From 7336b914cbb2df46c0a606fc86cd7850d78296f3 Mon Sep 17 00:00:00 2001
From: nobodysu <nobodysu@users.noreply.github.com>
Date: Wed, 1 Dec 2021 01:38:51 +0000
Subject: [PATCH] Update spectre-meltdown-checker

- since this script is not from a package it should, optionally, reside in `local` PATH
- allow to confine it with original name and without renaming
- use marco instead of repeating the path
---
 apparmor.d/profiles-s-z/spectre-meltdown-checker | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/apparmor.d/profiles-s-z/spectre-meltdown-checker b/apparmor.d/profiles-s-z/spectre-meltdown-checker
index 01e68b80..5ff0cce5 100644
--- a/apparmor.d/profiles-s-z/spectre-meltdown-checker
+++ b/apparmor.d/profiles-s-z/spectre-meltdown-checker
@@ -6,7 +6,7 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = /{usr/,}bin/spectre-meltdown-checker
+@{exec_path} = /{,usr/}{,local/}bin/spectre-meltdown-checker{,.sh}
 profile spectre-meltdown-checker @{exec_path} {
   include <abstractions/base>
 
@@ -77,7 +77,7 @@ profile spectre-meltdown-checker @{exec_path} {
   owner /tmp/intelfw-*/Intel-Linux-Processor-Microcode-Data-Files-master/** rw,
 
   owner @{HOME}/.mcedb rw,
-  owner /{usr/,}bin/spectre-meltdown-checker w,
+  owner @{exec_path} w,
 
         /tmp/ r,
   owner /tmp/{config,kernel}-* rw,