From 64146be05a173e0a01c12a703c2509e7e47f45ce Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Sun, 9 Jul 2023 15:04:06 +0100
Subject: [PATCH] doc: update guideline to the new bin and lib variables.

---
 docs/configuration.md         |  2 +-
 docs/development/index.md     |  2 +-
 docs/development/structure.md | 16 ++++++++--------
 docs/install.md               | 12 ++++++------
 docs/variables.md             |  4 ++--
 5 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/docs/configuration.md b/docs/configuration.md
index 0976f43b..1cf6716b 100644
--- a/docs/configuration.md
+++ b/docs/configuration.md
@@ -92,7 +92,7 @@ your rules in it.
   picture, books...) with some predefined GUI application. To allow it to open
   URLs with Firefox, create the file `/etc/apparmor.d/local/child-open` with:
   ```sh
-    /{usr/,}bin/firefox rPx,
+    @{bin}/firefox rPx,
   ```
 
 !!! note
diff --git a/docs/development/index.md b/docs/development/index.md
index ec7bc0d4..4d2b8f43 100644
--- a/docs/development/index.md
+++ b/docs/development/index.md
@@ -81,7 +81,7 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = /{usr/,}bin/foo
+@{exec_path} = @{bin}/foo
 profile foo @{exec_path} {
   include <abstractions/base>
 
diff --git a/docs/development/structure.md b/docs/development/structure.md
index df61301d..ee7cd098 100644
--- a/docs/development/structure.md
+++ b/docs/development/structure.md
@@ -46,11 +46,11 @@ our profile:
       include <abstractions/base>
       include <abstractions/consoles>
 
-      /{usr/,}bin/       r,
-      /{usr/,}bin/pager mr,
-      /{usr/,}bin/less  mr,
-      /{usr/,}bin/more  mr,
-      /{usr/,}bin/diff  mr,
+      @{bin}/       r,
+      @{bin}/pager mr,
+      @{bin}/less  mr,
+      @{bin}/more  mr,
+      @{bin}/diff  mr,
 
       owner @{HOME}/.lesshs* rw,
 
@@ -73,7 +73,7 @@ our profile:
     [apparmor.d/apparmor.d/profiles-m-r/pass](https://github.com/roddhjav/apparmor.d/blob/accf5538bdfc1598f1cc1588a7118252884df50c/apparmor.d/profiles-m-r/pass#L20
     )
     ``` aa linenums="20"
-      /{usr/,}bin/diff      rix,
+      @{bin}/diff      rix,
     ```
 
 **What if I still want to protect these programs?**
@@ -125,7 +125,7 @@ the following note:
 Here is an overview of the current children profile:
 
 1. **`child-open`**: To open resources. Instead of allowing the run of all
-   software in `/{usr/,}bin/`, the purpose of this profile is to list all GUI
+   software in `@{bin}/`, the purpose of this profile is to list all GUI
    programs that can open resources. Ultimately, only sandbox manager programs
    such as `bwrap`, `snap`, `flatpak`, `firejail` should be present here. Until
    this day, this profile will be a controlled mess.
@@ -147,7 +147,7 @@ This abstraction requires the following variables definied in the profile header
 ```sh
 @{chromium_name} = chromium
 @{chromium_domain} = org.chromium.Chromium
-@{chromium_lib_dirs} = /{usr/,}lib/chromium
+@{chromium_lib_dirs} = @{lib}/chromium
 @{chromium_config_dirs} = @{user_config_dirs}/chromium
 @{chromium_cache_dirs} = @{user_cache_dirs}/chromium
 ```
diff --git a/docs/install.md b/docs/install.md
index aa03f591..7f63ff37 100644
--- a/docs/install.md
+++ b/docs/install.md
@@ -87,12 +87,12 @@ sudo make profile-names...
     For instance, `sudo make pass` gives:
     ```sh
     Warning: profile dependencies fallback to unconfined.
-    /{usr/,}bin/wl-{copy,paste} rPx,
-    /{usr/,}bin/xclip           rPx,
-    /{usr/,}bin/python3.[0-9]* rPx -> pass-import,  # pass-import
-        /{usr/,}bin/pager         rPx -> child-pager,
-        /{usr/,}bin/less          rPx -> child-pager,
-        /{usr/,}bin/more          rPx -> child-pager,
+    @{bin}/wl-{copy,paste} rPx,
+    @{bin}/xclip           rPx,
+    @{bin}/python3.[0-9]* rPx -> pass-import,  # pass-import
+        @{bin}/pager         rPx -> child-pager,
+        @{bin}/less          rPx -> child-pager,
+        @{bin}/more          rPx -> child-pager,
     '.build/apparmor.d/pass' -> '/etc/apparmor.d/pass'
     ```
     So, you can install the additional profiles `wl-copy`, `xclip`, `pass-import`, and `child-pager` if desired.
diff --git a/docs/variables.md b/docs/variables.md
index 9dff8a73..54bd5b73 100644
--- a/docs/variables.md
+++ b/docs/variables.md
@@ -89,8 +89,8 @@ title: Variables References
 | Mountpoints directories | `@{MOUNTS}` | `@{MOUNTDIRS}/*/` |
 | Universally unique identifier | `@{uuid}` | `[0-9a-fA-F]*-[0-9a-fA-F]*-[0-9a-fA-F]*-[0-9a-fA-F]*-[0-9a-fA-F]*` |
 | Hexadecimal | `@{hex}` | `[0-9a-fA-F]*` |
-| Libexec *(Archlinux)* | `@{libexec}` | `/{usr/,}lib` |
-| Libexec *(Debian/Ubuntu)* | `@{libexec}` | `/{usr/,}libexec` |
+| Bin | `@{bin}` |  `/{usr/,}{s,}bin` |
+| Lib | `@{lib}` |  `/{usr/,}lib{,exec,32,64}` |
 | multi-arch library | `@{multiarch}` | `*-linux-gnu*` |
 | Proc | `@{PROC}` | `/proc/` |
 | Run | `@{run}` | `/run/ /var/run/` |