From 4ee6cc9657028f2d8e1417f7d059376479892eb1 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Sun, 6 Jun 2021 15:02:40 +0100 Subject: [PATCH] /usr/{lib,libexec} -> @{libexec} --- apparmor.d/groups/browsers/firefox | 2 +- apparmor.d/groups/bus/dbus-daemon | 2 +- apparmor.d/groups/desktop/accounts-daemon | 2 +- apparmor.d/groups/desktop/at-spi-bus-launcher | 2 +- apparmor.d/groups/desktop/at-spi2-registryd | 2 +- apparmor.d/groups/desktop/blueman-mechanism | 4 ++-- apparmor.d/groups/desktop/blueman-rfcomm-watcher | 4 ++-- apparmor.d/groups/desktop/bluetoothd | 2 +- apparmor.d/groups/desktop/colord | 2 +- apparmor.d/groups/desktop/colord-sane | 2 +- apparmor.d/groups/desktop/colord-session | 2 +- apparmor.d/groups/desktop/dconf-service | 2 +- apparmor.d/groups/desktop/obexd | 2 +- apparmor.d/groups/gnome/gjs-console | 2 +- apparmor.d/groups/gnome/gnome-shell | 6 +++--- apparmor.d/groups/gvfs/gvfs-afc-volume-monitor | 2 +- apparmor.d/groups/gvfs/gvfs-goa-volume-monitor | 2 +- apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor | 2 +- apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor | 2 +- apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor | 2 +- apparmor.d/groups/gvfs/gvfsd | 4 ++-- apparmor.d/groups/gvfs/gvfsd-admin | 2 +- apparmor.d/groups/gvfs/gvfsd-afc | 2 +- apparmor.d/groups/gvfs/gvfsd-afp | 2 +- apparmor.d/groups/gvfs/gvfsd-afp-browse | 2 +- apparmor.d/groups/gvfs/gvfsd-archive | 2 +- apparmor.d/groups/gvfs/gvfsd-burn | 2 +- apparmor.d/groups/gvfs/gvfsd-cdda | 2 +- apparmor.d/groups/gvfs/gvfsd-computer | 2 +- apparmor.d/groups/gvfs/gvfsd-dav | 2 +- apparmor.d/groups/gvfs/gvfsd-dnssd | 2 +- apparmor.d/groups/gvfs/gvfsd-ftp | 2 +- apparmor.d/groups/gvfs/gvfsd-fuse | 4 +++- apparmor.d/groups/gvfs/gvfsd-google | 2 +- apparmor.d/groups/gvfs/gvfsd-gphoto2 | 2 +- apparmor.d/groups/gvfs/gvfsd-http | 2 +- apparmor.d/groups/gvfs/gvfsd-localtest | 2 +- apparmor.d/groups/gvfs/gvfsd-metadata | 2 +- apparmor.d/groups/gvfs/gvfsd-mtp | 2 +- apparmor.d/groups/gvfs/gvfsd-network | 2 +- apparmor.d/groups/gvfs/gvfsd-nfs | 2 +- apparmor.d/groups/gvfs/gvfsd-recent | 2 +- apparmor.d/groups/gvfs/gvfsd-sftp | 2 +- apparmor.d/groups/gvfs/gvfsd-smb | 2 +- apparmor.d/groups/gvfs/gvfsd-smb-browse | 2 +- apparmor.d/groups/gvfs/gvfsd-trash | 2 +- apparmor.d/groups/systemd/systemd-coredump | 2 +- apparmor.d/profiles-a-l/gparted | 2 +- apparmor.d/profiles-a-l/labwc | 2 +- apparmor.d/profiles-a-l/lightdm | 2 +- apparmor.d/profiles-a-l/lightdm-gtk-greeter | 2 +- apparmor.d/profiles-m-z/mission-control | 2 +- apparmor.d/profiles-m-z/openbox | 4 ++-- apparmor.d/profiles-m-z/rtkit-daemon | 2 +- apparmor.d/profiles-m-z/udisksd | 2 +- apparmor.d/profiles-m-z/upowerd | 2 +- apparmor.d/tunables/xdg-user-dirs.d/complete | 3 +++ 57 files changed, 67 insertions(+), 62 deletions(-) diff --git a/apparmor.d/groups/browsers/firefox b/apparmor.d/groups/browsers/firefox index 33957a48..d9107cb3 100644 --- a/apparmor.d/groups/browsers/firefox +++ b/apparmor.d/groups/browsers/firefox @@ -75,7 +75,7 @@ profile firefox @{exec_path} flags=(attach_disconnected) { /usr/share/doc/{,**} r, # - /usr/{lib,libexec}/gvfsd-metadata rPx -> gvfsd-metadata, + @{libexec}/gvfsd-metadata rPx -> gvfsd-metadata, # Firefox home files owner @{MOZ_HOMEDIR}/ rw, diff --git a/apparmor.d/groups/bus/dbus-daemon b/apparmor.d/groups/bus/dbus-daemon index 447cefce..a075e499 100644 --- a/apparmor.d/groups/bus/dbus-daemon +++ b/apparmor.d/groups/bus/dbus-daemon @@ -29,7 +29,7 @@ profile dbus-daemon @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, - /{usr/,}{lib,libexec}/* rPUx, + @{libexec}/* rPUx, /{usr/,}lib/ibus/ibus-* rPx, /{usr/,}bin/ r, /{usr/,}bin/[a-z0-9]* rPUx, diff --git a/apparmor.d/groups/desktop/accounts-daemon b/apparmor.d/groups/desktop/accounts-daemon index 9b6a9c70..a326a5bf 100644 --- a/apparmor.d/groups/desktop/accounts-daemon +++ b/apparmor.d/groups/desktop/accounts-daemon @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/accountsservice/accounts-daemon -@{exec_path} += /usr/{lib,libexec}/accounts-daemon +@{exec_path} += @{libexec}/accounts-daemon profile accounts-daemon @{exec_path} { include include diff --git a/apparmor.d/groups/desktop/at-spi-bus-launcher b/apparmor.d/groups/desktop/at-spi-bus-launcher index 7054246b..da186493 100644 --- a/apparmor.d/groups/desktop/at-spi-bus-launcher +++ b/apparmor.d/groups/desktop/at-spi-bus-launcher @@ -8,7 +8,7 @@ abi , include @{exec_path} = /{usr/,}lib/at-spi2-core/at-spi-bus-launcher -@{exec_path} += /usr/{lib,libexec}/at-spi-bus-launcher +@{exec_path} += @{libexec}/at-spi-bus-launcher profile at-spi-bus-launcher @{exec_path} { include include diff --git a/apparmor.d/groups/desktop/at-spi2-registryd b/apparmor.d/groups/desktop/at-spi2-registryd index 697a9ae5..2e67512c 100644 --- a/apparmor.d/groups/desktop/at-spi2-registryd +++ b/apparmor.d/groups/desktop/at-spi2-registryd @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/at-spi2-core/at-spi2-registryd -@{exec_path} += /usr/{lib,libexec}/at-spi2-registryd +@{exec_path} += @{libexec}/at-spi2-registryd profile at-spi2-registryd @{exec_path} flags=(attach_disconnected) { include include diff --git a/apparmor.d/groups/desktop/blueman-mechanism b/apparmor.d/groups/desktop/blueman-mechanism index b0b554ef..da9a0543 100644 --- a/apparmor.d/groups/desktop/blueman-mechanism +++ b/apparmor.d/groups/desktop/blueman-mechanism @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /usr/{lib,libexec}/blueman-mechanism +@{exec_path} = @{libexec}/blueman-mechanism @{exec_path} += /{usr/,}lib/blueman/blueman-mechanism profile blueman-mechanism @{exec_path} { include @@ -24,7 +24,7 @@ profile blueman-mechanism @{exec_path} { @{exec_path} r, /{usr/,}bin/python3.[0-9]* r, - /usr/{lib,libexec}/ r, + @{libexec}/ r, /var/lib/blueman/network.state rw, diff --git a/apparmor.d/groups/desktop/blueman-rfcomm-watcher b/apparmor.d/groups/desktop/blueman-rfcomm-watcher index a52a9ba0..eaa7512b 100644 --- a/apparmor.d/groups/desktop/blueman-rfcomm-watcher +++ b/apparmor.d/groups/desktop/blueman-rfcomm-watcher @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /usr/{lib,libexec}/blueman-rfcomm-watcher +@{exec_path} = @{libexec}/blueman-rfcomm-watcher profile blueman-rfcomm-watcher @{exec_path} { include include @@ -14,7 +14,7 @@ profile blueman-rfcomm-watcher @{exec_path} { @{exec_path} r, /{usr/,}bin/python3.[0-9]* r, - /usr/{lib,libexec}/ r, + @{libexec}/ r, owner @{PROC}/@{pid}/mounts r, diff --git a/apparmor.d/groups/desktop/bluetoothd b/apparmor.d/groups/desktop/bluetoothd index f79d9167..30f50171 100644 --- a/apparmor.d/groups/desktop/bluetoothd +++ b/apparmor.d/groups/desktop/bluetoothd @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/bluetooth/bluetoothd -@{exec_path} += /usr/{lib,libexec}/bluetooth/bluetoothd +@{exec_path} += @{libexec}/bluetooth/bluetoothd profile bluetoothd @{exec_path} { include diff --git a/apparmor.d/groups/desktop/colord b/apparmor.d/groups/desktop/colord index f63c5232..12dd8522 100644 --- a/apparmor.d/groups/desktop/colord +++ b/apparmor.d/groups/desktop/colord @@ -18,7 +18,7 @@ profile colord @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, /{usr/,}lib/colord/colord-sane rPx, - /usr/{lib,libexec}/colord-sane rPx, + @{libexec}/colord-sane rPx, owner /var/lib/colord/** r, owner /var/lib/colord/.cache/ rw, diff --git a/apparmor.d/groups/desktop/colord-sane b/apparmor.d/groups/desktop/colord-sane index 9488de01..0f3cfa1f 100644 --- a/apparmor.d/groups/desktop/colord-sane +++ b/apparmor.d/groups/desktop/colord-sane @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/colord/colord-sane -@{exec_path} += /usr/{lib,libexec}/colord-sane +@{exec_path} += @{libexec}/colord-sane profile colord-sane @{exec_path} flags=(complain) { include include diff --git a/apparmor.d/groups/desktop/colord-session b/apparmor.d/groups/desktop/colord-session index 624d63a0..78d639a5 100644 --- a/apparmor.d/groups/desktop/colord-session +++ b/apparmor.d/groups/desktop/colord-session @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/colord/colord-session /usr/{lib,libexec}/colord-session +@{exec_path} = /{usr/,}lib/colord/colord-session @{libexec}/colord-session profile colord-session @{exec_path} flags=(complain) { include diff --git a/apparmor.d/groups/desktop/dconf-service b/apparmor.d/groups/desktop/dconf-service index 15a76260..8cc9e791 100644 --- a/apparmor.d/groups/desktop/dconf-service +++ b/apparmor.d/groups/desktop/dconf-service @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/dconf/dconf-service /usr/{lib,libexec}/dconf-service +@{exec_path} = /{usr/,}lib/dconf/dconf-service @{libexec}/dconf-service profile dconf-service @{exec_path} flags=(attach_disconnected) { include diff --git a/apparmor.d/groups/desktop/obexd b/apparmor.d/groups/desktop/obexd index 95d016ae..60764ea2 100644 --- a/apparmor.d/groups/desktop/obexd +++ b/apparmor.d/groups/desktop/obexd @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /usr/{lib,libexec}/bluetooth/obexd +@{exec_path} = @{libexec}/bluetooth/obexd profile obexd @{exec_path} { include include diff --git a/apparmor.d/groups/gnome/gjs-console b/apparmor.d/groups/gnome/gjs-console index 26d526e6..5d854a89 100644 --- a/apparmor.d/groups/gnome/gjs-console +++ b/apparmor.d/groups/gnome/gjs-console @@ -24,7 +24,7 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, /{usr/,}bin/ r, /{usr/,}bin/[a-z0-9]* rPUx, - /usr/{lib,libexec}/** rPUx, + @{libexec}/** rPUx, /usr/share/dconf/profile/gdm r, /usr/share/gdm/greeter-dconf-defaults r, diff --git a/apparmor.d/groups/gnome/gnome-shell b/apparmor.d/groups/gnome/gnome-shell index 0b97db89..a65d97a7 100644 --- a/apparmor.d/groups/gnome/gnome-shell +++ b/apparmor.d/groups/gnome/gnome-shell @@ -37,9 +37,9 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, - /{usr/,}bin/Xwayland rPx, - /{usr/,}{lib,libexec}/polkit-1/polkit* rPx, - /{usr/,}{lib,libexec}/* rPUx, + /{usr/,}bin/Xwayland rPx, + @{libexec}/polkit-1/polkit* rPx, + @{libexec}/* rPUx, /usr/share/backgrounds/{,**} r, /usr/share/desktop-directories/{,*.directory} r, diff --git a/apparmor.d/groups/gvfs/gvfs-afc-volume-monitor b/apparmor.d/groups/gvfs/gvfs-afc-volume-monitor index a41fcea3..5373623e 100644 --- a/apparmor.d/groups/gvfs/gvfs-afc-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-afc-volume-monitor @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfs-afc-volume-monitor -@{exec_path} += /usr/{lib,libexec}/gvfs-afc-volume-monitor +@{exec_path} += @{libexec}/gvfs-afc-volume-monitor profile gvfs-afc-volume-monitor @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfs-goa-volume-monitor b/apparmor.d/groups/gvfs/gvfs-goa-volume-monitor index 172715a7..1eaa0116 100644 --- a/apparmor.d/groups/gvfs/gvfs-goa-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-goa-volume-monitor @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfs-goa-volume-monitor -@{exec_path} += /usr/{lib,libexec}/gvfs-goa-volume-monitor +@{exec_path} += @{libexec}/gvfs-goa-volume-monitor profile gvfs-goa-volume-monitor @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor b/apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor index 61712fff..88864385 100644 --- a/apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfs-gphoto2-volume-monitor -@{exec_path} += /usr/{lib,libexec}/gvfs-gphoto2-volume-monitor +@{exec_path} += @{libexec}/gvfs-gphoto2-volume-monitor profile gvfs-gphoto2-volume-monitor @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor b/apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor index eac62d54..94978f25 100644 --- a/apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfs-mtp-volume-monitor -@{exec_path} += /usr/{lib,libexec}/gvfs-mtp-volume-monitor +@{exec_path} += @{libexec}/gvfs-mtp-volume-monitor profile gvfs-mtp-volume-monitor @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor b/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor index 0eeac44c..1acf578b 100644 --- a/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfs-udisks2-volume-monitor -@{exec_path} += /usr/{lib,libexec}/gvfs-udisks2-volume-monitor +@{exec_path} += @{libexec}/gvfs-udisks2-volume-monitor profile gvfs-udisks2-volume-monitor @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfsd b/apparmor.d/groups/gvfs/gvfsd index b4c47177..d1d0a6b0 100644 --- a/apparmor.d/groups/gvfs/gvfsd +++ b/apparmor.d/groups/gvfs/gvfsd @@ -8,7 +8,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd -@{exec_path} += /usr/{lib,libexec}/gvfsd +@{exec_path} += @{libexec}/gvfsd profile gvfsd @{exec_path} { include @@ -18,7 +18,7 @@ profile gvfsd @{exec_path} { # Don't strip env here. /{usr/,}lib/gvfs/gvfsd-* rpx, - /usr/{lib,libexec}/gvfsd-* rpx, + @{libexec}/gvfsd-* rpx, /usr/share/gvfs/{,**} r, diff --git a/apparmor.d/groups/gvfs/gvfsd-admin b/apparmor.d/groups/gvfs/gvfsd-admin index 7a67acee..7acf84de 100644 --- a/apparmor.d/groups/gvfs/gvfsd-admin +++ b/apparmor.d/groups/gvfs/gvfsd-admin @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-admin -@{exec_path} += /usr/{lib,libexec}/gvfsd-admin +@{exec_path} += @{libexec}/gvfsd-admin profile gvfsd-admin @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-afc b/apparmor.d/groups/gvfs/gvfsd-afc index 624c062d..ef6cdf89 100644 --- a/apparmor.d/groups/gvfs/gvfsd-afc +++ b/apparmor.d/groups/gvfs/gvfsd-afc @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-afc -@{exec_path} += /usr/{lib,libexec}/gvfsd-afc +@{exec_path} += @{libexec}/gvfsd-afc profile gvfsd-afc @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-afp b/apparmor.d/groups/gvfs/gvfsd-afp index d1a29b24..04f1ed0d 100644 --- a/apparmor.d/groups/gvfs/gvfsd-afp +++ b/apparmor.d/groups/gvfs/gvfsd-afp @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-afp -@{exec_path} += /usr/{lib,libexec}/gvfsd-afp +@{exec_path} += @{libexec}/gvfsd-afp profile gvfsd-afp @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-afp-browse b/apparmor.d/groups/gvfs/gvfsd-afp-browse index b114de57..55d4fa01 100644 --- a/apparmor.d/groups/gvfs/gvfsd-afp-browse +++ b/apparmor.d/groups/gvfs/gvfsd-afp-browse @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-afp-browse -@{exec_path} += /usr/{lib,libexec}/gvfsd-afp-browse +@{exec_path} += @{libexec}/gvfsd-afp-browse profile gvfsd-afp-browse @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-archive b/apparmor.d/groups/gvfs/gvfsd-archive index e39fe21f..ed9b3aa2 100644 --- a/apparmor.d/groups/gvfs/gvfsd-archive +++ b/apparmor.d/groups/gvfs/gvfsd-archive @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-archive -@{exec_path} += /usr/{lib,libexec}/gvfsd-archive +@{exec_path} += @{libexec}/gvfsd-archive profile gvfsd-archive @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfsd-burn b/apparmor.d/groups/gvfs/gvfsd-burn index bdff2011..1fad9c8c 100644 --- a/apparmor.d/groups/gvfs/gvfsd-burn +++ b/apparmor.d/groups/gvfs/gvfsd-burn @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-burn -@{exec_path} += /usr/{lib,libexec}/gvfsd-burn +@{exec_path} += @{libexec}/gvfsd-burn profile gvfsd-burn @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-cdda b/apparmor.d/groups/gvfs/gvfsd-cdda index 3a592ac2..be789e8b 100644 --- a/apparmor.d/groups/gvfs/gvfsd-cdda +++ b/apparmor.d/groups/gvfs/gvfsd-cdda @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-cdda -@{exec_path} += /usr/{lib,libexec}/gvfsd-cdda +@{exec_path} += @{libexec}/gvfsd-cdda profile gvfsd-cdda @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-computer b/apparmor.d/groups/gvfs/gvfsd-computer index 6e685bb4..70588411 100644 --- a/apparmor.d/groups/gvfs/gvfsd-computer +++ b/apparmor.d/groups/gvfs/gvfsd-computer @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-computer -@{exec_path} += /usr/{lib,libexec}/gvfsd-computer +@{exec_path} += @{libexec}/gvfsd-computer profile gvfsd-computer @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-dav b/apparmor.d/groups/gvfs/gvfsd-dav index 9fa66bc3..45275d6b 100644 --- a/apparmor.d/groups/gvfs/gvfsd-dav +++ b/apparmor.d/groups/gvfs/gvfsd-dav @@ -8,7 +8,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-dav -@{exec_path} += /usr/{lib,libexec}/gvfsd-dav +@{exec_path} += @{libexec}/gvfsd-dav profile gvfsd-dav @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfsd-dnssd b/apparmor.d/groups/gvfs/gvfsd-dnssd index ff13e441..2e9861c1 100644 --- a/apparmor.d/groups/gvfs/gvfsd-dnssd +++ b/apparmor.d/groups/gvfs/gvfsd-dnssd @@ -8,7 +8,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-dnssd -@{exec_path} += /usr/{lib,libexec}/gvfsd-dnssd +@{exec_path} += @{libexec}/gvfsd-dnssd profile gvfsd-dnssd @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-ftp b/apparmor.d/groups/gvfs/gvfsd-ftp index 348e5069..955012d9 100644 --- a/apparmor.d/groups/gvfs/gvfsd-ftp +++ b/apparmor.d/groups/gvfs/gvfsd-ftp @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-ftp -@{exec_path} += /usr/{lib,libexec}/gvfsd-ftp +@{exec_path} += @{libexec}/gvfsd-ftp profile gvfsd-ftp @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfsd-fuse b/apparmor.d/groups/gvfs/gvfsd-fuse index 60f41968..00e52aba 100644 --- a/apparmor.d/groups/gvfs/gvfsd-fuse +++ b/apparmor.d/groups/gvfs/gvfsd-fuse @@ -7,8 +7,10 @@ abi , include +# DENIED operation="mount" info="failed mntpnt match" error=-13 profile="gvfsd-fuse" name="/home/alex/.cache/gvfs/" comm="gvfsd-fuse" fstype="fuse.gvfsd-fuse" srcname="gvfsd-fuse" flags="rw, nosuid, nodev" + @{exec_path} = /{usr/,}lib/gvfs/gvfsd-fuse -@{exec_path} += /usr/{lib,libexec}/gvfsd-fuse +@{exec_path} += @{libexec}/gvfsd-fuse profile gvfsd-fuse @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-google b/apparmor.d/groups/gvfs/gvfsd-google index 0da9033f..6f62148d 100644 --- a/apparmor.d/groups/gvfs/gvfsd-google +++ b/apparmor.d/groups/gvfs/gvfsd-google @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-google -@{exec_path} += /usr/{lib,libexec}/gvfsd-google +@{exec_path} += @{libexec}/gvfsd-google profile gvfsd-google @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-gphoto2 b/apparmor.d/groups/gvfs/gvfsd-gphoto2 index c22aa273..aa07ff77 100644 --- a/apparmor.d/groups/gvfs/gvfsd-gphoto2 +++ b/apparmor.d/groups/gvfs/gvfsd-gphoto2 @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-gphoto2 -@{exec_path} += /usr/{lib,libexec}/gvfsd-gphoto2 +@{exec_path} += @{libexec}/gvfsd-gphoto2 profile gvfsd-gphoto2 @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-http b/apparmor.d/groups/gvfs/gvfsd-http index 42826525..f4717cef 100644 --- a/apparmor.d/groups/gvfs/gvfsd-http +++ b/apparmor.d/groups/gvfs/gvfsd-http @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-http -@{exec_path} += /usr/{lib,libexec}/gvfsd-http +@{exec_path} += @{libexec}/gvfsd-http profile gvfsd-http @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfsd-localtest b/apparmor.d/groups/gvfs/gvfsd-localtest index fb7dd151..b2e025ce 100644 --- a/apparmor.d/groups/gvfs/gvfsd-localtest +++ b/apparmor.d/groups/gvfs/gvfsd-localtest @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-localtest -@{exec_path} += /usr/{lib,libexec}/gvfsd-localtest +@{exec_path} += @{libexec}/gvfsd-localtest profile gvfsd-localtest @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-metadata b/apparmor.d/groups/gvfs/gvfsd-metadata index eb8a9e46..0c97fe46 100644 --- a/apparmor.d/groups/gvfs/gvfsd-metadata +++ b/apparmor.d/groups/gvfs/gvfsd-metadata @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-metadata -@{exec_path} += /usr/{lib,libexec}/gvfsd-metadata +@{exec_path} += @{libexec}/gvfsd-metadata profile gvfsd-metadata @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfsd-mtp b/apparmor.d/groups/gvfs/gvfsd-mtp index f92698ab..2d073182 100644 --- a/apparmor.d/groups/gvfs/gvfsd-mtp +++ b/apparmor.d/groups/gvfs/gvfsd-mtp @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-mtp -@{exec_path} += /usr/{lib,libexec}/gvfsd-mtp +@{exec_path} += @{libexec}/gvfsd-mtp profile gvfsd-mtp @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfsd-network b/apparmor.d/groups/gvfs/gvfsd-network index 6143c960..bb5e366a 100644 --- a/apparmor.d/groups/gvfs/gvfsd-network +++ b/apparmor.d/groups/gvfs/gvfsd-network @@ -8,7 +8,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-network -@{exec_path} += /usr/{lib,libexec}/gvfsd-network +@{exec_path} += @{libexec}/gvfsd-network profile gvfsd-network @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-nfs b/apparmor.d/groups/gvfs/gvfsd-nfs index e6f48a99..c3f1a04e 100644 --- a/apparmor.d/groups/gvfs/gvfsd-nfs +++ b/apparmor.d/groups/gvfs/gvfsd-nfs @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-nfs -@{exec_path} += /usr/{lib,libexec}/gvfsd-nfs +@{exec_path} += @{libexec}/gvfsd-nfs profile gvfsd-nfs @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfsd-recent b/apparmor.d/groups/gvfs/gvfsd-recent index 6de5e054..5dd4c5e6 100644 --- a/apparmor.d/groups/gvfs/gvfsd-recent +++ b/apparmor.d/groups/gvfs/gvfsd-recent @@ -8,7 +8,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-recent -@{exec_path} += /usr/{lib,libexec}/gvfsd-recent +@{exec_path} += @{libexec}/gvfsd-recent profile gvfsd-recent @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfsd-sftp b/apparmor.d/groups/gvfs/gvfsd-sftp index 62d6d026..776a3cfc 100644 --- a/apparmor.d/groups/gvfs/gvfsd-sftp +++ b/apparmor.d/groups/gvfs/gvfsd-sftp @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-sftp -@{exec_path} += /usr/{lib,libexec}/gvfsd-sftp +@{exec_path} += @{libexec}/gvfsd-sftp profile gvfsd-sftp @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfsd-smb b/apparmor.d/groups/gvfs/gvfsd-smb index 5d41c78e..3010e1c2 100644 --- a/apparmor.d/groups/gvfs/gvfsd-smb +++ b/apparmor.d/groups/gvfs/gvfsd-smb @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-smb -@{exec_path} += /usr/{lib,libexec}/gvfsd-smb +@{exec_path} += @{libexec}/gvfsd-smb profile gvfsd-smb @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfsd-smb-browse b/apparmor.d/groups/gvfs/gvfsd-smb-browse index 67f25c74..3549a8dc 100644 --- a/apparmor.d/groups/gvfs/gvfsd-smb-browse +++ b/apparmor.d/groups/gvfs/gvfsd-smb-browse @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-smb-browse -@{exec_path} += /usr/{lib,libexec}/gvfsd-smb-browse +@{exec_path} += @{libexec}/gvfsd-smb-browse profile gvfsd-smb-browse @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfsd-trash b/apparmor.d/groups/gvfs/gvfsd-trash index 87e8e232..a5246ce6 100644 --- a/apparmor.d/groups/gvfs/gvfsd-trash +++ b/apparmor.d/groups/gvfs/gvfsd-trash @@ -8,7 +8,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-trash -@{exec_path} += /usr/{lib,libexec}/gvfsd-trash +@{exec_path} += @{libexec}/gvfsd-trash profile gvfsd-trash @{exec_path} { include include diff --git a/apparmor.d/groups/systemd/systemd-coredump b/apparmor.d/groups/systemd/systemd-coredump index 2e2246e8..7869ad46 100644 --- a/apparmor.d/groups/systemd/systemd-coredump +++ b/apparmor.d/groups/systemd/systemd-coredump @@ -26,7 +26,7 @@ profile systemd-coredump @{exec_path} flags=(attach_disconnected complain) { /{usr/,}bin/* r, /{usr/,}sbin/* r, - /usr/{lib,libexec}/** r, + @{libexec}/** r, /etc/systemd/coredump.conf r, diff --git a/apparmor.d/profiles-a-l/gparted b/apparmor.d/profiles-a-l/gparted index dc782428..c90ef474 100644 --- a/apparmor.d/profiles-a-l/gparted +++ b/apparmor.d/profiles-a-l/gparted @@ -26,7 +26,7 @@ profile gparted @{exec_path} { /{usr/,}bin/gawk rix, /{usr/,}lib/udisks2/udisks2-inhibit rix, - /usr/{lib,libexec}/udisks2/udisks2-inhibit rix, + @{libexec}/udisks2/udisks2-inhibit rix, @{run}/udev/rules.d/ rw, @{run}/udev/rules.d/90-udisks-inhibit.rules rw, diff --git a/apparmor.d/profiles-a-l/labwc b/apparmor.d/profiles-a-l/labwc index f08b50e9..50ab18f0 100644 --- a/apparmor.d/profiles-a-l/labwc +++ b/apparmor.d/profiles-a-l/labwc @@ -29,7 +29,7 @@ profile labwc @{exec_path} flags=(attach_disconnected) { # Apps allowed to run /{usr/,}{s,}bin/* rPUx, /{usr/,}bin/* rPUx, - /usr/{lib,libexec}/* rPUx, + @{libexec}/* rPUx, owner @{user_config_dirs}/labwc/ r, owner @{user_config_dirs}/labwc/* r, diff --git a/apparmor.d/profiles-a-l/lightdm b/apparmor.d/profiles-a-l/lightdm index 5da3f778..7cc35ffb 100644 --- a/apparmor.d/profiles-a-l/lightdm +++ b/apparmor.d/profiles-a-l/lightdm @@ -116,7 +116,7 @@ profile lightdm @{exec_path} { /var/cache/lightdm/dmrc/*.dmrc* rw, /{usr/,}lib/at-spi2-core/at-spi-bus-launcher rPUx, - /usr/{lib,libexec}/at-spi-bus-launcher rPUx, + @{libexec}/at-spi-bus-launcher rPUx, include if exists } diff --git a/apparmor.d/profiles-a-l/lightdm-gtk-greeter b/apparmor.d/profiles-a-l/lightdm-gtk-greeter index 476afcc7..acb27d8c 100644 --- a/apparmor.d/profiles-a-l/lightdm-gtk-greeter +++ b/apparmor.d/profiles-a-l/lightdm-gtk-greeter @@ -51,7 +51,7 @@ profile lightdm-gtk-greeter @{exec_path} { @{HOME}/.face r, /{usr/,}lib/at-spi2-core/at-spi-bus-launcher rPUx, - /usr/{lib,libexec}/at-spi-bus-launcher rPUx, + @{libexec}/at-spi-bus-launcher rPUx, profile systemd { diff --git a/apparmor.d/profiles-m-z/mission-control b/apparmor.d/profiles-m-z/mission-control index 27728de3..1e528126 100644 --- a/apparmor.d/profiles-m-z/mission-control +++ b/apparmor.d/profiles-m-z/mission-control @@ -14,7 +14,7 @@ profile mission-control @{exec_path} { network netlink raw, @{exec_path} mr, - /usr/{lib,libexec}/* rPUx, # FIXME: Needed ? + @{libexec}/* rPUx, # FIXME: Needed ? /usr/share/telepathy/{,**} r, /usr/share/glib-2.0/schemas/gschemas.compiled r, diff --git a/apparmor.d/profiles-m-z/openbox b/apparmor.d/profiles-m-z/openbox index be2117cd..965908d4 100644 --- a/apparmor.d/profiles-m-z/openbox +++ b/apparmor.d/profiles-m-z/openbox @@ -25,7 +25,7 @@ profile openbox @{exec_path} { /{usr/,}sbin/* rPUx, /{usr/,}bin/* rPUx, /usr/local/bin/* rPUx, - /usr/{lib,libexec}/* rPUx, + @{libexec}/* rPUx, /{usr/,}lib/@{multiarch}/*/** rPUx, /usr/share/themes/*/openbox-3/themerc r, @@ -65,7 +65,7 @@ profile openbox @{exec_path} { /{usr/,}sbin/* rPUx, /{usr/,}bin/* rPUx, /usr/local/bin/* rPUx, - /usr/{lib,libexec}/* rPUx, + @{libexec}/* rPUx, /{usr/,}lib/@{multiarch}/*/** rPUx, /usr/local/lib/python*/dist-packages/ r, diff --git a/apparmor.d/profiles-m-z/rtkit-daemon b/apparmor.d/profiles-m-z/rtkit-daemon index 7ae686bf..4b4c1689 100644 --- a/apparmor.d/profiles-m-z/rtkit-daemon +++ b/apparmor.d/profiles-m-z/rtkit-daemon @@ -8,7 +8,7 @@ abi , include -@{exec_path} = /usr/{lib,libexec}/rtkit-daemon +@{exec_path} = @{libexec}/rtkit-daemon profile rtkit-daemon @{exec_path} { include include diff --git a/apparmor.d/profiles-m-z/udisksd b/apparmor.d/profiles-m-z/udisksd index 6f07181d..8301782b 100644 --- a/apparmor.d/profiles-m-z/udisksd +++ b/apparmor.d/profiles-m-z/udisksd @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/udisks2/udisksd -@{exec_path} += /usr/{lib,libexec}/udisks2/udisksd +@{exec_path} += @{libexec}/udisks2/udisksd profile udisksd @{exec_path} flags=(attach_disconnected) { include include diff --git a/apparmor.d/profiles-m-z/upowerd b/apparmor.d/profiles-m-z/upowerd index 73f119d3..11873361 100644 --- a/apparmor.d/profiles-m-z/upowerd +++ b/apparmor.d/profiles-m-z/upowerd @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/upower/upowerd -@{exec_path} += /usr/{lib,libexec}/upowerd +@{exec_path} += @{libexec}/upowerd profile upowerd @{exec_path} flags=(attach_disconnected) { include include diff --git a/apparmor.d/tunables/xdg-user-dirs.d/complete b/apparmor.d/tunables/xdg-user-dirs.d/complete index 56a7342c..10c54793 100644 --- a/apparmor.d/tunables/xdg-user-dirs.d/complete +++ b/apparmor.d/tunables/xdg-user-dirs.d/complete @@ -23,6 +23,9 @@ # Common mountpoints @{MOUNTS}=/media/ @{run}/media /mnt +# Libexec path. Different in some distribution +@{libexec}=/usr/lib + # Extra user personal directories @{XDG_PROJECTS_DIR}="Projects" @{XDG_BOOKS_DIR}="Books"