diff --git a/apparmor.d/groups/browsers/firefox b/apparmor.d/groups/browsers/firefox index c2cd3c8d..7e4f488d 100644 --- a/apparmor.d/groups/browsers/firefox +++ b/apparmor.d/groups/browsers/firefox @@ -8,7 +8,7 @@ abi , include @{firefox_name} = firefox{,-esr} -@{firefox_lib_dirs} = /{usr/,}lib{,32,64}/@{firefox_name}/ /opt/@{firefox_name}/ +@{firefox_lib_dirs} = /{usr/,}lib{,32,64}/@{firefox_name} /opt/@{firefox_name} @{firefox_config_dirs} = @{HOME}/.mozilla/ @{firefox_cache_dirs} = @{user_cache_dirs}/mozilla/ diff --git a/apparmor.d/groups/bus/dbus-daemon b/apparmor.d/groups/bus/dbus-daemon index de7c7de6..8871d82d 100644 --- a/apparmor.d/groups/bus/dbus-daemon +++ b/apparmor.d/groups/bus/dbus-daemon @@ -38,17 +38,19 @@ profile dbus-daemon @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, - /{usr/,}bin/ r, - @{libexec}/* rPUx, - /{usr/,}bin/[a-z0-9]* rPUx, - /{usr/,}lib/@{multiarch}/tumbler-1/tumblerd rPUx, - /{usr/,}lib/@{multiarch}/xfce4/xfconf/xfconfd rPUx, - /{usr/,}lib/dbus-1.0/dbus-daemon-launch-helper rPx, - /{usr/,}lib/ibus/ibus-* rPx, - /{usr/,}lib/telepathy/mission-control-5 rPx, - /usr/share/gnome-documents/org.gnome.Documents rPx, - /usr/share/org.gnome.Characters/org.gnome.Characters rPx, - /usr/share/org.gnome.Characters/org.gnome.Characters.BackgroundService rPx, + @{libexec}/{,at-spi2{,-core}/}at-spi2-registryd rPx, + @{libexec}/* rPUx, + @{libexec}/gnome-shell/gnome-shell-calendar-server rPx, + /{usr/,}bin/ r, + /{usr/,}bin/[a-z0-9]* rPUx, + /{usr/,}lib/@{multiarch}/tumbler-1/tumblerd rPUx, + /{usr/,}lib/@{multiarch}/xfce4/xfconf/xfconfd rPUx, + /{usr/,}lib/dbus-1.0/dbus-daemon-launch-helper rPx, + /{usr/,}lib/ibus/ibus-* rPx, + /{usr/,}lib/telepathy/mission-control-5 rPx, + /usr/share/gnome-documents/org.gnome.Documents rPx, + /usr/share/org.gnome.Characters/org.gnome.Characters rPx, + /usr/share/org.gnome.Characters/org.gnome.Characters.BackgroundService rPx, /etc/dbus-1/{,**} r, diff --git a/apparmor.d/groups/bus/dbus-daemon-launch-helper b/apparmor.d/groups/bus/dbus-daemon-launch-helper index 76979b7c..f74b6a17 100644 --- a/apparmor.d/groups/bus/dbus-daemon-launch-helper +++ b/apparmor.d/groups/bus/dbus-daemon-launch-helper @@ -18,11 +18,10 @@ profile dbus-daemon-launch-helper @{exec_path} { @{exec_path} mr, - /{usr/,}lib/@{multiarch}/cups-pk-helper-mechanism rPx, - /{usr/,}lib/cups-pk-helper-mechanism rPx, - /{usr/,}lib/cups-pk-helper/cups-pk-helper-mechanism rPx, - /{usr/,}lib/software-properties/software-properties-dbus rPx, + @{libexec}/{,cups-pk-helper/}cups-pk-helper-mechanism rPx, @{libexec}/language-selector/ls-dbus-backend rPx, + /{usr/,}lib/@{multiarch}/cups-pk-helper-mechanism rPx, + /{usr/,}lib/software-properties/software-properties-dbus rPx, /usr/share/org.gnome.Characters/org.gnome.Characters.BackgroundService rPx, /usr/share/usb-creator/usb-creator-helper rPx, diff --git a/apparmor.d/groups/children/child-open b/apparmor.d/groups/children/child-open index ad1c5f4e..39bc07ae 100644 --- a/apparmor.d/groups/children/child-open +++ b/apparmor.d/groups/children/child-open @@ -42,11 +42,12 @@ profile child-open { # Browsers /{usr/,}bin/chromium rPx, - /{usr/,}bin/firefox rPx, + /{usr/,}bin/firefox{,-esr} rPx, + /{usr/,}lib{,32,64}/firefox{,-esr}/firefox{,-esr} rPx, /{usr/,}lib/@{multiarch}/opera{,-beta,-developer}/opera{,-beta,-developer} rPx, /{usr/,}lib/chromium/chromium rPx, - /{usr/,}lib/firefox/firefox rPx, /opt/brave.com/brave{,-beta,-dev}/brave{,-beta,-dev} rPx, + /opt/firefox{,-esr}/firefox{,-esr} rPx, /opt/google/chrome{,-beta,-unstable}/chrome{,-beta,-unstable} rPx, # Text editors diff --git a/apparmor.d/groups/freedesktop/accounts-daemon b/apparmor.d/groups/freedesktop/accounts-daemon index ec5d2cfc..746fe6bf 100644 --- a/apparmor.d/groups/freedesktop/accounts-daemon +++ b/apparmor.d/groups/freedesktop/accounts-daemon @@ -7,8 +7,7 @@ abi , include -@{exec_path} = /{usr/,}lib/accountsservice/accounts-daemon -@{exec_path} += @{libexec}/accounts-daemon +@{exec_path} = @{libexec}/{,accountsservice/}accounts-daemon profile accounts-daemon @{exec_path} flags=(attach_disconnected) { include include diff --git a/apparmor.d/groups/freedesktop/at-spi-bus-launcher b/apparmor.d/groups/freedesktop/at-spi-bus-launcher index 7c246a07..6de1b307 100644 --- a/apparmor.d/groups/freedesktop/at-spi-bus-launcher +++ b/apparmor.d/groups/freedesktop/at-spi-bus-launcher @@ -7,8 +7,7 @@ abi , include -@{exec_path} = /{usr/,}lib/at-spi2-core/at-spi-bus-launcher -@{exec_path} += @{libexec}/at-spi-bus-launcher +@{exec_path} = @{libexec}/{,at-spi2{,-core}/}at-spi-bus-launcher profile at-spi-bus-launcher @{exec_path} flags=(attach_disconnected) { include include diff --git a/apparmor.d/groups/freedesktop/at-spi2-registryd b/apparmor.d/groups/freedesktop/at-spi2-registryd index 89700f1c..c2d7a079 100644 --- a/apparmor.d/groups/freedesktop/at-spi2-registryd +++ b/apparmor.d/groups/freedesktop/at-spi2-registryd @@ -7,8 +7,7 @@ abi , include -@{exec_path} = /{usr/,}lib/at-spi2-core/at-spi2-registryd -@{exec_path} += @{libexec}/at-spi2-registryd +@{exec_path} = @{libexec}/{,at-spi2{,-core}/}at-spi2-registryd profile at-spi2-registryd @{exec_path} flags=(attach_disconnected) { include include diff --git a/apparmor.d/groups/freedesktop/colord-sane b/apparmor.d/groups/freedesktop/colord-sane index 83c517e9..afbb0d93 100644 --- a/apparmor.d/groups/freedesktop/colord-sane +++ b/apparmor.d/groups/freedesktop/colord-sane @@ -7,8 +7,7 @@ abi , include -@{exec_path} = /{usr/,}lib/colord/colord-sane -@{exec_path} += @{libexec}/colord-sane +@{exec_path} = @{libexec}/{,colord/}colord-sane profile colord-sane @{exec_path} flags=(attach_disconnected,complain) { include include diff --git a/apparmor.d/groups/freedesktop/dconf-service b/apparmor.d/groups/freedesktop/dconf-service index d18de36c..4cdaf836 100644 --- a/apparmor.d/groups/freedesktop/dconf-service +++ b/apparmor.d/groups/freedesktop/dconf-service @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/dconf/dconf-service @{libexec}/dconf-service +@{exec_path} = @{libexec}/{,dconf/}dconf-service profile dconf-service @{exec_path} flags=(attach_disconnected) { include include diff --git a/apparmor.d/groups/freedesktop/polkitd b/apparmor.d/groups/freedesktop/polkitd index 341e0300..9c8420d3 100644 --- a/apparmor.d/groups/freedesktop/polkitd +++ b/apparmor.d/groups/freedesktop/polkitd @@ -7,8 +7,7 @@ abi , include -@{exec_path} = /{usr/,}lib/polkit-1/polkitd -@{exec_path} += @{libexec}/polkitd +@{exec_path} = @{libexec}/{,polkit-1/}polkitd profile polkitd @{exec_path} { include include diff --git a/apparmor.d/groups/freedesktop/upowerd b/apparmor.d/groups/freedesktop/upowerd index ff05a04f..ebe56c1b 100644 --- a/apparmor.d/groups/freedesktop/upowerd +++ b/apparmor.d/groups/freedesktop/upowerd @@ -7,8 +7,7 @@ abi , include -@{exec_path} = /{usr/,}lib/upower/upowerd -@{exec_path} += @{libexec}/upowerd +@{exec_path} = @{libexec}/{,upower/}upowerd profile upowerd @{exec_path} flags=(attach_disconnected) { include include diff --git a/apparmor.d/groups/freedesktop/xorg b/apparmor.d/groups/freedesktop/xorg index 3371324c..519be293 100644 --- a/apparmor.d/groups/freedesktop/xorg +++ b/apparmor.d/groups/freedesktop/xorg @@ -8,7 +8,7 @@ abi , include @{exec_path} = /{usr/,}bin/X -@{exec_path} += /{usr/,}bin/Xorg +@{exec_path} += /{usr/,}bin/Xorg{,.bin} @{exec_path} += /{usr/,}lib/Xorg{,.wrap} @{exec_path} += /{usr/,}lib/xorg/Xorg{,.wrap} profile xorg @{exec_path} flags=(attach_disconnected) { diff --git a/apparmor.d/groups/gnome/evolution-addressbook-factory b/apparmor.d/groups/gnome/evolution-addressbook-factory index 57972147..987dd621 100644 --- a/apparmor.d/groups/gnome/evolution-addressbook-factory +++ b/apparmor.d/groups/gnome/evolution-addressbook-factory @@ -6,7 +6,7 @@ abi , include -@{exec_path} = @{libexec}/evolution-addressbook-factory +@{exec_path} = @{libexec}/{,evolution-data-server/}evolution-addressbook-factory profile evolution-addressbook-factory @{exec_path} { include include diff --git a/apparmor.d/groups/gnome/evolution-alarm-notify b/apparmor.d/groups/gnome/evolution-alarm-notify index a1b4dca7..1a9eb6f9 100644 --- a/apparmor.d/groups/gnome/evolution-alarm-notify +++ b/apparmor.d/groups/gnome/evolution-alarm-notify @@ -6,7 +6,7 @@ abi , include -@{exec_path} = @{libexec}/evolution-data-server/evolution-alarm-notify +@{exec_path} = @{libexec}/evolution-data-server/{,evolution-data-server/}evolution-alarm-notify profile evolution-alarm-notify @{exec_path} { include include diff --git a/apparmor.d/groups/gnome/evolution-calendar-factory b/apparmor.d/groups/gnome/evolution-calendar-factory index 69d2be5e..a830e274 100644 --- a/apparmor.d/groups/gnome/evolution-calendar-factory +++ b/apparmor.d/groups/gnome/evolution-calendar-factory @@ -6,7 +6,7 @@ abi , include -@{exec_path} = @{libexec}/evolution-calendar-factory +@{exec_path} = @{libexec}/{,evolution-data-server/}evolution-calendar-factory profile evolution-calendar-factory @{exec_path} { include include diff --git a/apparmor.d/groups/gnome/evolution-source-registry b/apparmor.d/groups/gnome/evolution-source-registry index 536ee8a5..9c25df5e 100644 --- a/apparmor.d/groups/gnome/evolution-source-registry +++ b/apparmor.d/groups/gnome/evolution-source-registry @@ -6,7 +6,7 @@ abi , include -@{exec_path} = @{libexec}/evolution-source-registry +@{exec_path} = @{libexec}/{,evolution-data-server/}evolution-source-registry profile evolution-source-registry @{exec_path} { include include diff --git a/apparmor.d/groups/gnome/gdm-session-worker b/apparmor.d/groups/gnome/gdm-session-worker index 635057ae..b162baaf 100644 --- a/apparmor.d/groups/gnome/gdm-session-worker +++ b/apparmor.d/groups/gnome/gdm-session-worker @@ -6,7 +6,7 @@ abi , include -@{exec_path} = @{libexec}/gdm-session-worker +@{exec_path} = @{libexec}/{,gdm/}gdm-session-worker profile gdm-session-worker @{exec_path} flags=(attach_disconnected) { include include @@ -58,9 +58,9 @@ profile gdm-session-worker @{exec_path} flags=(attach_disconnected) { @{exec_path} mrix, + @{libexec}/{,gdm/}gdm-wayland-session rPx, + @{libexec}/{,gdm/}gdm-x-session rPx, /{usr/,}bin/gnome-keyring-daemon rPx, - @{libexec}/gdm-wayland-session rPx, - @{libexec}/gdm-x-session rPx, /etc/gdm{3,}/{Pre,Post}Session/Default rix, /etc/gdm{3,}/PrimeOff/Default rix, diff --git a/apparmor.d/groups/gnome/gdm-wayland-session b/apparmor.d/groups/gnome/gdm-wayland-session index f65d8b44..89ea3c98 100644 --- a/apparmor.d/groups/gnome/gdm-wayland-session +++ b/apparmor.d/groups/gnome/gdm-wayland-session @@ -6,7 +6,7 @@ abi , include -@{exec_path} = @{libexec}/gdm-wayland-session +@{exec_path} = @{libexec}/{,gdm/}gdm-wayland-session profile gdm-wayland-session @{exec_path} { include include diff --git a/apparmor.d/groups/gnome/gnome-contacts-search-provider b/apparmor.d/groups/gnome/gnome-contacts-search-provider index 6e99f16c..5bae8671 100644 --- a/apparmor.d/groups/gnome/gnome-contacts-search-provider +++ b/apparmor.d/groups/gnome/gnome-contacts-search-provider @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/gnome-contacts-search-provider +@{exec_path} = @{libexec}/gnome-contacts-search-provider profile gnome-contacts-search-provider @{exec_path} { include include diff --git a/apparmor.d/groups/gnome/gnome-session-binary b/apparmor.d/groups/gnome/gnome-session-binary index 68d4d93b..64f74ef7 100644 --- a/apparmor.d/groups/gnome/gnome-session-binary +++ b/apparmor.d/groups/gnome/gnome-session-binary @@ -147,12 +147,12 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) { @{libexec}/gnome-session-check-accelerated-gl-helper rix, @{libexec}/gnome-session-check-accelerated-gles-helper rix, @{libexec}/gnome-session-failed rix, - @{libexec}/gnome-shell-overrides-migration.sh rix, + @{libexec}/{,gnome-shell/}gnome-shell-overrides-migration.sh rix, @{libexec}/gsd-* rPx, # TODO: rCx gio-launch-desktop and put all the following program in this # subprofile. Not done yet as it breaks compatibility with Ubuntu/Debian - /{usr/,}lib/gio-launch-desktop rix, + @{libexec}/gio-launch-desktop rix, /{usr/,}bin/aa-notify rPx, /{usr/,}bin/baloo_file rPUx, @@ -180,8 +180,8 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) { /{usr/,}lib/xapps/sn-watcher/* rPUx, /{usr/,}share/libpam-kwallet-common/pam_kwallet_init rPUx, @{libexec}/deja-dup/deja-dup-monitor rPUx, - @{libexec}/evolution-data-server/evolution-alarm-notify rPx, @{libexec}/gsd-disk-utility-notify rPx, + @{libexec}/evolution-data-server/{,evolution-data-server/}evolution-alarm-notify rPx, /usr/share/applications/{,**} r, /usr/share/dconf/profile/gdm r, diff --git a/apparmor.d/groups/gnome/gnome-shell-calendar-server b/apparmor.d/groups/gnome/gnome-shell-calendar-server index fa814152..23de998a 100644 --- a/apparmor.d/groups/gnome/gnome-shell-calendar-server +++ b/apparmor.d/groups/gnome/gnome-shell-calendar-server @@ -6,7 +6,7 @@ abi , include -@{exec_path} = @{libexec}/gnome-shell-calendar-server +@{exec_path} = @{libexec}/{,gnome-shell/}gnome-shell-calendar-server profile gnome-shell-calendar-server @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfs-afc-volume-monitor b/apparmor.d/groups/gvfs/gvfs-afc-volume-monitor index 605753ed..f59eda04 100644 --- a/apparmor.d/groups/gvfs/gvfs-afc-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-afc-volume-monitor @@ -1,13 +1,13 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021 Mikhail Morfikov +# Copyright (C) 2023 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only abi , include -@{exec_path} = /{usr/,}lib/gvfs/gvfs-afc-volume-monitor -@{exec_path} += @{libexec}/gvfs-afc-volume-monitor +@{exec_path} = @{libexec}/{,gvfs}/gvfs-afc-volume-monitor profile gvfs-afc-volume-monitor @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfs-goa-volume-monitor b/apparmor.d/groups/gvfs/gvfs-goa-volume-monitor index 4916e751..b6d0eb11 100644 --- a/apparmor.d/groups/gvfs/gvfs-goa-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-goa-volume-monitor @@ -1,13 +1,13 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021 Mikhail Morfikov +# Copyright (C) 2023 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only abi , include -@{exec_path} = /{usr/,}lib/gvfs/gvfs-goa-volume-monitor -@{exec_path} += @{libexec}/gvfs-goa-volume-monitor +@{exec_path} = @{libexec}/{,gvfs/}gvfs-goa-volume-monitor profile gvfs-goa-volume-monitor @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor b/apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor index ab113d66..e8784980 100644 --- a/apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor @@ -1,13 +1,13 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021 Mikhail Morfikov +# Copyright (C) 2023 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only abi , include -@{exec_path} = /{usr/,}lib/gvfs/gvfs-gphoto2-volume-monitor -@{exec_path} += @{libexec}/gvfs-gphoto2-volume-monitor +@{exec_path} = @{libexec}/{,gvfs/}gvfs-gphoto2-volume-monitor profile gvfs-gphoto2-volume-monitor @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor b/apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor index ee7a9f33..5e92ac8b 100644 --- a/apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor @@ -1,13 +1,13 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021 Mikhail Morfikov +# Copyright (C) 2023 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only abi , include -@{exec_path} = /{usr/,}lib/gvfs/gvfs-mtp-volume-monitor -@{exec_path} += @{libexec}/gvfs-mtp-volume-monitor +@{exec_path} = @{libexec}/{,gvfs/}gvfs-mtp-volume-monitor profile gvfs-mtp-volume-monitor @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor b/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor index 6b36ed5a..dace4270 100644 --- a/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor @@ -7,8 +7,7 @@ abi , include -@{exec_path} = /{usr/,}lib/gvfs/gvfs-udisks2-volume-monitor -@{exec_path} += @{libexec}/gvfs-udisks2-volume-monitor +@{exec_path} = @{libexec}/{,gvfs/}gvfs-udisks2-volume-monitor profile gvfs-udisks2-volume-monitor @{exec_path} flags=(attach_disconnected) { include include diff --git a/apparmor.d/groups/gvfs/gvfsd b/apparmor.d/groups/gvfs/gvfsd index b6c7590b..516fb020 100644 --- a/apparmor.d/groups/gvfs/gvfsd +++ b/apparmor.d/groups/gvfs/gvfsd @@ -7,8 +7,7 @@ abi , include -@{exec_path} = /{usr/,}lib/gvfs/gvfsd -@{exec_path} += @{libexec}/gvfsd +@{exec_path} = @{libexec}/{,gvfs/}gvfsd profile gvfsd @{exec_path} { include include @@ -53,9 +52,8 @@ profile gvfsd @{exec_path} { @{exec_path} mr, - /{usr/,}bin/{,ba,da}sh rix, - /{usr/,}lib/gvfs/gvfsd-* rpx, - @{libexec}/gvfsd-* rpx, + /{usr/,}bin/{,ba,da}sh rix, + @{libexec}/{,gvfs/}gvfsd-* rpx, /usr/share/gvfs/{,**} r, diff --git a/apparmor.d/groups/gvfs/gvfsd-admin b/apparmor.d/groups/gvfs/gvfsd-admin index 7acf84de..453d6d01 100644 --- a/apparmor.d/groups/gvfs/gvfsd-admin +++ b/apparmor.d/groups/gvfs/gvfsd-admin @@ -1,13 +1,13 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021 Mikhail Morfikov +# Copyright (C) 2023 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only abi , include -@{exec_path} = /{usr/,}lib/gvfs/gvfsd-admin -@{exec_path} += @{libexec}/gvfsd-admin +@{exec_path} = @{libexec}/{,gvfs/}gvfsd-admin profile gvfsd-admin @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-afc b/apparmor.d/groups/gvfs/gvfsd-afc index ef6cdf89..447a5137 100644 --- a/apparmor.d/groups/gvfs/gvfsd-afc +++ b/apparmor.d/groups/gvfs/gvfsd-afc @@ -1,13 +1,13 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021 Mikhail Morfikov +# Copyright (C) 2023 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only abi , include -@{exec_path} = /{usr/,}lib/gvfs/gvfsd-afc -@{exec_path} += @{libexec}/gvfsd-afc +@{exec_path} = @{libexec}/{,gvfs/}gvfsd-afc profile gvfsd-afc @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-afp b/apparmor.d/groups/gvfs/gvfsd-afp index 04f1ed0d..f965f1eb 100644 --- a/apparmor.d/groups/gvfs/gvfsd-afp +++ b/apparmor.d/groups/gvfs/gvfsd-afp @@ -1,13 +1,13 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021 Mikhail Morfikov +# Copyright (C) 2023 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only abi , include -@{exec_path} = /{usr/,}lib/gvfs/gvfsd-afp -@{exec_path} += @{libexec}/gvfsd-afp +@{exec_path} = @{libexec}/{,gvfs/}gvfsd-afp profile gvfsd-afp @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-afp-browse b/apparmor.d/groups/gvfs/gvfsd-afp-browse index 55d4fa01..751accc3 100644 --- a/apparmor.d/groups/gvfs/gvfsd-afp-browse +++ b/apparmor.d/groups/gvfs/gvfsd-afp-browse @@ -1,13 +1,13 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021 Mikhail Morfikov +# Copyright (C) 2023 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only abi , include -@{exec_path} = /{usr/,}lib/gvfs/gvfsd-afp-browse -@{exec_path} += @{libexec}/gvfsd-afp-browse +@{exec_path} = @{libexec}/{,gvfs/}gvfsd-afp-browse profile gvfsd-afp-browse @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-archive b/apparmor.d/groups/gvfs/gvfsd-archive index 6694eafb..a4cdfb1b 100644 --- a/apparmor.d/groups/gvfs/gvfsd-archive +++ b/apparmor.d/groups/gvfs/gvfsd-archive @@ -1,13 +1,13 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021 Mikhail Morfikov +# Copyright (C) 2023 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only abi , include -@{exec_path} = /{usr/,}lib/gvfs/gvfsd-archive -@{exec_path} += @{libexec}/gvfsd-archive +@{exec_path} = @{libexec}/{,gvfs/}gvfsd-archive profile gvfsd-archive @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfsd-burn b/apparmor.d/groups/gvfs/gvfsd-burn index 1fad9c8c..b77f8161 100644 --- a/apparmor.d/groups/gvfs/gvfsd-burn +++ b/apparmor.d/groups/gvfs/gvfsd-burn @@ -1,13 +1,13 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021 Mikhail Morfikov +# Copyright (C) 2023 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only abi , include -@{exec_path} = /{usr/,}lib/gvfs/gvfsd-burn -@{exec_path} += @{libexec}/gvfsd-burn +@{exec_path} = @{libexec}/{,gvfs/}gvfsd-burn profile gvfsd-burn @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-cdda b/apparmor.d/groups/gvfs/gvfsd-cdda index be789e8b..8ac28f06 100644 --- a/apparmor.d/groups/gvfs/gvfsd-cdda +++ b/apparmor.d/groups/gvfs/gvfsd-cdda @@ -1,13 +1,13 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021 Mikhail Morfikov +# Copyright (C) 2023 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only abi , include -@{exec_path} = /{usr/,}lib/gvfs/gvfsd-cdda -@{exec_path} += @{libexec}/gvfsd-cdda +@{exec_path} = @{libexec}/{,gvfs/}gvfsd-cdda profile gvfsd-cdda @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-computer b/apparmor.d/groups/gvfs/gvfsd-computer index 70588411..bea3ff2a 100644 --- a/apparmor.d/groups/gvfs/gvfsd-computer +++ b/apparmor.d/groups/gvfs/gvfsd-computer @@ -1,13 +1,13 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021 Mikhail Morfikov +# Copyright (C) 2023 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only abi , include -@{exec_path} = /{usr/,}lib/gvfs/gvfsd-computer -@{exec_path} += @{libexec}/gvfsd-computer +@{exec_path} = @{libexec}/{,gvfs/}gvfsd-computer profile gvfsd-computer @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-dav b/apparmor.d/groups/gvfs/gvfsd-dav index 8b46a207..fe462e2d 100644 --- a/apparmor.d/groups/gvfs/gvfsd-dav +++ b/apparmor.d/groups/gvfs/gvfsd-dav @@ -7,8 +7,7 @@ abi , include -@{exec_path} = /{usr/,}lib/gvfs/gvfsd-dav -@{exec_path} += @{libexec}/gvfsd-dav +@{exec_path} = @{libexec}/{,gvfs/}gvfsd-dav profile gvfsd-dav @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfsd-dnssd b/apparmor.d/groups/gvfs/gvfsd-dnssd index b1b98d21..2978d100 100644 --- a/apparmor.d/groups/gvfs/gvfsd-dnssd +++ b/apparmor.d/groups/gvfs/gvfsd-dnssd @@ -7,8 +7,7 @@ abi , include -@{exec_path} = /{usr/,}lib/gvfs/gvfsd-dnssd -@{exec_path} += @{libexec}/gvfsd-dnssd +@{exec_path} = @{libexec}/{,gvfs/}gvfsd-dnssd profile gvfsd-dnssd @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfsd-ftp b/apparmor.d/groups/gvfs/gvfsd-ftp index 8fca7c25..713f84aa 100644 --- a/apparmor.d/groups/gvfs/gvfsd-ftp +++ b/apparmor.d/groups/gvfs/gvfsd-ftp @@ -7,8 +7,7 @@ abi , include -@{exec_path} = /{usr/,}lib/gvfs/gvfsd-ftp -@{exec_path} += @{libexec}/gvfsd-ftp +@{exec_path} = @{libexec}/{,gvfs/}gvfsd-ftp profile gvfsd-ftp @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfsd-fuse b/apparmor.d/groups/gvfs/gvfsd-fuse index f55f42a4..af763517 100644 --- a/apparmor.d/groups/gvfs/gvfsd-fuse +++ b/apparmor.d/groups/gvfs/gvfsd-fuse @@ -7,8 +7,7 @@ abi , include -@{exec_path} = /{usr/,}lib/gvfs/gvfsd-fuse -@{exec_path} += @{libexec}/gvfsd-fuse +@{exec_path} = @{libexec}/{,gvfs/}gvfsd-fuse profile gvfsd-fuse @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfsd-google b/apparmor.d/groups/gvfs/gvfsd-google index 6f62148d..8608cd62 100644 --- a/apparmor.d/groups/gvfs/gvfsd-google +++ b/apparmor.d/groups/gvfs/gvfsd-google @@ -1,13 +1,13 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021 Mikhail Morfikov +# Copyright (C) 2023 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only abi , include -@{exec_path} = /{usr/,}lib/gvfs/gvfsd-google -@{exec_path} += @{libexec}/gvfsd-google +@{exec_path} = @{libexec}/{,gvfs/}gvfsd-google profile gvfsd-google @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-gphoto2 b/apparmor.d/groups/gvfs/gvfsd-gphoto2 index aa07ff77..25b56950 100644 --- a/apparmor.d/groups/gvfs/gvfsd-gphoto2 +++ b/apparmor.d/groups/gvfs/gvfsd-gphoto2 @@ -1,13 +1,13 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021 Mikhail Morfikov +# Copyright (C) 2023 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only abi , include -@{exec_path} = /{usr/,}lib/gvfs/gvfsd-gphoto2 -@{exec_path} += @{libexec}/gvfsd-gphoto2 +@{exec_path} = @{libexec}/{,gvfs/}gvfsd-gphoto2 profile gvfsd-gphoto2 @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-http b/apparmor.d/groups/gvfs/gvfsd-http index dfdbdd96..869fd5c6 100644 --- a/apparmor.d/groups/gvfs/gvfsd-http +++ b/apparmor.d/groups/gvfs/gvfsd-http @@ -7,8 +7,7 @@ abi , include -@{exec_path} = /{usr/,}lib/gvfs/gvfsd-http -@{exec_path} += @{libexec}/gvfsd-http +@{exec_path} = @{libexec}/{,gvfs/}gvfsd-http profile gvfsd-http @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfsd-localtest b/apparmor.d/groups/gvfs/gvfsd-localtest index b2e025ce..36937a5d 100644 --- a/apparmor.d/groups/gvfs/gvfsd-localtest +++ b/apparmor.d/groups/gvfs/gvfsd-localtest @@ -1,13 +1,13 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021 Mikhail Morfikov +# Copyright (C) 2023 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only abi , include -@{exec_path} = /{usr/,}lib/gvfs/gvfsd-localtest -@{exec_path} += @{libexec}/gvfsd-localtest +@{exec_path} = @{libexec}/{,gvfs/}gvfsd-localtest profile gvfsd-localtest @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-metadata b/apparmor.d/groups/gvfs/gvfsd-metadata index e864b383..bbfc00af 100644 --- a/apparmor.d/groups/gvfs/gvfsd-metadata +++ b/apparmor.d/groups/gvfs/gvfsd-metadata @@ -7,8 +7,7 @@ abi , include -@{exec_path} = /{usr/,}lib/gvfs/gvfsd-metadata -@{exec_path} += @{libexec}/gvfsd-metadata +@{exec_path} = @{libexec}/{,gvfs/}gvfsd-metadata profile gvfsd-metadata @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfsd-mtp b/apparmor.d/groups/gvfs/gvfsd-mtp index 2d09516a..1d5e3885 100644 --- a/apparmor.d/groups/gvfs/gvfsd-mtp +++ b/apparmor.d/groups/gvfs/gvfsd-mtp @@ -7,8 +7,7 @@ abi , include -@{exec_path} = /{usr/,}lib/gvfs/gvfsd-mtp -@{exec_path} += @{libexec}/gvfsd-mtp +@{exec_path} = @{libexec}/{,gvfs/}gvfsd-mtp profile gvfsd-mtp @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfsd-network b/apparmor.d/groups/gvfs/gvfsd-network index 9a29d019..6bb56e4e 100644 --- a/apparmor.d/groups/gvfs/gvfsd-network +++ b/apparmor.d/groups/gvfs/gvfsd-network @@ -7,8 +7,7 @@ abi , include -@{exec_path} = /{usr/,}lib/gvfs/gvfsd-network -@{exec_path} += @{libexec}/gvfsd-network +@{exec_path} = @{libexec}/{,gvfs/}gvfsd-network profile gvfsd-network @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfsd-nfs b/apparmor.d/groups/gvfs/gvfsd-nfs index c3f1a04e..f8014c7a 100644 --- a/apparmor.d/groups/gvfs/gvfsd-nfs +++ b/apparmor.d/groups/gvfs/gvfsd-nfs @@ -1,13 +1,13 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021 Mikhail Morfikov +# Copyright (C) 2023 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only abi , include -@{exec_path} = /{usr/,}lib/gvfs/gvfsd-nfs -@{exec_path} += @{libexec}/gvfsd-nfs +@{exec_path} = @{libexec}/{,gvfs/}gvfsd-nfs profile gvfsd-nfs @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfsd-recent b/apparmor.d/groups/gvfs/gvfsd-recent index 35d08324..98814b33 100644 --- a/apparmor.d/groups/gvfs/gvfsd-recent +++ b/apparmor.d/groups/gvfs/gvfsd-recent @@ -1,14 +1,13 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2021 Mikhail Morfikov -# 2021 Alexandre Pujol +# Copyright (C) 2021 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only abi , include -@{exec_path} = /{usr/,}lib/gvfs/gvfsd-recent -@{exec_path} += @{libexec}/gvfsd-recent +@{exec_path} = @{libexec}/{,gvfs/}gvfsd-recent profile gvfsd-recent @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfsd-sftp b/apparmor.d/groups/gvfs/gvfsd-sftp index 209931f5..2860ae0b 100644 --- a/apparmor.d/groups/gvfs/gvfsd-sftp +++ b/apparmor.d/groups/gvfs/gvfsd-sftp @@ -7,8 +7,7 @@ abi , include -@{exec_path} = /{usr/,}lib/gvfs/gvfsd-sftp -@{exec_path} += @{libexec}/gvfsd-sftp +@{exec_path} = @{libexec}/{,gvfs/}gvfsd-sftp profile gvfsd-sftp @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfsd-smb b/apparmor.d/groups/gvfs/gvfsd-smb index 10fd9199..dfc1b23c 100644 --- a/apparmor.d/groups/gvfs/gvfsd-smb +++ b/apparmor.d/groups/gvfs/gvfsd-smb @@ -7,8 +7,7 @@ abi , include -@{exec_path} = /{usr/,}lib/gvfs/gvfsd-smb -@{exec_path} += @{libexec}/gvfsd-smb +@{exec_path} = @{libexec}/{,gvfs/}gvfsd-smb profile gvfsd-smb @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfsd-smb-browse b/apparmor.d/groups/gvfs/gvfsd-smb-browse index 45b73416..719b8c52 100644 --- a/apparmor.d/groups/gvfs/gvfsd-smb-browse +++ b/apparmor.d/groups/gvfs/gvfsd-smb-browse @@ -7,8 +7,7 @@ abi , include -@{exec_path} = /{usr/,}lib/gvfs/gvfsd-smb-browse -@{exec_path} += @{libexec}/gvfsd-smb-browse +@{exec_path} = @{libexec}/{,gvfs/}gvfsd-smb-browse profile gvfsd-smb-browse @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfsd-trash b/apparmor.d/groups/gvfs/gvfsd-trash index 2085eca0..1c942b82 100644 --- a/apparmor.d/groups/gvfs/gvfsd-trash +++ b/apparmor.d/groups/gvfs/gvfsd-trash @@ -7,8 +7,7 @@ abi , include -@{exec_path} = /{usr/,}lib/gvfs/gvfsd-trash -@{exec_path} += @{libexec}/gvfsd-trash +@{exec_path} = @{libexec}/{,gvfs/}gvfsd-trash profile gvfsd-trash @{exec_path} { include include diff --git a/apparmor.d/groups/network/NetworkManager b/apparmor.d/groups/network/NetworkManager index e5beed87..5e2d5ce3 100644 --- a/apparmor.d/groups/network/NetworkManager +++ b/apparmor.d/groups/network/NetworkManager @@ -92,13 +92,14 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) { /{usr/,}bin/dnsmasq rPx, /{usr/,}bin/resolvconf rPx, /{usr/,}bin/systemctl rPx -> child-systemctl, - /{usr/,}lib/nm-dhcp-helper rPx, - /{usr/,}lib/nm-dispatcher rPx, - /{usr/,}lib/nm-iface-helper rPx, - /{usr/,}lib/nm-initrd-generator rPx, - /{usr/,}lib/nm-openvpn-auth-dialog rPx, - /{usr/,}lib/nm-openvpn-service rPx, - /{usr/,}lib/nm-openvpn-service-openvpn-helper rPx, + @{libexec}/nm-dhcp-helper rPx, + @{libexec}/nm-dispatcher rPx, + @{libexec}/nm-iface-helper rPx, + @{libexec}/nm-initrd-generator rPx, + @{libexec}/nm-openvpn-auth-dialog rPx, + @{libexec}/nm-openvpn-service rPx, + @{libexec}/nm-openvpn-service-openvpn-helper rPx, + @{libexec}/nm-daemon-helper rPx, /usr/share/gvfs/remote-volume-monitors/{,*.monitor} r, diff --git a/apparmor.d/groups/network/nm-dhcp-helper b/apparmor.d/groups/network/nm-dhcp-helper index 18fa79ff..7586b7c2 100644 --- a/apparmor.d/groups/network/nm-dhcp-helper +++ b/apparmor.d/groups/network/nm-dhcp-helper @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/nm-dhcp-helper +@{exec_path} = @{libexec}/nm-dhcp-helper profile nm-dhcp-helper @{exec_path} { include include diff --git a/apparmor.d/groups/network/nm-dispatcher b/apparmor.d/groups/network/nm-dispatcher index 0459f71a..a109edb2 100644 --- a/apparmor.d/groups/network/nm-dispatcher +++ b/apparmor.d/groups/network/nm-dispatcher @@ -6,8 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/nm-dispatcher -@{exec_path} += /{usr/,}lib/NetworkManager/nm-dispatcher +@{exec_path} = @{libexec}/{,NetworkManager/}nm-dispatcher profile nm-dispatcher @{exec_path} flags=(attach_disconnected) { include include diff --git a/apparmor.d/groups/network/nm-iface-helper b/apparmor.d/groups/network/nm-iface-helper index 380e2763..f01f185c 100644 --- a/apparmor.d/groups/network/nm-iface-helper +++ b/apparmor.d/groups/network/nm-iface-helper @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/nm-iface-helper +@{exec_path} = @{libexec}/nm-iface-helper profile nm-iface-helper @{exec_path} { include diff --git a/apparmor.d/groups/network/nm-initrd-generator b/apparmor.d/groups/network/nm-initrd-generator index 4f60db28..e0a8ea8b 100644 --- a/apparmor.d/groups/network/nm-initrd-generator +++ b/apparmor.d/groups/network/nm-initrd-generator @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/nm-initrd-generator +@{exec_path} = @{libexec}/nm-initrd-generator profile nm-initrd-generator @{exec_path} { include diff --git a/apparmor.d/groups/network/nm-openvpn-auth-dialog b/apparmor.d/groups/network/nm-openvpn-auth-dialog index 7ae74f03..603e4f50 100644 --- a/apparmor.d/groups/network/nm-openvpn-auth-dialog +++ b/apparmor.d/groups/network/nm-openvpn-auth-dialog @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/nm-openvpn-auth-dialog +@{exec_path} = @{libexec}/nm-openvpn-auth-dialog profile nm-openvpn-auth-dialog @{exec_path} { include diff --git a/apparmor.d/groups/network/nm-openvpn-service b/apparmor.d/groups/network/nm-openvpn-service index 3676d643..8ddebe16 100644 --- a/apparmor.d/groups/network/nm-openvpn-service +++ b/apparmor.d/groups/network/nm-openvpn-service @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/nm-openvpn-service +@{exec_path} = @{libexec}/nm-openvpn-service profile nm-openvpn-service @{exec_path} { include include @@ -18,10 +18,10 @@ profile nm-openvpn-service @{exec_path} { @{exec_path} mr, - /{usr/,}bin/{,ba,da}sh rix, + @{libexec}/nm-openvpn-auth-dialog rPx, + @{libexec}/nm-openvpn-service-openvpn-helper rPx, /{usr/,}{s,}bin/openvpn rPx, - /{usr/,}lib/nm-openvpn-auth-dialog rPx, - /{usr/,}lib/nm-openvpn-service-openvpn-helper rPx, + /{usr/,}bin/{,ba,da}sh rix, /{usr/,}bin/kmod rPx, @{run}/NetworkManager/nm-openvpn-@{uuid} rw, diff --git a/apparmor.d/groups/network/nm-openvpn-service-openvpn-helper b/apparmor.d/groups/network/nm-openvpn-service-openvpn-helper index bf2a1304..4fa764bc 100644 --- a/apparmor.d/groups/network/nm-openvpn-service-openvpn-helper +++ b/apparmor.d/groups/network/nm-openvpn-service-openvpn-helper @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/nm-openvpn-service-openvpn-helper +@{exec_path} = @{libexec}/nm-openvpn-service-openvpn-helper profile nm-openvpn-service-openvpn-helper @{exec_path} { include diff --git a/apparmor.d/profiles-a-f/bluetoothd b/apparmor.d/profiles-a-f/bluetoothd index 70f45828..6f58c212 100644 --- a/apparmor.d/profiles-a-f/bluetoothd +++ b/apparmor.d/profiles-a-f/bluetoothd @@ -7,8 +7,7 @@ abi , include -@{exec_path} = /{usr/,}lib/bluetooth/bluetoothd -@{exec_path} += @{libexec}/bluetooth/bluetoothd +@{exec_path} = @{libexec}/bluetooth/bluetoothd profile bluetoothd @{exec_path} { include diff --git a/apparmor.d/profiles-a-f/cups-pk-helper-mechanism b/apparmor.d/profiles-a-f/cups-pk-helper-mechanism index ef7ce21f..f54b06b6 100644 --- a/apparmor.d/profiles-a-f/cups-pk-helper-mechanism +++ b/apparmor.d/profiles-a-f/cups-pk-helper-mechanism @@ -6,8 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/cups-pk-helper-mechanism -@{exec_path} += /{usr/,}lib/cups-pk-helper/cups-pk-helper-mechanism +@{exec_path} = @{libexec}/{,cups-pk-helper/}cups-pk-helper-mechanism @{exec_path} += /{usr/,}lib/@{multiarch}/cups-pk-helper-mechanism profile cups-pk-helper-mechanism @{exec_path} { include diff --git a/apparmor.d/profiles-a-f/evince b/apparmor.d/profiles-a-f/evince index 76cdf32d..65b5e464 100644 --- a/apparmor.d/profiles-a-f/evince +++ b/apparmor.d/profiles-a-f/evince @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}bin/evince /{usr/,}lib/evinced +@{exec_path} = /{usr/,}bin/evince @{libexec}/evinced profile evince @{exec_path} { include include diff --git a/apparmor.d/profiles-a-f/fwupd b/apparmor.d/profiles-a-f/fwupd index abbe890b..edfd4977 100644 --- a/apparmor.d/profiles-a-f/fwupd +++ b/apparmor.d/profiles-a-f/fwupd @@ -7,7 +7,7 @@ abi , include -@{exec_path} = /{usr/,}bin/fwupd @{libexec}/fwupd/fwupd +@{exec_path} = @{libexec}/{,fwupd/}fwupd profile fwupd @{exec_path} flags=(complain,attach_disconnected) { include include diff --git a/apparmor.d/profiles-g-l/gparted b/apparmor.d/profiles-g-l/gparted index b17e27d3..b6c640a5 100644 --- a/apparmor.d/profiles-g-l/gparted +++ b/apparmor.d/profiles-g-l/gparted @@ -30,8 +30,7 @@ profile gparted @{exec_path} { @{libexec}/gparted/gpartedbin rPx, @{libexec}/gpartedbin rPx, - /{usr/,}lib/udisks2/udisks2-inhibit rix, - @{libexec}/udisks2/udisks2-inhibit rix, + @{libexec}/{,udisks2/}udisks2-inhibit rix, @{run}/udev/rules.d/ rw, @{run}/udev/rules.d/90-udisks-inhibit.rules rw, diff --git a/apparmor.d/profiles-g-l/lightdm b/apparmor.d/profiles-g-l/lightdm index 7cc35ffb..527db871 100644 --- a/apparmor.d/profiles-g-l/lightdm +++ b/apparmor.d/profiles-g-l/lightdm @@ -1,5 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2017-2021 Mikhail Morfikov +# Copyright (C) 2023 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only abi , @@ -115,8 +116,7 @@ profile lightdm @{exec_path} { owner @{HOME}/.dmrc* rw, /var/cache/lightdm/dmrc/*.dmrc* rw, - /{usr/,}lib/at-spi2-core/at-spi-bus-launcher rPUx, - @{libexec}/at-spi-bus-launcher rPUx, + @{libexec}/{,at-spi2{,-core}/}at-spi-bus-launcher rPx, include if exists } diff --git a/apparmor.d/profiles-g-l/lightdm-gtk-greeter b/apparmor.d/profiles-g-l/lightdm-gtk-greeter index 5cfb8fed..7625a558 100644 --- a/apparmor.d/profiles-g-l/lightdm-gtk-greeter +++ b/apparmor.d/profiles-g-l/lightdm-gtk-greeter @@ -1,5 +1,6 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2017-2021 Mikhail Morfikov +# Copyright (C) 2023 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only abi , @@ -50,9 +51,7 @@ profile lightdm-gtk-greeter @{exec_path} { @{HOME}/.dmrc r, @{HOME}/.face r, - /{usr/,}lib/at-spi2-core/at-spi-bus-launcher rPUx, - @{libexec}/at-spi-bus-launcher rPUx, - + @{libexec}/{,at-spi2{,-core}/}at-spi-bus-launcher rPx, profile systemd { include diff --git a/apparmor.d/profiles-m-r/mission-control b/apparmor.d/profiles-m-r/mission-control index 4414a1dc..15371e90 100644 --- a/apparmor.d/profiles-m-r/mission-control +++ b/apparmor.d/profiles-m-r/mission-control @@ -6,8 +6,8 @@ abi , include -@{exec_path} = /{usr/,}lib/telepathy/mission-control-5 -profile mission-control @{exec_path} { +@{exec_path} = @{libexec}/{,telepathy/}mission-control-5 +profile mission-control @{exec_path} flags=(attach_disconnected) { include include diff --git a/apparmor.d/profiles-m-r/rtkit-daemon b/apparmor.d/profiles-m-r/rtkit-daemon index 71e44433..e3bf99f8 100644 --- a/apparmor.d/profiles-m-r/rtkit-daemon +++ b/apparmor.d/profiles-m-r/rtkit-daemon @@ -8,7 +8,7 @@ abi , include -@{exec_path} = @{libexec}/rtkit-daemon +@{exec_path} = @{libexec}/{,rtkit/}rtkit-daemon profile rtkit-daemon @{exec_path} flags=(attach_disconnected) { include include diff --git a/apparmor.d/profiles-s-z/udisksd b/apparmor.d/profiles-s-z/udisksd index 2ae3d0f2..877b5f70 100644 --- a/apparmor.d/profiles-s-z/udisksd +++ b/apparmor.d/profiles-s-z/udisksd @@ -7,8 +7,7 @@ abi , include -@{exec_path} = /{usr/,}lib/udisks2/udisksd -@{exec_path} += @{libexec}/udisks2/udisksd +@{exec_path} = @{libexec}/{,udisks2/}udisksd profile udisksd @{exec_path} flags=(attach_disconnected) { include include