridge
+++ b/apparmor.d/groups/virt/cockpit-bridge
@ -12,7 +12,6 @@ profile cockpit-bridge @{exec_path} {
  include <abstractions/app-launcher-root>
  include <abstractions/consoles>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/python>

  capability dac_read_search,
--- a/apparmor.d/groups/virt/cockpit-certificate-helper
+++ b/apparmor.d/groups/virt/cockpit-certificate-helper
@ -10,7 +10,6 @@ include <tunables/global>
 profile cockpit-certificate-helper @{exec_path} {
  include <abstractions/base>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>

  @{exec_path} mr,

--- a/apparmor.d/groups/virt/libvirt-dbus
+++ b/apparmor.d/groups/virt/libvirt-dbus
@ -10,7 +10,6 @@ include <tunables/global>
 profile libvirt-dbus @{exec_path} {
  include <abstractions/base>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>

  @{exec_path} mr,

--- a/apparmor.d/groups/virt/libvirtd
+++ b/apparmor.d/groups/virt/libvirtd
@ -22,7 +22,6 @@ profile libvirtd @{exec_path} flags=(attach_disconnected) {
  include <abstractions/devices-usb>
  include <abstractions/disks-write>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>

  capability audit_write,
  capability bpf,
--- a/apparmor.d/groups/virt/virt-aa-helper
+++ b/apparmor.d/groups/virt/virt-aa-helper
@ -10,7 +10,6 @@ include <tunables/global>
@{exec_path} = @{lib}/libvirt/virt-aa-helper
 profile virt-aa-helper @{exec_path} {
  include <abstractions/base>
-  include <abstractions/openssl>

  capability dac_override,
  capability dac_read_search,
--- a/apparmor.d/groups/virt/virtinterfaced
+++ b/apparmor.d/groups/virt/virtinterfaced
@ -10,7 +10,6 @@ include <tunables/global>
 profile virtinterfaced @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>

  network netlink raw,

--- a/apparmor.d/groups/virt/virtlogd
+++ b/apparmor.d/groups/virt/virtlogd
@ -10,7 +10,6 @@ include <tunables/global>
 profile virtlogd @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>

  ptrace (read) peer=libvirtd,
  ptrace (read) peer=unconfined,
--- a/apparmor.d/groups/virt/virtnetworkd
+++ b/apparmor.d/groups/virt/virtnetworkd
@ -9,7 +9,6 @@ include <tunables/global>
@{exec_path} = @{bin}/virtnetworkd
 profile virtnetworkd @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
-  include <abstractions/openssl>
  include <abstractions/nameservice-strict>

  network netlink raw,
--- a/apparmor.d/groups/virt/virtnodedevd
+++ b/apparmor.d/groups/virt/virtnodedevd
@ -13,7 +13,6 @@ profile virtnodedevd @{exec_path} flags=(attach_disconnected) {
  include <abstractions/disks-read>
  include <abstractions/freedesktop.org>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>

  capability net_admin,
  capability sys_admin,
--- a/apparmor.d/groups/virt/virtsecretd
+++ b/apparmor.d/groups/virt/virtsecretd
@ -10,7 +10,6 @@ include <tunables/global>
 profile virtsecretd @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>

  network netlink raw,

--- a/apparmor.d/groups/virt/virtstoraged
+++ b/apparmor.d/groups/virt/virtstoraged
@ -12,7 +12,6 @@ include <tunables/global>
 profile virtstoraged @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>

  capability dac_read_search,

--- a/apparmor.d/profiles-a-f/anyremote
+++ b/apparmor.d/profiles-a-f/anyremote
@ -141,7 +141,6 @@ profile anyremote @{exec_path} {
  profile curl {
    include <abstractions/base>
    include <abstractions/nameservice-strict>
-    include <abstractions/openssl>
    include <abstractions/ssl_certs>

    @{bin}/curl mr,
--- a/apparmor.d/profiles-a-f/appstreamcli
+++ b/apparmor.d/profiles-a-f/appstreamcli
@ -65,7 +65,6 @@ profile appstreamcli @{exec_path} flags=(complain) {
  profile curl {
    include <abstractions/base>
    include <abstractions/nameservice-strict>
-    include <abstractions/openssl>
    include <abstractions/ssl_certs>

    @{bin}/curl mr,
--- a/apparmor.d/profiles-a-f/birdtray
+++ b/apparmor.d/profiles-a-f/birdtray
@ -19,7 +19,6 @@ profile birdtray @{exec_path} {
  include <abstractions/mesa>
  include <abstractions/dri-enumerate>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/ssl_certs>

  network inet dgram,
--- a/apparmor.d/profiles-a-f/conky
+++ b/apparmor.d/profiles-a-f/conky
@ -15,7 +15,6 @@ profile conky @{exec_path} {
  include <abstractions/fonts>
  include <abstractions/fontconfig-cache-read>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/ssl_certs>

  # To get the external IP address
@ -155,7 +154,6 @@ profile conky @{exec_path} {
    include <abstractions/base>
    include <abstractions/consoles>
    include <abstractions/nameservice-strict>
-    include <abstractions/openssl>
    include <abstractions/ssl_certs>

    network inet dgram,
--- a/apparmor.d/profiles-a-f/cupsd
+++ b/apparmor.d/profiles-a-f/cupsd
@ -12,7 +12,6 @@ profile cupsd @{exec_path} flags=(attach_disconnected) {
  include <abstractions/bus/org.freedesktop.Avahi>
  include <abstractions/bus/org.freedesktop.ColorManager>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/python>

  capability audit_write,
--- a/apparmor.d/profiles-a-f/ddclient
+++ b/apparmor.d/profiles-a-f/ddclient
@ -12,7 +12,6 @@ profile ddclient @{exec_path} {
  include <abstractions/base>
  include <abstractions/perl>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/ssl_certs>

  @{exec_path} r,
--- a/apparmor.d/profiles-a-f/dhclient
+++ b/apparmor.d/profiles-a-f/dhclient
@ -11,7 +11,6 @@ include <tunables/global>
 profile dhclient @{exec_path} {
  include <abstractions/base>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>

  capability net_admin,
  capability net_bind_service,
--- a/apparmor.d/profiles-a-f/dhclient-script
+++ b/apparmor.d/profiles-a-f/dhclient-script
@ -11,7 +11,6 @@ include <tunables/global>
 profile dhclient-script @{exec_path} {
  include <abstractions/base>
  include <abstractions/nameservice>
-  include <abstractions/openssl>
  include <abstractions/ssl_certs>

  capability net_admin,
--- a/apparmor.d/profiles-a-f/dig
+++ b/apparmor.d/profiles-a-f/dig
@ -12,7 +12,6 @@ profile dig @{exec_path} {
  include <abstractions/base>
  include <abstractions/consoles>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>

  capability dac_override,
  capability dac_read_search,
--- a/apparmor.d/profiles-a-f/dkms
+++ b/apparmor.d/profiles-a-f/dkms
@ -13,7 +13,6 @@ profile dkms @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/consoles>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>

  capability dac_read_search,
  capability mknod,
@ -118,7 +117,6 @@ profile dkms @{exec_path} flags=(attach_disconnected) {
  profile kmod {
    include <abstractions/base>
    include <abstractions/consoles>
-    include <abstractions/openssl>

    @{bin}/kmod mr,

--- a/apparmor.d/profiles-a-f/downloadhelper
+++ b/apparmor.d/profiles-a-f/downloadhelper
@ -10,7 +10,6 @@ include <tunables/global>
 profile downloadhelper @{exec_path} {
  include <abstractions/base>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/user-download-strict>

  network inet dgram,
--- a/apparmor.d/profiles-a-f/evince
+++ b/apparmor.d/profiles-a-f/evince
@ -17,7 +17,6 @@ profile evince @{exec_path} {
  include <abstractions/gnome-strict>
  include <abstractions/ibus>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/user-download-strict>
  include <abstractions/user-read>
  include <abstractions/user-write>
--- a/apparmor.d/profiles-a-f/fail2ban-server
+++ b/apparmor.d/profiles-a-f/fail2ban-server
@ -10,7 +10,6 @@ include <tunables/global>
 profile fail2ban-server @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/python>

  capability dac_read_search,
--- a/apparmor.d/profiles-a-f/firewalld
+++ b/apparmor.d/profiles-a-f/firewalld
@ -14,7 +14,6 @@ profile firewalld @{exec_path} {
  include <abstractions/bus/org.freedesktop.PolicyKit1>
  include <abstractions/bus/org.freedesktop.NetworkManager>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>

  capability mknod,
  capability net_admin,
--- a/apparmor.d/profiles-a-f/flatpak
+++ b/apparmor.d/profiles-a-f/flatpak
@ -16,7 +16,6 @@ profile flatpak @{exec_path} flags=(attach_disconnected,mediate_deleted,complain
  include <abstractions/dconf-write>
  include <abstractions/gnome-strict>
  include <abstractions/nameservice-strict>
-  include <abstractions/openssl>
  include <abstractions/ssl_certs>

  # userns,
--- a/apparmor.d/profiles-a-f/flatpak-oci-authenticator
+++ b/apparmor.d/profiles-a-f/flatpak-oci-authenticator
@ -9,7 +9,6 @@ include <tunables/global>
@{exec_path} = @{lib}/flatpak-oci-authenticator
 profile flatpak-oci-authenticator @{exec_path} {
  include <abstractions/base>
-  include <abstractions/openssl>

  @{exec_path} mr,

--- a/Show more
+++ b/Show more