diff --git a/apparmor.d/abstractions/app-launcher-root b/apparmor.d/abstractions/app-launcher-root index 663ca367..d21e49b9 100644 --- a/apparmor.d/abstractions/app-launcher-root +++ b/apparmor.d/abstractions/app-launcher-root @@ -7,5 +7,5 @@ # Root app location / r, /usr/ r, - /{usr/,}sbin/ r, - /{usr/,}sbin/[a-z0-9]* rPUx, + /{usr/,}{s,}bin/ r, + /{usr/,}{s,}bin/[a-z0-9]* rPUx, diff --git a/apparmor.d/groups/apps/android-studio b/apparmor.d/groups/apps/android-studio index a1f7e8d4..04573fbe 100644 --- a/apparmor.d/groups/apps/android-studio +++ b/apparmor.d/groups/apps/android-studio @@ -64,7 +64,7 @@ profile android-studio @{exec_path} { /{usr/,}bin/cat rix, /{usr/,}bin/sed rix, - /{usr/,}sbin/ldconfig rix, + /{usr/,}{s,}bin/ldconfig rix, /{usr/,}bin/chmod rix, /{usr/,}bin/chattr rix, /{usr/,}bin/setsid rix, diff --git a/apparmor.d/groups/apps/calibre b/apparmor.d/groups/apps/calibre index 94f49030..db4c7af0 100644 --- a/apparmor.d/groups/apps/calibre +++ b/apparmor.d/groups/apps/calibre @@ -60,7 +60,7 @@ profile calibre @{exec_path} { #/{usr/,}bin/ r, /{usr/,}bin/{,ba,da}sh rix, - /{usr/,}sbin/ldconfig rix, + /{usr/,}{s,}bin/ldconfig rix, /{usr/,}bin/uname rix, /{usr/,}bin/file rix, diff --git a/apparmor.d/groups/apps/code b/apparmor.d/groups/apps/code index a36d30c5..67dd2f04 100644 --- a/apparmor.d/groups/apps/code +++ b/apparmor.d/groups/apps/code @@ -45,7 +45,7 @@ profile code @{exec_path} { #/{usr/,}bin/id rix, #/{usr/,}bin/readlink rix, #/{usr/,}bin/which rix, - #/{usr/,}sbin/ifconfig rix, + #/{usr/,}{s,}bin/ifconfig rix, /{usr/,}bin/lsb_release rPx -> child-lsb_release, diff --git a/apparmor.d/groups/apps/dropbox b/apparmor.d/groups/apps/dropbox index 4994dd6f..c0d303b8 100644 --- a/apparmor.d/groups/apps/dropbox +++ b/apparmor.d/groups/apps/dropbox @@ -55,7 +55,7 @@ profile dropbox @{exec_path} { /{usr/,}bin/readlink rix, /{usr/,}bin/dirname rix, /{usr/,}bin/uname rix, - /{usr/,}sbin/ldconfig rix, + /{usr/,}{s,}bin/ldconfig rix, /{usr/,}bin/{,@{multiarch}-}gcc-[0-9]* rix, /{usr/,}bin/{,@{multiarch}-}objdump rix, diff --git a/apparmor.d/profiles-a-l/adduser b/apparmor.d/profiles-a-l/adduser index 996d29a2..5c1add32 100644 --- a/apparmor.d/profiles-a-l/adduser +++ b/apparmor.d/profiles-a-l/adduser @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/add{user,group} +@{exec_path} = /{usr/,}{s,}bin/add{user,group} profile adduser @{exec_path} { include include @@ -35,11 +35,11 @@ profile adduser @{exec_path} { /{usr/,}bin/find rix, /{usr/,}bin/rm rix, - /{usr/,}sbin/useradd rPx, - /{usr/,}sbin/userdel rPx, - /{usr/,}sbin/groupdel rPx, - /{usr/,}sbin/groupadd rPx, - /{usr/,}sbin/usermod rPx, + /{usr/,}{s,}bin/useradd rPx, + /{usr/,}{s,}bin/userdel rPx, + /{usr/,}{s,}bin/groupdel rPx, + /{usr/,}{s,}bin/groupadd rPx, + /{usr/,}{s,}bin/usermod rPx, /{usr/,}bin/passwd rPx, /{usr/,}bin/gpasswd rPx, /{usr/,}bin/chfn rPx, diff --git a/apparmor.d/profiles-a-l/adequate b/apparmor.d/profiles-a-l/adequate index 7dd8ddfb..fa610246 100644 --- a/apparmor.d/profiles-a-l/adequate +++ b/apparmor.d/profiles-a-l/adequate @@ -18,7 +18,7 @@ profile adequate @{exec_path} flags=(complain) { @{exec_path} r, /{usr/,}bin/perl r, - /{usr/,}sbin/ldconfig rix, + /{usr/,}{s,}bin/ldconfig rix, # It wants to ldd all binaries/libs in packages. /{usr/,}bin/ldd rCx -> ldd, @@ -53,7 +53,7 @@ profile adequate @{exec_path} flags=(complain) { /{usr/,}bin/ldd mr, /{usr/,}bin/* mr, - /{usr/,}sbin/* mr, + /{usr/,}{s,}bin/* mr, /usr/games/* mr, /{usr/,}lib{,x}{,32,64}/** mr, /{usr/,}lib/@{multiarch}/** mr, diff --git a/apparmor.d/profiles-a-l/anki b/apparmor.d/profiles-a-l/anki index a156d62e..37d27ef5 100644 --- a/apparmor.d/profiles-a-l/anki +++ b/apparmor.d/profiles-a-l/anki @@ -31,7 +31,7 @@ profile anki @{exec_path} { @{exec_path} r, /{usr/,}bin/python3.[0-9]* r, - /{usr/,}sbin/ldconfig rix, + /{usr/,}{s,}bin/ldconfig rix, /{usr/,}bin/ r, /{usr/,}bin/lsb_release rPx -> child-lsb_release, diff --git a/apparmor.d/profiles-a-l/atftpd b/apparmor.d/profiles-a-l/atftpd index d01e11b8..309d2d6a 100644 --- a/apparmor.d/profiles-a-l/atftpd +++ b/apparmor.d/profiles-a-l/atftpd @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/atftpd +@{exec_path} = /{usr/,}{s,}bin/atftpd profile atftpd @{exec_path} { include include diff --git a/apparmor.d/profiles-a-l/badblocks b/apparmor.d/profiles-a-l/badblocks index 11c51aba..6d137d25 100644 --- a/apparmor.d/profiles-a-l/badblocks +++ b/apparmor.d/profiles-a-l/badblocks @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/badblocks +@{exec_path} = /{usr/,}{s,}bin/badblocks profile badblocks @{exec_path} { include include diff --git a/apparmor.d/profiles-a-l/biosdecode b/apparmor.d/profiles-a-l/biosdecode index 996b3d57..8d247a0d 100644 --- a/apparmor.d/profiles-a-l/biosdecode +++ b/apparmor.d/profiles-a-l/biosdecode @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/biosdecode +@{exec_path} = /{usr/,}{s,}bin/biosdecode profile biosdecode @{exec_path} { include diff --git a/apparmor.d/profiles-a-l/blkid b/apparmor.d/profiles-a-l/blkid index febb6778..fbdb7f18 100644 --- a/apparmor.d/profiles-a-l/blkid +++ b/apparmor.d/profiles-a-l/blkid @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/blkid +@{exec_path} = /{usr/,}{s,}bin/blkid profile blkid @{exec_path} { include include diff --git a/apparmor.d/profiles-a-l/blockdev b/apparmor.d/profiles-a-l/blockdev index a5e4f584..9e89d111 100644 --- a/apparmor.d/profiles-a-l/blockdev +++ b/apparmor.d/profiles-a-l/blockdev @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/blockdev +@{exec_path} = /{usr/,}{s,}bin/blockdev profile blockdev @{exec_path} { include include diff --git a/apparmor.d/profiles-a-l/cfdisk b/apparmor.d/profiles-a-l/cfdisk index f2cc3776..21eedf24 100644 --- a/apparmor.d/profiles-a-l/cfdisk +++ b/apparmor.d/profiles-a-l/cfdisk @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/cfdisk +@{exec_path} = /{usr/,}{s,}bin/cfdisk profile cfdisk @{exec_path} { include include diff --git a/apparmor.d/profiles-a-l/cgdisk b/apparmor.d/profiles-a-l/cgdisk index 82f0417f..4472c820 100644 --- a/apparmor.d/profiles-a-l/cgdisk +++ b/apparmor.d/profiles-a-l/cgdisk @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/cgdisk +@{exec_path} = /{usr/,}{s,}bin/cgdisk profile cgdisk @{exec_path} { include include diff --git a/apparmor.d/profiles-a-l/cgrulesengd b/apparmor.d/profiles-a-l/cgrulesengd index 075b915a..2e425a90 100644 --- a/apparmor.d/profiles-a-l/cgrulesengd +++ b/apparmor.d/profiles-a-l/cgrulesengd @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/cgrulesengd +@{exec_path} = /{usr/,}{s,}bin/cgrulesengd profile cgrulesengd @{exec_path} { include include diff --git a/apparmor.d/profiles-a-l/check-bios-nx b/apparmor.d/profiles-a-l/check-bios-nx index c6aee1b8..18f4800c 100644 --- a/apparmor.d/profiles-a-l/check-bios-nx +++ b/apparmor.d/profiles-a-l/check-bios-nx @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/check-bios-nx +@{exec_path} = /{usr/,}{s,}bin/check-bios-nx profile check-bios-nx @{exec_path} { include include @@ -24,7 +24,7 @@ profile check-bios-nx @{exec_path} { /{usr/,}bin/kmod rCx -> kmod, - /{usr/,}sbin/rdmsr rPx, + /{usr/,}{s,}bin/rdmsr rPx, owner @{PROC}/@{pid}/fd/2 w, diff --git a/apparmor.d/profiles-a-l/claws-mail b/apparmor.d/profiles-a-l/claws-mail index f538a858..5442fa73 100644 --- a/apparmor.d/profiles-a-l/claws-mail +++ b/apparmor.d/profiles-a-l/claws-mail @@ -34,7 +34,7 @@ profile claws-mail @{exec_path} flags=(complain) { /{usr/,}bin/orage rPUx, # For sending local mails - /{usr/,}sbin/exim4 rPUx, + /{usr/,}{s,}bin/exim4 rPUx, # For editing in an external editor /{usr/,}bin/geany rPUx, diff --git a/apparmor.d/profiles-a-l/cppw-cpgr b/apparmor.d/profiles-a-l/cppw-cpgr index c3fdc726..fc2ba446 100644 --- a/apparmor.d/profiles-a-l/cppw-cpgr +++ b/apparmor.d/profiles-a-l/cppw-cpgr @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/cp{pw,gr} +@{exec_path} = /{usr/,}{s,}bin/cp{pw,gr} profile cppw-cpgr @{exec_path} { include diff --git a/apparmor.d/profiles-a-l/crda b/apparmor.d/profiles-a-l/crda index 847b53b4..aa7aad6b 100644 --- a/apparmor.d/profiles-a-l/crda +++ b/apparmor.d/profiles-a-l/crda @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/crda +@{exec_path} = /{usr/,}{s,}bin/crda profile crda @{exec_path} { include diff --git a/apparmor.d/profiles-a-l/ddclient b/apparmor.d/profiles-a-l/ddclient index 62f574fd..1e8344c3 100644 --- a/apparmor.d/profiles-a-l/ddclient +++ b/apparmor.d/profiles-a-l/ddclient @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/ddclient +@{exec_path} = /{usr/,}{s,}bin/ddclient profile ddclient @{exec_path} { include include diff --git a/apparmor.d/profiles-a-l/debsecan b/apparmor.d/profiles-a-l/debsecan index efaf3034..fa35482c 100644 --- a/apparmor.d/profiles-a-l/debsecan +++ b/apparmor.d/profiles-a-l/debsecan @@ -27,7 +27,7 @@ profile debsecan @{exec_path} { /{usr/,}bin/{,ba,da}sh rix, # Send results using email - /{usr/,}sbin/exim4 rPx, + /{usr/,}{s,}bin/exim4 rPx, /etc/apt/apt.conf.d/{,*} r, /etc/apt/apt.conf r, diff --git a/apparmor.d/profiles-a-l/deluser b/apparmor.d/profiles-a-l/deluser index 7b88d981..3e826e8a 100644 --- a/apparmor.d/profiles-a-l/deluser +++ b/apparmor.d/profiles-a-l/deluser @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/del{user,group} +@{exec_path} = /{usr/,}{s,}bin/del{user,group} profile deluser @{exec_path} { include include @@ -24,8 +24,8 @@ profile deluser @{exec_path} { /{usr/,}bin/{,ba,da}sh rix, - /{usr/,}sbin/userdel rPx, - /{usr/,}sbin/groupdel rPx, + /{usr/,}{s,}bin/userdel rPx, + /{usr/,}{s,}bin/groupdel rPx, /{usr/,}bin/gpasswd rPx, /{usr/,}bin/crontab rPx, diff --git a/apparmor.d/profiles-a-l/dhclient b/apparmor.d/profiles-a-l/dhclient index 58792673..3466c6e8 100644 --- a/apparmor.d/profiles-a-l/dhclient +++ b/apparmor.d/profiles-a-l/dhclient @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/dhclient +@{exec_path} = /{usr/,}{s,}bin/dhclient profile dhclient @{exec_path} { include include @@ -32,7 +32,7 @@ profile dhclient @{exec_path} { @{exec_path} mr, # To run dhclient scripts - /{usr/,}sbin/dhclient-script rPx, + /{usr/,}{s,}bin/dhclient-script rPx, /etc/dhclient.conf r, /etc/dhcp/{,**} r, diff --git a/apparmor.d/profiles-a-l/dhclient-script b/apparmor.d/profiles-a-l/dhclient-script index a56ee523..9492abad 100644 --- a/apparmor.d/profiles-a-l/dhclient-script +++ b/apparmor.d/profiles-a-l/dhclient-script @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/dhclient-script +@{exec_path} = /{usr/,}{s,}bin/dhclient-script profile dhclient-script @{exec_path} { include include @@ -37,7 +37,7 @@ profile dhclient-script @{exec_path} { owner /tmp/dhclient-script.debug rw, # For ddclient script - /{usr/,}sbin/ddclient rPx, + /{usr/,}{s,}bin/ddclient rPx, /etc/default/ddclient r, /{usr/,}bin/logger rix, @@ -67,7 +67,7 @@ profile dhclient-script @{exec_path} { /etc/resolv.conf rw, # For stable-privacy addresses - /{usr/,}sbin/sysctl rix, + /{usr/,}{s,}bin/sysctl rix, /{usr/,}bin/head rix, /{usr/,}bin/xxd rix, /{usr/,}bin/paste rix, diff --git a/apparmor.d/profiles-a-l/dkms b/apparmor.d/profiles-a-l/dkms index 31d85361..c0014a6f 100644 --- a/apparmor.d/profiles-a-l/dkms +++ b/apparmor.d/profiles-a-l/dkms @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/dkms +@{exec_path} = /{usr/,}{s,}bin/dkms profile dkms @{exec_path} { include include diff --git a/apparmor.d/profiles-a-l/dkms-autoinstaller b/apparmor.d/profiles-a-l/dkms-autoinstaller index 48f7beaf..fafae428 100644 --- a/apparmor.d/profiles-a-l/dkms-autoinstaller +++ b/apparmor.d/profiles-a-l/dkms-autoinstaller @@ -17,7 +17,7 @@ profile dkms-autoinstaller @{exec_path} { /{usr/,}bin/readlink rix, /{usr/,}bin/tput rix, - /{usr/,}sbin/dkms rPx, + /{usr/,}{s,}bin/dkms rPx, /{usr/,}bin/run-parts rCx -> run-parts, /{usr/,}bin/systemctl rPx -> child-systemctl, diff --git a/apparmor.d/profiles-a-l/dmidecode b/apparmor.d/profiles-a-l/dmidecode index b8df84ec..ad8f2aeb 100644 --- a/apparmor.d/profiles-a-l/dmidecode +++ b/apparmor.d/profiles-a-l/dmidecode @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/dmidecode +@{exec_path} = /{usr/,}{s,}bin/dmidecode profile dmidecode @{exec_path} { include diff --git a/apparmor.d/profiles-a-l/dnscrypt-proxy b/apparmor.d/profiles-a-l/dnscrypt-proxy index 9e3febaa..d3a26ed2 100644 --- a/apparmor.d/profiles-a-l/dnscrypt-proxy +++ b/apparmor.d/profiles-a-l/dnscrypt-proxy @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/dnscrypt-proxy +@{exec_path} = /{usr/,}{s,}bin/dnscrypt-proxy profile dnscrypt-proxy @{exec_path} { include include diff --git a/apparmor.d/profiles-a-l/dumpe2fs b/apparmor.d/profiles-a-l/dumpe2fs index a59c6cff..4bcc2c9d 100644 --- a/apparmor.d/profiles-a-l/dumpe2fs +++ b/apparmor.d/profiles-a-l/dumpe2fs @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/{dumpe2fs,e2mmpstatus} +@{exec_path} = /{usr/,}{s,}bin/{dumpe2fs,e2mmpstatus} profile dumpe2fs @{exec_path} { include include diff --git a/apparmor.d/profiles-a-l/e2fsck b/apparmor.d/profiles-a-l/e2fsck index feebbafb..84e32894 100644 --- a/apparmor.d/profiles-a-l/e2fsck +++ b/apparmor.d/profiles-a-l/e2fsck @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/{e2fsck,fsck.ext2,fsck.ext3,fsck.ext4} +@{exec_path} = /{usr/,}{s,}bin/{e2fsck,fsck.ext2,fsck.ext3,fsck.ext4} profile e2fsck @{exec_path} { include include @@ -16,7 +16,7 @@ profile e2fsck @{exec_path} { # To check for badblocks /{usr/,}bin/{,ba,da}sh rix, - /{usr/,}sbin/badblocks rPx, + /{usr/,}{s,}bin/badblocks rPx, owner @{run}/blkid/blkid.tab{,-*} rw, owner @{run}/blkid/blkid.tab.old rwl -> @{run}/blkid/blkid.tab, diff --git a/apparmor.d/profiles-a-l/e2image b/apparmor.d/profiles-a-l/e2image index 9aa090c1..f460416a 100644 --- a/apparmor.d/profiles-a-l/e2image +++ b/apparmor.d/profiles-a-l/e2image @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/e2image +@{exec_path} = /{usr/,}{s,}bin/e2image profile e2image @{exec_path} { include include diff --git a/apparmor.d/profiles-a-l/exim4 b/apparmor.d/profiles-a-l/exim4 index d7b1ad0c..c8463b56 100644 --- a/apparmor.d/profiles-a-l/exim4 +++ b/apparmor.d/profiles-a-l/exim4 @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/exim4 +@{exec_path} = /{usr/,}{s,}bin/exim4 profile exim4 @{exec_path} { include include diff --git a/apparmor.d/profiles-a-l/f3fix b/apparmor.d/profiles-a-l/f3fix index ff8160f0..38c41388 100644 --- a/apparmor.d/profiles-a-l/f3fix +++ b/apparmor.d/profiles-a-l/f3fix @@ -27,7 +27,7 @@ profile f3fix @{exec_path} { /{usr/,}bin/{,ba,da}sh rix, - /{usr/,}sbin/dmidecode rPx, + /{usr/,}{s,}bin/dmidecode rPx, /{usr/,}bin/udevadm rCx -> udevadm, diff --git a/apparmor.d/profiles-a-l/fatlabel b/apparmor.d/profiles-a-l/fatlabel index e827bf48..10b1be89 100644 --- a/apparmor.d/profiles-a-l/fatlabel +++ b/apparmor.d/profiles-a-l/fatlabel @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/fatlabel +@{exec_path} = /{usr/,}{s,}bin/fatlabel profile fatlabel @{exec_path} { include include diff --git a/apparmor.d/profiles-a-l/fatresize b/apparmor.d/profiles-a-l/fatresize index 54c31593..2adb0f20 100644 --- a/apparmor.d/profiles-a-l/fatresize +++ b/apparmor.d/profiles-a-l/fatresize @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/fatresize +@{exec_path} = /{usr/,}{s,}bin/fatresize profile fatresize @{exec_path} { include include @@ -25,7 +25,7 @@ profile fatresize @{exec_path} { /{usr/,}bin/{,ba,da}sh rix, - /{usr/,}sbin/dmidecode rPx, + /{usr/,}{s,}bin/dmidecode rPx, /{usr/,}bin/udevadm rCx -> udevadm, diff --git a/apparmor.d/profiles-a-l/fdisk b/apparmor.d/profiles-a-l/fdisk index 4cc39c30..ed753175 100644 --- a/apparmor.d/profiles-a-l/fdisk +++ b/apparmor.d/profiles-a-l/fdisk @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/fdisk +@{exec_path} = /{usr/,}{s,}bin/fdisk profile fdisk @{exec_path} { include include diff --git a/apparmor.d/profiles-a-l/filecap b/apparmor.d/profiles-a-l/filecap index 72496884..a575cf2d 100644 --- a/apparmor.d/profiles-a-l/filecap +++ b/apparmor.d/profiles-a-l/filecap @@ -14,8 +14,8 @@ profile filecap @{exec_path} { @{exec_path} mr, # The default behavior is to check only the directories in the PATH environmental variable. - /{usr/,}sbin/ r, - /{usr/,}sbin/* r, + /{usr/,}{s,}bin/ r, + /{usr/,}{s,}bin/* r, /{usr/,}bin/ r, /{usr/,}bin/* r, /usr/local/sbin/ r, diff --git a/apparmor.d/profiles-a-l/fsck b/apparmor.d/profiles-a-l/fsck index 0db22723..b4e6ccd5 100644 --- a/apparmor.d/profiles-a-l/fsck +++ b/apparmor.d/profiles-a-l/fsck @@ -6,15 +6,15 @@ abi , include -@{exec_path} = /{usr/,}sbin/fsck +@{exec_path} = /{usr/,}{s,}bin/fsck profile fsck @{exec_path} { include include @{exec_path} mr, - /{usr/,}sbin/e2fsck rPx, - /{usr/,}sbin/fsck.* rPx, + /{usr/,}{s,}bin/e2fsck rPx, + /{usr/,}{s,}bin/fsck.* rPx, /etc/fstab r, diff --git a/apparmor.d/profiles-a-l/fsck-btrfs b/apparmor.d/profiles-a-l/fsck-btrfs index e6300385..9d6b1edf 100644 --- a/apparmor.d/profiles-a-l/fsck-btrfs +++ b/apparmor.d/profiles-a-l/fsck-btrfs @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/fsck.btrfs +@{exec_path} = /{usr/,}{s,}bin/fsck.btrfs profile fsck-btrfs @{exec_path} { include diff --git a/apparmor.d/profiles-a-l/fsck-fat b/apparmor.d/profiles-a-l/fsck-fat index 49acc69d..0c905206 100644 --- a/apparmor.d/profiles-a-l/fsck-fat +++ b/apparmor.d/profiles-a-l/fsck-fat @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/{fsck.fat,fsck.msdos,fsck.vfat,dosfsck} +@{exec_path} = /{usr/,}{s,}bin/{fsck.fat,fsck.msdos,fsck.vfat,dosfsck} profile fsck-fat @{exec_path} { include include diff --git a/apparmor.d/profiles-a-l/gajim b/apparmor.d/profiles-a-l/gajim index bc89d1f9..545eaa4c 100644 --- a/apparmor.d/profiles-a-l/gajim +++ b/apparmor.d/profiles-a-l/gajim @@ -35,7 +35,7 @@ profile gajim @{exec_path} { /{usr/,}bin/ r, /{usr/,}bin/{,ba,da}sh rix, /{usr/,}bin/uname rix, - /{usr/,}sbin/ldconfig rix, + /{usr/,}{s,}bin/ldconfig rix, # To play sounds /{usr/,}bin/aplay rCx -> audio, diff --git a/apparmor.d/profiles-a-l/gdisk b/apparmor.d/profiles-a-l/gdisk index 0e70a975..ccc89c36 100644 --- a/apparmor.d/profiles-a-l/gdisk +++ b/apparmor.d/profiles-a-l/gdisk @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/gdisk +@{exec_path} = /{usr/,}{s,}bin/gdisk profile gdisk @{exec_path} { include include diff --git a/apparmor.d/profiles-a-l/gparted b/apparmor.d/profiles-a-l/gparted index a3bcbc47..dc782428 100644 --- a/apparmor.d/profiles-a-l/gparted +++ b/apparmor.d/profiles-a-l/gparted @@ -6,15 +6,15 @@ abi , include -@{exec_path} = /{usr/,}sbin/gparted +@{exec_path} = /{usr/,}{s,}bin/gparted profile gparted @{exec_path} { include @{exec_path} r, /{usr/,}bin/{,ba,da}sh rix, - /{usr/,}sbin/ r, - /{usr/,}sbin/gpartedbin rPx, + /{usr/,}{s,}bin/ r, + /{usr/,}{s,}bin/gpartedbin rPx, /{usr/,}bin/ r, /{usr/,}bin/{,e}grep rix, @@ -26,12 +26,12 @@ profile gparted @{exec_path} { /{usr/,}bin/gawk rix, /{usr/,}lib/udisks2/udisks2-inhibit rix, - /usr/libexec/udisks2/udisks2-inhibit rix, + /usr/{lib,libexec}/udisks2/udisks2-inhibit rix, @{run}/udev/rules.d/ rw, @{run}/udev/rules.d/90-udisks-inhibit.rules rw, /{usr/,}bin/udevadm rCx -> udevadm, - /{usr/,}sbin/killall5 rCx -> killall, + /{usr/,}{s,}bin/killall5 rCx -> killall, /{usr/,}bin/ps rPx, /{usr/,}bin/xhost rPx, @@ -82,7 +82,7 @@ profile gparted @{exec_path} { ptrace (read), - /{usr/,}sbin/killall5 mr, + /{usr/,}{s,}bin/killall5 mr, # The /proc/ dir is needed to avoid the following error: # /proc: Permission denied diff --git a/apparmor.d/profiles-a-l/gpartedbin b/apparmor.d/profiles-a-l/gpartedbin index 0bef9e49..68e12063 100644 --- a/apparmor.d/profiles-a-l/gpartedbin +++ b/apparmor.d/profiles-a-l/gpartedbin @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/gpartedbin +@{exec_path} = /{usr/,}{s,}bin/gpartedbin profile gpartedbin @{exec_path} { include include @@ -39,29 +39,29 @@ profile gpartedbin @{exec_path} { /{usr/,}bin/{,ba,da}sh rix, - /{usr/,}sbin/dmidecode rPx, - /{usr/,}sbin/hdparm rPx, - /{usr/,}sbin/blkid rPx, + /{usr/,}{s,}bin/dmidecode rPx, + /{usr/,}{s,}bin/hdparm rPx, + /{usr/,}{s,}bin/blkid rPx, /{usr/,}bin/udevadm rCx -> udevadm, /{usr/,}bin/mount rCx -> mount, /{usr/,}bin/umount rCx -> umount, # RAID - /{usr/,}sbin/dmraid rPUx, + /{usr/,}{s,}bin/dmraid rPUx, # Device mapper - /{usr/,}sbin/dmsetup rPUx, + /{usr/,}{s,}bin/dmsetup rPUx, # LVM - /{usr/,}sbin/lvm rPUx, + /{usr/,}{s,}bin/lvm rPUx, # NTFS # The following tools link to mkntfs: # mkfs.ntfs - /{usr/,}sbin/mkntfs rPx, - /{usr/,}sbin/ntfslabel rPx, - /{usr/,}sbin/ntfsresize rPx, + /{usr/,}{s,}bin/mkntfs rPx, + /{usr/,}{s,}bin/ntfslabel rPx, + /{usr/,}{s,}bin/ntfsresize rPx, /{usr/,}bin/ntfsinfo rPx, # FAT16/32 @@ -73,41 +73,41 @@ profile gpartedbin @{exec_path} { /{usr/,}bin/mtools rPx, # The following tools link to mkfs.fat: # mkdosfs, mkfs.msdos, mkfs.vfat - /{usr/,}sbin/mkfs.fat rPx, + /{usr/,}{s,}bin/mkfs.fat rPx, # The following tools link to fsck.fat: # dosfsck, fsck.msdos, fsck.vfat - /{usr/,}sbin/fsck.fat rPx, + /{usr/,}{s,}bin/fsck.fat rPx, # EXT2/3/4 # The following tools link to mke2fs: # mkfs.ext2, mkfs.ext3, mkfs.ext4 - /{usr/,}sbin/mke2fs rPx, + /{usr/,}{s,}bin/mke2fs rPx, # The following tools link to e2fsck: # fsck.ext2, fsck.ext3, fsck.ext4 - /{usr/,}sbin/e2fsck rPx, - /{usr/,}sbin/resize2fs rPx, + /{usr/,}{s,}bin/e2fsck rPx, + /{usr/,}{s,}bin/resize2fs rPx, # The following tools link to dumpe2fs: # e2mmpstatus - /{usr/,}sbin/dumpe2fs rPx, + /{usr/,}{s,}bin/dumpe2fs rPx, # The following tools link to tune2fs: # e2label - /{usr/,}sbin/tune2fs rPx, - /{usr/,}sbin/e2image rPx, + /{usr/,}{s,}bin/tune2fs rPx, + /{usr/,}{s,}bin/e2image rPx, # BTRFS - /{usr/,}sbin/mkfs.btrfs rPx, + /{usr/,}{s,}bin/mkfs.btrfs rPx, # The following tools link to btrfs: # btrfsck /{usr/,}bin/btrfs rPx, /{usr/,}bin/btrfstune rPx, - /{usr/,}sbin/fsck.btrfs rPx, - /{usr/,}sbin/mkfs.btrfs rPx, + /{usr/,}{s,}bin/fsck.btrfs rPx, + /{usr/,}{s,}bin/mkfs.btrfs rPx, # SWAP - /{usr/,}sbin/mkswap rPx, - /{usr/,}sbin/swaplabel rPx, - /{usr/,}sbin/swapon rPx, - /{usr/,}sbin/swapoff rPx, + /{usr/,}{s,}bin/mkswap rPx, + /{usr/,}{s,}bin/swaplabel rPx, + /{usr/,}{s,}bin/swapon rPx, + /{usr/,}{s,}bin/swapoff rPx, /{usr/,}bin/xdg-open rCx -> open, /{usr/,}lib/@{multiarch}/glib-[0-9]*/gio-launch-desktop rCx -> open, diff --git a/apparmor.d/profiles-a-l/groupadd b/apparmor.d/profiles-a-l/groupadd index 681797fb..9561e3ad 100644 --- a/apparmor.d/profiles-a-l/groupadd +++ b/apparmor.d/profiles-a-l/groupadd @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/groupadd +@{exec_path} = /{usr/,}{s,}bin/groupadd profile groupadd @{exec_path} { include include diff --git a/apparmor.d/profiles-a-l/groupdel b/apparmor.d/profiles-a-l/groupdel index 58959d4a..e85807f1 100644 --- a/apparmor.d/profiles-a-l/groupdel +++ b/apparmor.d/profiles-a-l/groupdel @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/groupdel +@{exec_path} = /{usr/,}{s,}bin/groupdel profile groupdel @{exec_path} { include include diff --git a/apparmor.d/profiles-a-l/groupmod b/apparmor.d/profiles-a-l/groupmod index 6dc12b2a..7a5d595d 100644 --- a/apparmor.d/profiles-a-l/groupmod +++ b/apparmor.d/profiles-a-l/groupmod @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/groupmod +@{exec_path} = /{usr/,}{s,}bin/groupmod profile groupmod @{exec_path} { include include diff --git a/apparmor.d/profiles-a-l/grpck b/apparmor.d/profiles-a-l/grpck index 767491c4..bfa4734f 100644 --- a/apparmor.d/profiles-a-l/grpck +++ b/apparmor.d/profiles-a-l/grpck @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/grpck +@{exec_path} = /{usr/,}{s,}bin/grpck profile grpck @{exec_path} { include include diff --git a/apparmor.d/profiles-a-l/gsmartcontrol b/apparmor.d/profiles-a-l/gsmartcontrol index 16efefd3..ff5cdb1a 100644 --- a/apparmor.d/profiles-a-l/gsmartcontrol +++ b/apparmor.d/profiles-a-l/gsmartcontrol @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/gsmartcontrol +@{exec_path} = /{usr/,}{s,}bin/gsmartcontrol profile gsmartcontrol @{exec_path} { include include @@ -23,7 +23,7 @@ profile gsmartcontrol @{exec_path} { @{exec_path} mr, - /{usr/,}sbin/smartctl rPx, + /{usr/,}{s,}bin/smartctl rPx, /{usr/,}bin/xterm rCx -> terminal, # When gsmartcontrol is run as root, it wants to exec dbus-launch, and hence it creates the two diff --git a/apparmor.d/profiles-a-l/hardinfo b/apparmor.d/profiles-a-l/hardinfo index b18d71b8..11228043 100644 --- a/apparmor.d/profiles-a-l/hardinfo +++ b/apparmor.d/profiles-a-l/hardinfo @@ -44,7 +44,7 @@ profile hardinfo @{exec_path} { /{usr/,}bin/gdb rix, /{usr/,}bin/last rix, /{usr/,}bin/iconv rix, - /{usr/,}sbin/route rix, + /{usr/,}{s,}bin/route rix, /{usr/,}bin/valgrind{,.bin} rix, /{usr/,}lib/@{multiarch}/valgrind/memcheck-*-linux rix, diff --git a/apparmor.d/profiles-a-l/hddtemp b/apparmor.d/profiles-a-l/hddtemp index ab45bed2..af36d618 100644 --- a/apparmor.d/profiles-a-l/hddtemp +++ b/apparmor.d/profiles-a-l/hddtemp @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/hddtemp +@{exec_path} = /{usr/,}{s,}bin/hddtemp profile hddtemp @{exec_path} { include diff --git a/apparmor.d/profiles-a-l/hdparm b/apparmor.d/profiles-a-l/hdparm index b1390ecd..7e3580c3 100644 --- a/apparmor.d/profiles-a-l/hdparm +++ b/apparmor.d/profiles-a-l/hdparm @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/hdparm +@{exec_path} = /{usr/,}{s,}bin/hdparm profile hdparm @{exec_path} flags=(complain) { include include diff --git a/apparmor.d/profiles-a-l/hw-probe b/apparmor.d/profiles-a-l/hw-probe index a4ff6dad..bf428473 100644 --- a/apparmor.d/profiles-a-l/hw-probe +++ b/apparmor.d/profiles-a-l/hw-probe @@ -36,19 +36,19 @@ profile hw-probe @{exec_path} { /{usr/,}bin/lsb_release rPx -> child-lsb_release, /{usr/,}bin/dpkg rPx -> child-dpkg, - /{usr/,}sbin/dkms rPx, - /{usr/,}sbin/fdisk rPx, + /{usr/,}{s,}bin/dkms rPx, + /{usr/,}{s,}bin/fdisk rPx, /{usr/,}bin/upower rPx, - /{usr/,}sbin/hdparm rPx, - /{usr/,}sbin/smartctl rPx, + /{usr/,}{s,}bin/hdparm rPx, + /{usr/,}{s,}bin/smartctl rPx, /{usr/,}bin/sensors rPx, /{usr/,}bin/lsblk rPx, /{usr/,}bin/dmesg rPx, /{usr/,}bin/hciconfig rPx, /{usr/,}bin/uptime rPx, - /{usr/,}sbin/rfkill rPx, - /{usr/,}sbin/biosdecode rPx, - /{usr/,}sbin/dmidecode rPx, + /{usr/,}{s,}bin/rfkill rPx, + /{usr/,}{s,}bin/biosdecode rPx, + /{usr/,}{s,}bin/dmidecode rPx, /{usr/,}bin/edid-decode rPx, /{usr/,}bin/cpupower rPx, /{usr/,}bin/acpi rPx, @@ -56,11 +56,11 @@ profile hw-probe @{exec_path} { /{usr/,}bin/lscpu rPx, /{usr/,}bin/lsusb rPx, /{usr/,}bin/usb-devices rPx, - /{usr/,}sbin/hwinfo rPx, + /{usr/,}{s,}bin/hwinfo rPx, /{usr/,}bin/glxinfo rPx, - /{usr/,}sbin/i2cdetect rPx, + /{usr/,}{s,}bin/i2cdetect rPx, /{usr/,}bin/glxgears rPx, - /{usr/,}sbin/memtester rPx, + /{usr/,}{s,}bin/memtester rPx, /{usr/,}bin/xrandr rPx, /{usr/,}bin/inxi rPx, /{usr/,}bin/aplay rPx, @@ -78,10 +78,10 @@ profile hw-probe @{exec_path} { /{usr/,}bin/killall rCx -> killall, /{usr/,}bin/udevadm rCx -> udevadm, /{usr/,}bin/kmod rCx -> kmod, - /{usr/,}sbin/iw rCx -> netconfig, - /{usr/,}sbin/ifconfig rCx -> netconfig, - /{usr/,}sbin/iwconfig rCx -> netconfig, - /{usr/,}sbin/ethtool rCx -> netconfig, + /{usr/,}{s,}bin/iw rCx -> netconfig, + /{usr/,}{s,}bin/ifconfig rCx -> netconfig, + /{usr/,}{s,}bin/iwconfig rCx -> netconfig, + /{usr/,}{s,}bin/ethtool rCx -> netconfig, /{usr/,}bin/curl rCx -> curl, owner /root/HW_PROBE/{,**} rw, @@ -221,10 +221,10 @@ profile hw-probe @{exec_path} { network appletalk dgram, network netlink raw, - /{usr/,}sbin/iw mr, - /{usr/,}sbin/ifconfig mr, - /{usr/,}sbin/iwconfig mr, - /{usr/,}sbin/ethtool mr, + /{usr/,}{s,}bin/iw mr, + /{usr/,}{s,}bin/ifconfig mr, + /{usr/,}{s,}bin/iwconfig mr, + /{usr/,}{s,}bin/ethtool mr, owner @{PROC}/@{pid}/net/if_inet6 r, owner @{PROC}/@{pid}/net/dev r, diff --git a/apparmor.d/profiles-a-l/hwinfo b/apparmor.d/profiles-a-l/hwinfo index 68220c8e..1994ae75 100644 --- a/apparmor.d/profiles-a-l/hwinfo +++ b/apparmor.d/profiles-a-l/hwinfo @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/hwinfo +@{exec_path} = /{usr/,}{s,}bin/hwinfo profile hwinfo @{exec_path} { include include @@ -36,7 +36,7 @@ profile hwinfo @{exec_path} { /{usr/,}bin/kmod rCx -> kmod, /{usr/,}bin/udevadm rCx -> udevadm, - /{usr/,}sbin/dmraid rPUx, + /{usr/,}{s,}bin/dmraid rPUx, @{PROC}/version r, @{PROC}/cmdline r, diff --git a/apparmor.d/profiles-a-l/hypnotix b/apparmor.d/profiles-a-l/hypnotix index 2b504f39..9a17e6d3 100644 --- a/apparmor.d/profiles-a-l/hypnotix +++ b/apparmor.d/profiles-a-l/hypnotix @@ -42,7 +42,7 @@ profile hypnotix @{exec_path} { /{usr/,}bin/{,ba,da}sh rix, - /{usr/,}sbin/ldconfig rix, + /{usr/,}{s,}bin/ldconfig rix, /{usr/,}bin/mkdir rix, /{usr/,}bin/xdg-screensaver rCx -> xdg-screensaver, diff --git a/apparmor.d/profiles-a-l/i2cdetect b/apparmor.d/profiles-a-l/i2cdetect index 43dffa64..65886e1f 100644 --- a/apparmor.d/profiles-a-l/i2cdetect +++ b/apparmor.d/profiles-a-l/i2cdetect @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/i2cdetect +@{exec_path} = /{usr/,}{s,}bin/i2cdetect profile i2cdetect @{exec_path} { include diff --git a/apparmor.d/profiles-a-l/ifconfig b/apparmor.d/profiles-a-l/ifconfig index cd9bd737..c696dd59 100644 --- a/apparmor.d/profiles-a-l/ifconfig +++ b/apparmor.d/profiles-a-l/ifconfig @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/ifconfig +@{exec_path} = /{usr/,}{s,}bin/ifconfig profile ifconfig @{exec_path} { include include diff --git a/apparmor.d/profiles-a-l/ifup b/apparmor.d/profiles-a-l/ifup index 4384af93..a495d26a 100644 --- a/apparmor.d/profiles-a-l/ifup +++ b/apparmor.d/profiles-a-l/ifup @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/{ifup,ifdown,ifquery} +@{exec_path} = /{usr/,}{s,}bin/{ifup,ifdown,ifquery} profile ifup @{exec_path} { include @@ -24,7 +24,7 @@ profile ifup @{exec_path} { /{usr/,}bin/ip rix, /{usr/,}bin/sleep rix, - /{usr/,}sbin/dhclient rPx, + /{usr/,}{s,}bin/dhclient rPx, /{usr/,}bin/macchanger rPx, /{usr/,}bin/run-parts rCx -> run-parts, diff --git a/apparmor.d/profiles-a-l/initd-kexec b/apparmor.d/profiles-a-l/initd-kexec index 1ed53435..3724f75c 100644 --- a/apparmor.d/profiles-a-l/initd-kexec +++ b/apparmor.d/profiles-a-l/initd-kexec @@ -18,7 +18,7 @@ profile initd-kexec @{exec_path} { /{usr/,}bin/tput rix, /{usr/,}bin/echo rix, - /{usr/,}sbin/kexec rPx, + /{usr/,}{s,}bin/kexec rPx, /{usr/,}bin/run-parts rCx -> run-parts, /{usr/,}bin/systemctl rCx -> systemctl, diff --git a/apparmor.d/profiles-a-l/initd-kexec-load b/apparmor.d/profiles-a-l/initd-kexec-load index 881dfd07..feeb7e32 100644 --- a/apparmor.d/profiles-a-l/initd-kexec-load +++ b/apparmor.d/profiles-a-l/initd-kexec-load @@ -25,7 +25,7 @@ profile initd-kexec-load @{exec_path} { /{usr/,}bin/readlink rix, /{usr/,}bin/tput rix, - /{usr/,}sbin/kexec rPx, + /{usr/,}{s,}bin/kexec rPx, /{usr/,}bin/run-parts rCx -> run-parts, /{usr/,}bin/systemctl rCx -> systemctl, diff --git a/apparmor.d/profiles-a-l/inxi b/apparmor.d/profiles-a-l/inxi index f9167e41..ab794bba 100644 --- a/apparmor.d/profiles-a-l/inxi +++ b/apparmor.d/profiles-a-l/inxi @@ -51,19 +51,19 @@ profile inxi @{exec_path} { /{usr/,}bin/lsblk rPx, /{usr/,}bin/sensors rPx, /{usr/,}bin/uptime rPx, - /{usr/,}sbin/dmidecode rPx, + /{usr/,}{s,}bin/dmidecode rPx, /{usr/,}bin/xdpyinfo rPx, /{usr/,}bin/who rPx, /{usr/,}bin/xprop rPx, /{usr/,}bin/df rPx, - /{usr/,}sbin/blockdev rPx, + /{usr/,}{s,}bin/blockdev rPx, /{usr/,}bin/dig rPx, /{usr/,}bin/ps rPx, /{usr/,}bin/sudo rPx, /{usr/,}bin/openbox rPx, /{usr/,}bin/xset rPx, - /{usr/,}sbin/smartctl rPx, - /{usr/,}sbin/hddtemp rPx, + /{usr/,}{s,}bin/smartctl rPx, + /{usr/,}{s,}bin/hddtemp rPx, /etc/ r, /etc/inxi.conf r, diff --git a/apparmor.d/profiles-a-l/iotop b/apparmor.d/profiles-a-l/iotop index 61508f78..a40de22a 100644 --- a/apparmor.d/profiles-a-l/iotop +++ b/apparmor.d/profiles-a-l/iotop @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/iotop +@{exec_path} = /{usr/,}{s,}bin/iotop profile iotop @{exec_path} { include include @@ -23,7 +23,7 @@ profile iotop @{exec_path} { /{usr/,}bin/file rix, - /{usr/,}sbin/ r, + /{usr/,}{s,}bin/ r, @{PROC}/ r, @{PROC}/vmstat r, diff --git a/apparmor.d/profiles-a-l/iw b/apparmor.d/profiles-a-l/iw index bad597a0..5497a220 100644 --- a/apparmor.d/profiles-a-l/iw +++ b/apparmor.d/profiles-a-l/iw @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/iw +@{exec_path} = /{usr/,}{s,}bin/iw profile iw @{exec_path} { include diff --git a/apparmor.d/profiles-a-l/iwlist b/apparmor.d/profiles-a-l/iwlist index fc488d8b..44d677df 100644 --- a/apparmor.d/profiles-a-l/iwlist +++ b/apparmor.d/profiles-a-l/iwlist @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/iwlist +@{exec_path} = /{usr/,}{s,}bin/iwlist profile iwlist @{exec_path} { include diff --git a/apparmor.d/profiles-a-l/jdownloader b/apparmor.d/profiles-a-l/jdownloader index 170f2db2..92403942 100644 --- a/apparmor.d/profiles-a-l/jdownloader +++ b/apparmor.d/profiles-a-l/jdownloader @@ -88,7 +88,7 @@ profile jdownloader @{exec_path} { # For Reconnect -> Share Settings/Get Route #/{usr/,}bin/netstat rix, - #/{usr/,}sbin/route rix, + #/{usr/,}{s,}bin/route rix, #/{usr/,}bin/ping rix, #/{usr/,}bin/ip rix, #@{PROC}/@{pid}/net/route r, diff --git a/apparmor.d/profiles-a-l/kcheckpass b/apparmor.d/profiles-a-l/kcheckpass index a95a81f5..1e858737 100644 --- a/apparmor.d/profiles-a-l/kcheckpass +++ b/apparmor.d/profiles-a-l/kcheckpass @@ -17,7 +17,7 @@ profile kcheckpass @{exec_path} { @{exec_path} mr, - /{usr/,}sbin/unix_chkpwd rPx, + /{usr/,}{s,}bin/unix_chkpwd rPx, # file_inherit owner @{HOME}/.xsession-errors w, diff --git a/apparmor.d/profiles-a-l/kerneloops b/apparmor.d/profiles-a-l/kerneloops index 4aa3cf4d..4efe443e 100644 --- a/apparmor.d/profiles-a-l/kerneloops +++ b/apparmor.d/profiles-a-l/kerneloops @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/kerneloops +@{exec_path} = /{usr/,}{s,}bin/kerneloops profile kerneloops @{exec_path} { include include diff --git a/apparmor.d/profiles-a-l/kexec b/apparmor.d/profiles-a-l/kexec index 55efcc29..5c3cb113 100644 --- a/apparmor.d/profiles-a-l/kexec +++ b/apparmor.d/profiles-a-l/kexec @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/kexec +@{exec_path} = /{usr/,}{s,}bin/kexec profile kexec @{exec_path} flags=(complain) { include diff --git a/apparmor.d/profiles-a-l/kmod b/apparmor.d/profiles-a-l/kmod index 9b76134c..95bebd4b 100644 --- a/apparmor.d/profiles-a-l/kmod +++ b/apparmor.d/profiles-a-l/kmod @@ -9,7 +9,7 @@ include @{BUILD_DIR} = /media/debuilder/ @{exec_path} = /{usr/,}bin/{kmod,lsmod} -@{exec_path} += /{usr/,}sbin/{depmod,insmod,lsmod,rmmod,modinfo,modprobe} +@{exec_path} += /{usr/,}{s,}bin/{depmod,insmod,lsmod,rmmod,modinfo,modprobe} profile kmod @{exec_path} { include include diff --git a/apparmor.d/profiles-a-l/kodi b/apparmor.d/profiles-a-l/kodi index 4ab76162..46efaa73 100644 --- a/apparmor.d/profiles-a-l/kodi +++ b/apparmor.d/profiles-a-l/kodi @@ -33,7 +33,7 @@ profile kodi @{exec_path} { /{usr/,}bin/cat rix, /{usr/,}bin/cut rix, /{usr/,}bin/dirname rix, - /{usr/,}sbin/ldconfig rix, + /{usr/,}{s,}bin/ldconfig rix, /{usr/,}bin/lsb_release rPx -> child-lsb_release, /{usr/,}bin/df rCx -> df, diff --git a/apparmor.d/profiles-a-l/kvm-ok b/apparmor.d/profiles-a-l/kvm-ok index 8784cd56..2ebb8b08 100644 --- a/apparmor.d/profiles-a-l/kvm-ok +++ b/apparmor.d/profiles-a-l/kvm-ok @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/kvm-ok +@{exec_path} = /{usr/,}{s,}bin/kvm-ok profile kvm-ok @{exec_path} { include @@ -19,7 +19,7 @@ profile kvm-ok @{exec_path} { /{usr/,}bin/kmod rCx -> kmod, - /{usr/,}sbin/rdmsr rPx, + /{usr/,}{s,}bin/rdmsr rPx, #/proc/cpuinfo r, #/dev/kvm r, diff --git a/apparmor.d/profiles-a-l/labwc b/apparmor.d/profiles-a-l/labwc index 76ae9721..999dd1e3 100644 --- a/apparmor.d/profiles-a-l/labwc +++ b/apparmor.d/profiles-a-l/labwc @@ -27,9 +27,9 @@ profile labwc @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, # Apps allowed to run - /{usr/,}sbin/* rPUx, + /{usr/,}{s,}bin/* rPUx, /{usr/,}bin/* rPUx, - /usr/libexec/* rPUx, + /usr/{lib,libexec}/* rPUx, owner @{user_config_dirs}/labwc/ r, owner @{user_config_dirs}/labwc/* r, diff --git a/apparmor.d/profiles-a-l/lightdm b/apparmor.d/profiles-a-l/lightdm index 8d77df08..ace96c0a 100644 --- a/apparmor.d/profiles-a-l/lightdm +++ b/apparmor.d/profiles-a-l/lightdm @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/lightdm +@{exec_path} = /{usr/,}{s,}bin/lightdm profile lightdm @{exec_path} { include include @@ -66,7 +66,7 @@ profile lightdm @{exec_path} { /{usr/,}bin/plymouth mrix, /{usr/,}bin/Xorg rPx, - /{usr/,}sbin/lightdm-gtk-greeter rPx, + /{usr/,}{s,}bin/lightdm-gtk-greeter rPx, /{usr/,}bin/startx rPx, /etc/X11/Xsession rPUx, diff --git a/apparmor.d/profiles-a-l/lightdm-gtk-greeter b/apparmor.d/profiles-a-l/lightdm-gtk-greeter index 0bfa2d62..f05f3737 100644 --- a/apparmor.d/profiles-a-l/lightdm-gtk-greeter +++ b/apparmor.d/profiles-a-l/lightdm-gtk-greeter @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/lightdm-gtk-greeter +@{exec_path} = /{usr/,}{s,}bin/lightdm-gtk-greeter profile lightdm-gtk-greeter @{exec_path} { include include diff --git a/apparmor.d/profiles-a-l/linssid b/apparmor.d/profiles-a-l/linssid index 292baf13..e9ba32da 100644 --- a/apparmor.d/profiles-a-l/linssid +++ b/apparmor.d/profiles-a-l/linssid @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/linssid /{usr/,}bin/linssid-pkexec +@{exec_path} = /{usr/,}{s,}bin/linssid /{usr/,}bin/linssid-pkexec profile linssid @{exec_path} { include include @@ -42,7 +42,7 @@ profile linssid @{exec_path} { deny /{usr/,}bin/dbus-launch rx, deny /{usr/,}bin/dbus-send rx, - /{usr/,}sbin/iw rCx -> iw, + /{usr/,}{s,}bin/iw rCx -> iw, /{usr/,}bin/pkexec rPx, # For regular run as root user @@ -84,7 +84,7 @@ profile linssid @{exec_path} { network netlink raw, - /{usr/,}sbin/iw mr, + /{usr/,}{s,}bin/iw mr, # file_inherit owner @{HOME}/.linssid.prefs rw, diff --git a/apparmor.d/profiles-a-l/localepurge b/apparmor.d/profiles-a-l/localepurge index 0bcc34d8..8e3b54c4 100644 --- a/apparmor.d/profiles-a-l/localepurge +++ b/apparmor.d/profiles-a-l/localepurge @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/localepurge +@{exec_path} = /{usr/,}{s,}bin/localepurge profile localepurge @{exec_path} { include include diff --git a/apparmor.d/profiles-a-l/logrotate b/apparmor.d/profiles-a-l/logrotate index 9d8ed4ca..faa0adf1 100644 --- a/apparmor.d/profiles-a-l/logrotate +++ b/apparmor.d/profiles-a-l/logrotate @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/logrotate +@{exec_path} = /{usr/,}{s,}bin/logrotate profile logrotate @{exec_path} flags=(attach_disconnected, complain) { include include @@ -26,18 +26,18 @@ profile logrotate @{exec_path} flags=(attach_disconnected, complain) { @{exec_path} mr, - /{usr/,}sbin/ r, + /{usr/,}{s,}bin/ r, /{usr/,}bin/{,ba,da}sh rix, /{usr/,}bin/ls rix, /{usr/,}bin/gzip rix, - /{usr/,}sbin/invoke-rc.d rix, + /{usr/,}{s,}bin/invoke-rc.d rix, /{usr/,}lib/rsyslog/rsyslog-rotate rix, # no new privs #/{usr/,}bin/systemctl rCx -> systemctl, /{usr/,}bin/systemctl rix, - /{usr/,}sbin/runlevel rix, + /{usr/,}{s,}bin/runlevel rix, include ptrace (read), capability sys_ptrace, diff --git a/apparmor.d/profiles-m-z/memtester b/apparmor.d/profiles-m-z/memtester index 6479391d..032115fd 100644 --- a/apparmor.d/profiles-m-z/memtester +++ b/apparmor.d/profiles-m-z/memtester @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/memtester +@{exec_path} = /{usr/,}{s,}bin/memtester profile memtester @{exec_path} { include diff --git a/apparmor.d/profiles-m-z/mke2fs b/apparmor.d/profiles-m-z/mke2fs index 305c817b..a13f1d00 100644 --- a/apparmor.d/profiles-m-z/mke2fs +++ b/apparmor.d/profiles-m-z/mke2fs @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/{mke2fs,mkfs.ext2,mkfs.ext3,mkfs.ext4} +@{exec_path} = /{usr/,}{s,}bin/{mke2fs,mkfs.ext2,mkfs.ext3,mkfs.ext4} profile mke2fs @{exec_path} { include include @@ -16,7 +16,7 @@ profile mke2fs @{exec_path} { # To check for badblocks /{usr/,}bin/{,ba,da}sh rix, - /{usr/,}sbin/badblocks rPx, + /{usr/,}{s,}bin/badblocks rPx, /etc/mke2fs.conf r, diff --git a/apparmor.d/profiles-m-z/mkfs-btrfs b/apparmor.d/profiles-m-z/mkfs-btrfs index 50a92cb5..e0d21cf2 100644 --- a/apparmor.d/profiles-m-z/mkfs-btrfs +++ b/apparmor.d/profiles-m-z/mkfs-btrfs @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/mkfs.btrfs +@{exec_path} = /{usr/,}{s,}bin/mkfs.btrfs profile mkfs-btrfs @{exec_path} { include include diff --git a/apparmor.d/profiles-m-z/mkfs-fat b/apparmor.d/profiles-m-z/mkfs-fat index 5e347e68..39761c7a 100644 --- a/apparmor.d/profiles-m-z/mkfs-fat +++ b/apparmor.d/profiles-m-z/mkfs-fat @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/{mkfs.fat,mkfs.msdos,mkfs.vfat,mkdosfs} +@{exec_path} = /{usr/,}{s,}bin/{mkfs.fat,mkfs.msdos,mkfs.vfat,mkdosfs} profile mkfs-fat @{exec_path} { include include diff --git a/apparmor.d/profiles-m-z/mkntfs b/apparmor.d/profiles-m-z/mkntfs index e2ff6a0f..907a6054 100644 --- a/apparmor.d/profiles-m-z/mkntfs +++ b/apparmor.d/profiles-m-z/mkntfs @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/{mkntfs,mkfs.ntfs} +@{exec_path} = /{usr/,}{s,}bin/{mkntfs,mkfs.ntfs} profile mkntfs @{exec_path} { include include diff --git a/apparmor.d/profiles-m-z/mkswap b/apparmor.d/profiles-m-z/mkswap index 770c4e8c..a4f3917b 100644 --- a/apparmor.d/profiles-m-z/mkswap +++ b/apparmor.d/profiles-m-z/mkswap @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/mkswap +@{exec_path} = /{usr/,}{s,}bin/mkswap profile mkswap @{exec_path} { include include diff --git a/apparmor.d/profiles-m-z/mount b/apparmor.d/profiles-m-z/mount index 8caa9406..b7cb693a 100644 --- a/apparmor.d/profiles-m-z/mount +++ b/apparmor.d/profiles-m-z/mount @@ -30,10 +30,10 @@ profile mount @{exec_path} flags=(complain) { @{exec_path} mr, - /{usr/,}bin/ntfs-3g rPx, - /{usr/,}bin/lowntfs-3g rPx, - /{usr/,}bin/sshfs rPx, - /{usr/,}sbin/mount.* rPx, + /{usr/,}bin/ntfs-3g rPx, + /{usr/,}{s,}bin/lowntfs-3g rPx, + /{usr/,}bin/sshfs rPx, + /{usr/,}{s,}bin/mount.* rPx, # Mount points /media/*/ r, diff --git a/apparmor.d/profiles-m-z/mount-cifs b/apparmor.d/profiles-m-z/mount-cifs index b89c8410..58031467 100644 --- a/apparmor.d/profiles-m-z/mount-cifs +++ b/apparmor.d/profiles-m-z/mount-cifs @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/mount.cifs +@{exec_path} = /{usr/,}{s,bin}/mount.cifs profile mount-cifs @{exec_path} flags=(complain) { include include diff --git a/apparmor.d/profiles-m-z/mount-nfs b/apparmor.d/profiles-m-z/mount-nfs index 691e88d5..0b09e453 100644 --- a/apparmor.d/profiles-m-z/mount-nfs +++ b/apparmor.d/profiles-m-z/mount-nfs @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/mount.nfs +@{exec_path} = /{usr/,}{s,bin}/mount.nfs profile mount-nfs @{exec_path} flags=(complain) { include include diff --git a/apparmor.d/profiles-m-z/mpsyt b/apparmor.d/profiles-m-z/mpsyt index 531ab2d2..abb70193 100644 --- a/apparmor.d/profiles-m-z/mpsyt +++ b/apparmor.d/profiles-m-z/mpsyt @@ -29,7 +29,7 @@ profile mpsyt @{exec_path} { /{usr/,}bin/ r, /{usr/,}bin/tset rix, - /{usr/,}sbin/ldconfig rix, + /{usr/,}{s,}bin/ldconfig rix, /{usr/,}bin/uname rix, /{usr/,}bin/mpv rPUx, diff --git a/apparmor.d/profiles-m-z/nethogs b/apparmor.d/profiles-m-z/nethogs index 45ad8c8d..012a0a16 100644 --- a/apparmor.d/profiles-m-z/nethogs +++ b/apparmor.d/profiles-m-z/nethogs @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/nethogs +@{exec_path} = /{usr/,}{s,}bin/nethogs profile nethogs @{exec_path} { include include diff --git a/apparmor.d/profiles-m-z/nft b/apparmor.d/profiles-m-z/nft index f82f72cc..efe8bc6e 100644 --- a/apparmor.d/profiles-m-z/nft +++ b/apparmor.d/profiles-m-z/nft @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/nft +@{exec_path} = /{usr/,}{s,}bin/nft profile nft @{exec_path} { include include diff --git a/apparmor.d/profiles-m-z/ntfs-3g b/apparmor.d/profiles-m-z/ntfs-3g index d58959c9..e49903f2 100644 --- a/apparmor.d/profiles-m-z/ntfs-3g +++ b/apparmor.d/profiles-m-z/ntfs-3g @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}bin/{low,}ntfs{,-3g} -@{exec_path} += /{usr/,}sbin/mount.{low,}ntfs{,-3g} +@{exec_path} += /{usr/,}{s,}bin/mount.{low,}ntfs{,-3g} profile ntfs-3g @{exec_path} { include include diff --git a/apparmor.d/profiles-m-z/ntfsclone b/apparmor.d/profiles-m-z/ntfsclone index 1fd0bbe4..f7004bd2 100644 --- a/apparmor.d/profiles-m-z/ntfsclone +++ b/apparmor.d/profiles-m-z/ntfsclone @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/ntfsclone +@{exec_path} = /{usr/,}{s,}bin/ntfsclone profile ntfsclone @{exec_path} { include include diff --git a/apparmor.d/profiles-m-z/ntfscp b/apparmor.d/profiles-m-z/ntfscp index b22b21c5..ac6197c3 100644 --- a/apparmor.d/profiles-m-z/ntfscp +++ b/apparmor.d/profiles-m-z/ntfscp @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/ntfscp +@{exec_path} = /{usr/,}{s,}bin/ntfscp profile ntfscp @{exec_path} { include include diff --git a/apparmor.d/profiles-m-z/ntfslabel b/apparmor.d/profiles-m-z/ntfslabel index 70d11653..46195989 100644 --- a/apparmor.d/profiles-m-z/ntfslabel +++ b/apparmor.d/profiles-m-z/ntfslabel @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/ntfslabel +@{exec_path} = /{usr/,}{s,}bin/ntfslabel profile ntfslabel @{exec_path} { include include diff --git a/apparmor.d/profiles-m-z/ntfsresize b/apparmor.d/profiles-m-z/ntfsresize index 4363aac2..b0eb66b1 100644 --- a/apparmor.d/profiles-m-z/ntfsresize +++ b/apparmor.d/profiles-m-z/ntfsresize @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/ntfsresize +@{exec_path} = /{usr/,}{s,}bin/ntfsresize profile ntfsresize @{exec_path} { include include diff --git a/apparmor.d/profiles-m-z/ntfsundelete b/apparmor.d/profiles-m-z/ntfsundelete index 9864f892..dee5bd54 100644 --- a/apparmor.d/profiles-m-z/ntfsundelete +++ b/apparmor.d/profiles-m-z/ntfsundelete @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/ntfsundelete +@{exec_path} = /{usr/,}{s,}bin/ntfsundelete profile ntfsundelete @{exec_path} { include include diff --git a/apparmor.d/profiles-m-z/on-ac-power b/apparmor.d/profiles-m-z/on-ac-power index 9e9157ca..4407d8c6 100644 --- a/apparmor.d/profiles-m-z/on-ac-power +++ b/apparmor.d/profiles-m-z/on-ac-power @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/on_ac_power /{usr/,}bin/on_ac_power +@{exec_path} = /{usr/,}{s,}bin/on_ac_power /{usr/,}bin/on_ac_power profile on-ac-power @{exec_path} { include diff --git a/apparmor.d/profiles-m-z/openbox b/apparmor.d/profiles-m-z/openbox index 37243b17..d659eeda 100644 --- a/apparmor.d/profiles-m-z/openbox +++ b/apparmor.d/profiles-m-z/openbox @@ -22,7 +22,7 @@ profile openbox @{exec_path} { /{usr/,}lib/@{multiarch}/openbox-autostart rCx -> autostart, # Apps allowed to run - /{usr/,}sbin/* rPUx, + /{usr/,}{s,}bin/* rPUx, /{usr/,}bin/* rPUx, /usr/libexec/* rPUx, diff --git a/apparmor.d/profiles-m-z/pam-auth-update b/apparmor.d/profiles-m-z/pam-auth-update index 08882c4c..01f898ed 100644 --- a/apparmor.d/profiles-m-z/pam-auth-update +++ b/apparmor.d/profiles-m-z/pam-auth-update @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/pam-auth-update +@{exec_path} = /{usr/,}{s,}bin/pam-auth-update profile pam-auth-update @{exec_path} flags=(complain) { include include @@ -35,7 +35,7 @@ profile pam-auth-update @{exec_path} flags=(complain) { /usr/share/debconf/frontend r, /{usr/,}bin/perl r, - /{usr/,}sbin/pam-auth-update rPx, + /{usr/,}{s,}bin/pam-auth-update rPx, /{usr/,}bin/{,ba,da}sh rix, /{usr/,}bin/stty rix, diff --git a/apparmor.d/profiles-m-z/parted b/apparmor.d/profiles-m-z/parted index f47e3495..b28dc00b 100644 --- a/apparmor.d/profiles-m-z/parted +++ b/apparmor.d/profiles-m-z/parted @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/parted +@{exec_path} = /{usr/,}{s,}bin/parted profile parted @{exec_path} { include include @@ -31,7 +31,7 @@ profile parted @{exec_path} { /{usr/,}bin/udevadm rCx -> udevadm, - /{usr/,}sbin/dmidecode rPx, + /{usr/,}{s,}bin/dmidecode rPx, owner @{PROC}/@{pid}/mounts r, @{PROC}/swaps r, diff --git a/apparmor.d/profiles-m-z/partprobe b/apparmor.d/profiles-m-z/partprobe index 8d1a7239..5f101741 100644 --- a/apparmor.d/profiles-m-z/partprobe +++ b/apparmor.d/profiles-m-z/partprobe @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/partprobe +@{exec_path} = /{usr/,}{s,}bin/partprobe profile partprobe @{exec_path} { include include @@ -30,7 +30,7 @@ profile partprobe @{exec_path} { /{usr/,}bin/udevadm rCx -> udevadm, - /{usr/,}sbin/dmidecode rPx, + /{usr/,}{s,}bin/dmidecode rPx, owner @{PROC}/@{pid}/mounts r, @{PROC}/swaps r, diff --git a/apparmor.d/profiles-m-z/pkexec b/apparmor.d/profiles-m-z/pkexec index 45c1624e..26a9a953 100644 --- a/apparmor.d/profiles-m-z/pkexec +++ b/apparmor.d/profiles-m-z/pkexec @@ -41,7 +41,7 @@ profile pkexec @{exec_path} flags=(complain) { owner @{PROC}/@{pid}/fd/ r, # Apps to be run via pkexec - /{usr/,}sbin/* rPUx, + /{usr/,}{s,}bin/* rPUx, /{usr/,}bin/* rPUx, /{usr/,}lib/gvfs/gvfsd-admin rPUx, #(#FIXME#) diff --git a/apparmor.d/profiles-m-z/popcon-largest-unused b/apparmor.d/profiles-m-z/popcon-largest-unused index f88a917f..53151495 100644 --- a/apparmor.d/profiles-m-z/popcon-largest-unused +++ b/apparmor.d/profiles-m-z/popcon-largest-unused @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/popcon-largest-unused +@{exec_path} = /{usr/,}{s,}bin/popcon-largest-unused profile popcon-largest-unused @{exec_path} { include include diff --git a/apparmor.d/profiles-m-z/querybts b/apparmor.d/profiles-m-z/querybts index a89f1dbc..ae007f83 100644 --- a/apparmor.d/profiles-m-z/querybts +++ b/apparmor.d/profiles-m-z/querybts @@ -32,7 +32,7 @@ profile querybts @{exec_path} { /{usr/,}bin/ r, /{usr/,}bin/{,ba,da}sh rix, /{usr/,}bin/stty rix, - /{usr/,}sbin/ldconfig rix, + /{usr/,}{s,}bin/ldconfig rix, /{usr/,}bin/xdg-open rCx -> open, diff --git a/apparmor.d/profiles-m-z/rdmsr b/apparmor.d/profiles-m-z/rdmsr index 80583972..714adfe5 100644 --- a/apparmor.d/profiles-m-z/rdmsr +++ b/apparmor.d/profiles-m-z/rdmsr @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/rdmsr +@{exec_path} = /{usr/,}{s,}bin/rdmsr profile rdmsr @{exec_path} { include diff --git a/apparmor.d/profiles-m-z/reportbug b/apparmor.d/profiles-m-z/reportbug index b7eb99cd..f03f0f54 100644 --- a/apparmor.d/profiles-m-z/reportbug +++ b/apparmor.d/profiles-m-z/reportbug @@ -34,13 +34,13 @@ profile reportbug @{exec_path} { /usr/share/reportbug/handle_bugscript rix, /{usr/,}bin/ r, - /{usr/,}sbin/ldconfig rix, + /{usr/,}{s,}bin/ldconfig rix, /{usr/,}bin/{,ba,da}sh rix, /{usr/,}bin/stty rix, /{usr/,}bin/readlink rix, /{usr/,}bin/locale rix, /{usr/,}bin/aa-enabled rix, - /{usr/,}sbin/selinuxenabled rix, + /{usr/,}{s,}bin/selinuxenabled rix, /{usr/,}bin/md5sum rix, /{usr/,}bin/debconf-show rPx, @@ -52,7 +52,7 @@ profile reportbug @{exec_path} { # shared object file): ignored. /{usr/,}bin/dpkg-query rpx, # - /{usr/,}sbin/exim4 rPx, + /{usr/,}{s,}bin/exim4 rPx, /{usr/,}bin/lsb_release rPx -> child-lsb_release, /{usr/,}bin/dpkg rPx -> child-dpkg, diff --git a/apparmor.d/profiles-m-z/resize2fs b/apparmor.d/profiles-m-z/resize2fs index 518cad69..f273e1df 100644 --- a/apparmor.d/profiles-m-z/resize2fs +++ b/apparmor.d/profiles-m-z/resize2fs @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/resize2fs +@{exec_path} = /{usr/,}{s,}bin/resize2fs profile resize2fs @{exec_path} { include include diff --git a/apparmor.d/profiles-m-z/rsyslogd b/apparmor.d/profiles-m-z/rsyslogd index 81b3bfad..479f04d8 100644 --- a/apparmor.d/profiles-m-z/rsyslogd +++ b/apparmor.d/profiles-m-z/rsyslogd @@ -11,7 +11,7 @@ include # following: # watch -n 1 'dmesg | tail -5' -@{exec_path} = /{usr/,}sbin/rsyslogd +@{exec_path} = /{usr/,}{s,}bin/rsyslogd profile rsyslogd @{exec_path} { include include diff --git a/apparmor.d/profiles-m-z/rtkitctl b/apparmor.d/profiles-m-z/rtkitctl index 733602fd..7224cf34 100644 --- a/apparmor.d/profiles-m-z/rtkitctl +++ b/apparmor.d/profiles-m-z/rtkitctl @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/rtkitctl +@{exec_path} = /{usr/,}{s,}bin/rtkitctl profile rtkitctl @{exec_path} { include diff --git a/apparmor.d/profiles-m-z/runuser b/apparmor.d/profiles-m-z/runuser index ab6ec3fd..7dc9249f 100644 --- a/apparmor.d/profiles-m-z/runuser +++ b/apparmor.d/profiles-m-z/runuser @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/runuser +@{exec_path} = /{usr/,}{s,}bin/runuser profile runuser @{exec_path} { include include diff --git a/apparmor.d/profiles-m-z/sensors-detect b/apparmor.d/profiles-m-z/sensors-detect index 91001294..d7ddabdf 100644 --- a/apparmor.d/profiles-m-z/sensors-detect +++ b/apparmor.d/profiles-m-z/sensors-detect @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/sensors-detect +@{exec_path} = /{usr/,}{s,}bin/sensors-detect profile sensors-detect @{exec_path} { include include diff --git a/apparmor.d/profiles-m-z/setpriv b/apparmor.d/profiles-m-z/setpriv index 4031961a..9621c284 100644 --- a/apparmor.d/profiles-m-z/setpriv +++ b/apparmor.d/profiles-m-z/setpriv @@ -14,7 +14,7 @@ profile setpriv @{exec_path} { @{exec_path} mr, /{usr/,}bin/[a-z0-9]* rPUx, - /{usr/,}sbin/[a-z0-9]* rPUx, + /{usr/,}{s,}bin/[a-z0-9]* rPUx, include if exists } diff --git a/apparmor.d/profiles-m-z/sfdisk b/apparmor.d/profiles-m-z/sfdisk index e2828e00..2d637013 100644 --- a/apparmor.d/profiles-m-z/sfdisk +++ b/apparmor.d/profiles-m-z/sfdisk @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/sfdisk +@{exec_path} = /{usr/,}{s,}bin/sfdisk profile sfdisk @{exec_path} { include include diff --git a/apparmor.d/profiles-m-z/sgdisk b/apparmor.d/profiles-m-z/sgdisk index 4241bef7..77f32da7 100644 --- a/apparmor.d/profiles-m-z/sgdisk +++ b/apparmor.d/profiles-m-z/sgdisk @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/sgdisk +@{exec_path} = /{usr/,}{s,}bin/sgdisk profile sgdisk @{exec_path} { include include diff --git a/apparmor.d/profiles-m-z/smartctl b/apparmor.d/profiles-m-z/smartctl index ec849c8a..d833b884 100644 --- a/apparmor.d/profiles-m-z/smartctl +++ b/apparmor.d/profiles-m-z/smartctl @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/smartctl +@{exec_path} = /{usr/,}{s,}bin/smartctl profile smartctl @{exec_path} { include include diff --git a/apparmor.d/profiles-m-z/smartd b/apparmor.d/profiles-m-z/smartd index 785fc126..a99796c9 100644 --- a/apparmor.d/profiles-m-z/smartd +++ b/apparmor.d/profiles-m-z/smartd @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/smartd +@{exec_path} = /{usr/,}{s,}bin/smartd profile smartd @{exec_path} { include include diff --git a/apparmor.d/profiles-m-z/spectre-meltdown-checker b/apparmor.d/profiles-m-z/spectre-meltdown-checker index 5faa19ab..e05ba5fe 100644 --- a/apparmor.d/profiles-m-z/spectre-meltdown-checker +++ b/apparmor.d/profiles-m-z/spectre-meltdown-checker @@ -51,7 +51,7 @@ profile spectre-meltdown-checker @{exec_path} { /{usr/,}bin/{,@{multiarch}-}readelf rix, /{usr/,}bin/{,@{multiarch}-}strings rix, /{usr/,}bin/{,@{multiarch}-}objdump rix, - /{usr/,}sbin/iucode_tool rix, + /{usr/,}{s,}bin/iucode_tool rix, /{usr/,}bin/dmesg rix, /{usr/,}bin/mount rix, diff --git a/apparmor.d/profiles-m-z/su b/apparmor.d/profiles-m-z/su index eede4245..6dc67404 100644 --- a/apparmor.d/profiles-m-z/su +++ b/apparmor.d/profiles-m-z/su @@ -41,7 +41,7 @@ profile su @{exec_path} { /{usr/,}bin/{c,k,tc,z}sh rpux, # Fake shells to politely refuse a login - #/{usr/,}sbin/nologin rpux, + #/{usr/,}{s,}bin/nologin rpux, /etc/environment r, diff --git a/apparmor.d/profiles-m-z/sudo b/apparmor.d/profiles-m-z/sudo index 517376e6..4a73111d 100644 --- a/apparmor.d/profiles-m-z/sudo +++ b/apparmor.d/profiles-m-z/sudo @@ -46,7 +46,7 @@ profile sudo @{exec_path} { /{usr/,}bin/{c,k,tc,z}sh rpux, /{usr/,}bin/[a-z0-9]* rPUx, - /{usr/,}sbin/[a-z0-9]* rPUx, + /{usr/,}{s,}bin/[a-z0-9]* rPUx, /dev/ r, diff --git a/apparmor.d/profiles-m-z/swaplabel b/apparmor.d/profiles-m-z/swaplabel index f48b7727..2351dd11 100644 --- a/apparmor.d/profiles-m-z/swaplabel +++ b/apparmor.d/profiles-m-z/swaplabel @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/swaplabel +@{exec_path} = /{usr/,}{s,}bin/swaplabel profile swaplabel @{exec_path} { include include diff --git a/apparmor.d/profiles-m-z/swapoff b/apparmor.d/profiles-m-z/swapoff index a8bfe1c3..36c169b4 100644 --- a/apparmor.d/profiles-m-z/swapoff +++ b/apparmor.d/profiles-m-z/swapoff @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/swapoff +@{exec_path} = /{usr/,}{s,}bin/swapoff profile swapoff @{exec_path} { include include diff --git a/apparmor.d/profiles-m-z/swapon b/apparmor.d/profiles-m-z/swapon index 2818a2b3..f3411a3f 100644 --- a/apparmor.d/profiles-m-z/swapon +++ b/apparmor.d/profiles-m-z/swapon @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/swapon +@{exec_path} = /{usr/,}{s,}bin/swapon profile swapon @{exec_path} { include include diff --git a/apparmor.d/profiles-m-z/thinkfan b/apparmor.d/profiles-m-z/thinkfan index 0e82a32a..58c99fb0 100644 --- a/apparmor.d/profiles-m-z/thinkfan +++ b/apparmor.d/profiles-m-z/thinkfan @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/thinkfan +@{exec_path} = /{usr/,}{s,}bin/thinkfan profile thinkfan @{exec_path} { include diff --git a/apparmor.d/profiles-m-z/tune2fs b/apparmor.d/profiles-m-z/tune2fs index 2903e59d..aac84e91 100644 --- a/apparmor.d/profiles-m-z/tune2fs +++ b/apparmor.d/profiles-m-z/tune2fs @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/{tune2fs,e2label} +@{exec_path} = /{usr/,}{s,}bin/{tune2fs,e2label} profile tune2fs @{exec_path} { include include diff --git a/apparmor.d/profiles-m-z/udisksd b/apparmor.d/profiles-m-z/udisksd index caeb251b..8fc2b449 100644 --- a/apparmor.d/profiles-m-z/udisksd +++ b/apparmor.d/profiles-m-z/udisksd @@ -34,10 +34,10 @@ profile udisksd @{exec_path} { /{usr/,}bin/umount rix, /{usr/,}bin/eject rPx, - /{usr/,}sbin/dumpe2fs rPx, - /{usr/,}sbin/dmidecode rPx, + /{usr/,}{s,}bin/dumpe2fs rPx, + /{usr/,}{s,}bin/dmidecode rPx, - /{usr/,}sbin/lvm rPUx, + /{usr/,}{s,}bin/lvm rPUx, /{usr/,}bin/systemctl rPx -> child-systemctl, diff --git a/apparmor.d/profiles-m-z/umount b/apparmor.d/profiles-m-z/umount index 810c64be..c6f712fc 100644 --- a/apparmor.d/profiles-m-z/umount +++ b/apparmor.d/profiles-m-z/umount @@ -27,7 +27,7 @@ profile umount @{exec_path} flags=(complain) { @{exec_path} mr, - /{usr/,}sbin/umount.* rPx, + /{usr/,}{s,}bin/umount.* rPx, # Mount points @{HOME}/ r, diff --git a/apparmor.d/profiles-m-z/umount.udisks2 b/apparmor.d/profiles-m-z/umount.udisks2 index 3a4d5551..5be3ed14 100644 --- a/apparmor.d/profiles-m-z/umount.udisks2 +++ b/apparmor.d/profiles-m-z/umount.udisks2 @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/umount.udisks2 +@{exec_path} = /{usr/,}{s,}bin/umount.udisks2 profile umount.udisks2 @{exec_path} flags=(complain) { include diff --git a/apparmor.d/profiles-m-z/unhide-linux b/apparmor.d/profiles-m-z/unhide-linux index a36f1b43..1900eae4 100644 --- a/apparmor.d/profiles-m-z/unhide-linux +++ b/apparmor.d/profiles-m-z/unhide-linux @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/unhide{,-linux} +@{exec_path} = /{usr/,}{s,}bin/unhide{,-linux} profile unhide-linux @{exec_path} { include diff --git a/apparmor.d/profiles-m-z/unhide-posix b/apparmor.d/profiles-m-z/unhide-posix index 46e0e456..d100c4e2 100644 --- a/apparmor.d/profiles-m-z/unhide-posix +++ b/apparmor.d/profiles-m-z/unhide-posix @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/unhide-posix +@{exec_path} = /{usr/,}{s,}bin/unhide-posix profile unhide-posix @{exec_path} { include include diff --git a/apparmor.d/profiles-m-z/unhide-rb b/apparmor.d/profiles-m-z/unhide-rb index b66fd067..96939aa7 100644 --- a/apparmor.d/profiles-m-z/unhide-rb +++ b/apparmor.d/profiles-m-z/unhide-rb @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/unhide_rb +@{exec_path} = /{usr/,}{s,}bin/unhide_rb profile unhide-rb @{exec_path} { include diff --git a/apparmor.d/profiles-m-z/unhide-tcp b/apparmor.d/profiles-m-z/unhide-tcp index 463719d2..db682f1d 100644 --- a/apparmor.d/profiles-m-z/unhide-tcp +++ b/apparmor.d/profiles-m-z/unhide-tcp @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/unhide-tcp +@{exec_path} = /{usr/,}{s,}bin/unhide-tcp profile unhide-tcp @{exec_path} { include diff --git a/apparmor.d/profiles-m-z/unix-chkpwd b/apparmor.d/profiles-m-z/unix-chkpwd index 77d19856..c0082d3e 100644 --- a/apparmor.d/profiles-m-z/unix-chkpwd +++ b/apparmor.d/profiles-m-z/unix-chkpwd @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/unix_chkpwd +@{exec_path} = /{usr/,}{s,}bin/unix_chkpwd profile unix-chkpwd @{exec_path} { include include diff --git a/apparmor.d/profiles-m-z/update-ca-certificates b/apparmor.d/profiles-m-z/update-ca-certificates index 79d6632b..6763ba42 100644 --- a/apparmor.d/profiles-m-z/update-ca-certificates +++ b/apparmor.d/profiles-m-z/update-ca-certificates @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/update-ca-certificates +@{exec_path} = /{usr/,}{s,}bin/update-ca-certificates profile update-ca-certificates @{exec_path} { include include diff --git a/apparmor.d/profiles-m-z/update-command-not-found b/apparmor.d/profiles-m-z/update-command-not-found index 57a4fff2..89575a53 100644 --- a/apparmor.d/profiles-m-z/update-command-not-found +++ b/apparmor.d/profiles-m-z/update-command-not-found @@ -7,7 +7,7 @@ abi , include @{exec_path} = /usr/share/command-not-found/cnf-update-db -@{exec_path} += /{usr/,}sbin/update-command-not-found +@{exec_path} += /{usr/,}{s,}bin/update-command-not-found profile update-command-not-found @{exec_path} { include include diff --git a/apparmor.d/profiles-m-z/update-dlocatedb b/apparmor.d/profiles-m-z/update-dlocatedb index 7ff3e0df..e924df1f 100644 --- a/apparmor.d/profiles-m-z/update-dlocatedb +++ b/apparmor.d/profiles-m-z/update-dlocatedb @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/update-dlocatedb +@{exec_path} = /{usr/,}{s,}bin/update-dlocatedb profile update-dlocatedb @{exec_path} { include include diff --git a/apparmor.d/profiles-m-z/update-pciids b/apparmor.d/profiles-m-z/update-pciids index 14a15bc3..20c0b833 100644 --- a/apparmor.d/profiles-m-z/update-pciids +++ b/apparmor.d/profiles-m-z/update-pciids @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/update-pciids +@{exec_path} = /{usr/,}{s,}bin/update-pciids profile update-pciids @{exec_path} { include include diff --git a/apparmor.d/profiles-m-z/update-smart-drivedb b/apparmor.d/profiles-m-z/update-smart-drivedb index 795a4ed3..12a5d10b 100644 --- a/apparmor.d/profiles-m-z/update-smart-drivedb +++ b/apparmor.d/profiles-m-z/update-smart-drivedb @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/update-smart-drivedb +@{exec_path} = /{usr/,}{s,}bin/update-smart-drivedb profile update-smart-drivedb @{exec_path} { include include @@ -26,8 +26,8 @@ profile update-smart-drivedb @{exec_path} { /{usr/,}bin/mv rix, /{usr/,}bin/cmp rix, - /{usr/,}sbin/ r, - /{usr/,}sbin/smartctl rPx, + /{usr/,}{s,}bin/ r, + /{usr/,}{s,}bin/smartctl rPx, /{usr/,}bin/gpg rCx -> gpg, /{usr/,}bin/wget rCx -> browse, diff --git a/apparmor.d/profiles-m-z/updatedb-mlocate b/apparmor.d/profiles-m-z/updatedb-mlocate index 3d23aef7..d045dc76 100644 --- a/apparmor.d/profiles-m-z/updatedb-mlocate +++ b/apparmor.d/profiles-m-z/updatedb-mlocate @@ -18,7 +18,7 @@ profile updatedb-mlocate @{exec_path} { @{exec_path} mr, - /{usr/,}sbin/on_ac_power rPx, + /{usr/,}{s,}bin/on_ac_power rPx, # For shell pwd / r, diff --git a/apparmor.d/profiles-m-z/usbguard-daemon b/apparmor.d/profiles-m-z/usbguard-daemon index 00877ff1..2d184b3d 100644 --- a/apparmor.d/profiles-m-z/usbguard-daemon +++ b/apparmor.d/profiles-m-z/usbguard-daemon @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/usbguard-daemon +@{exec_path} = /{usr/,}{s,}bin/usbguard-daemon profile usbguard-daemon @{exec_path} { include include diff --git a/apparmor.d/profiles-m-z/usbguard-dbus b/apparmor.d/profiles-m-z/usbguard-dbus index 2a9a44ed..839ff5a5 100644 --- a/apparmor.d/profiles-m-z/usbguard-dbus +++ b/apparmor.d/profiles-m-z/usbguard-dbus @@ -1,12 +1,13 @@ # apparmor.d - Full set of apparmor profiles # Copyright (C) 2018-2021 Mikhail Morfikov +# 2021 Alexandre Pujol # SPDX-License-Identifier: GPL-2.0-only abi , include -@{exec_path} = /{usr/,}sbin/usbguard-dbus +@{exec_path} = /{usr/,}{s,}bin/usbguard-dbus profile usbguard-dbus @{exec_path} { include diff --git a/apparmor.d/profiles-m-z/useradd b/apparmor.d/profiles-m-z/useradd index a3ce8e6d..261775af 100644 --- a/apparmor.d/profiles-m-z/useradd +++ b/apparmor.d/profiles-m-z/useradd @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/useradd +@{exec_path} = /{usr/,}{s,}bin/useradd profile useradd @{exec_path} { include include @@ -38,7 +38,7 @@ profile useradd @{exec_path} { /{usr/,}bin/usermod rPx, - /{usr/,}sbin/pam_tally2 rCx -> pam_tally2, + /{usr/,}{s,}bin/pam_tally2 rCx -> pam_tally2, /etc/login.defs r, @@ -78,7 +78,7 @@ profile useradd @{exec_path} { capability audit_write, - /{usr/,}sbin/pam_tally2 mr, + /{usr/,}{s,}bin/pam_tally2 mr, /var/log/tallylog rw, diff --git a/apparmor.d/profiles-m-z/userdel b/apparmor.d/profiles-m-z/userdel index 05958623..52b3eaad 100644 --- a/apparmor.d/profiles-m-z/userdel +++ b/apparmor.d/profiles-m-z/userdel @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/userdel +@{exec_path} = /{usr/,}{s,}bin/userdel profile userdel @{exec_path} flags=(attach_disconnected) { include include diff --git a/apparmor.d/profiles-m-z/usermod b/apparmor.d/profiles-m-z/usermod index ec5da163..a84d864f 100644 --- a/apparmor.d/profiles-m-z/usermod +++ b/apparmor.d/profiles-m-z/usermod @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/usermod +@{exec_path} = /{usr/,}{s,}bin/usermod profile usermod @{exec_path} flags=(attach_disconnected) { include include diff --git a/apparmor.d/profiles-m-z/usr.lib.libvirt.virt-aa-helper b/apparmor.d/profiles-m-z/usr.lib.libvirt.virt-aa-helper index 867c7295..894c3e7c 100644 --- a/apparmor.d/profiles-m-z/usr.lib.libvirt.virt-aa-helper +++ b/apparmor.d/profiles-m-z/usr.lib.libvirt.virt-aa-helper @@ -39,7 +39,7 @@ profile virt-aa-helper /usr/lib/libvirt/virt-aa-helper { deny /dev/mapper/* r, /usr/lib/libvirt/virt-aa-helper mr, - /{usr/,}sbin/apparmor_parser Ux, + /{usr/,}{s,}bin/apparmor_parser Ux, /etc/apparmor.d/libvirt/* r, /etc/apparmor.d/libvirt/libvirt-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]* rw, diff --git a/apparmor.d/profiles-m-z/usr.sbin.cupsd b/apparmor.d/profiles-m-z/usr.sbin.cupsd index 9ce6ed36..2f88a04d 100644 --- a/apparmor.d/profiles-m-z/usr.sbin.cupsd +++ b/apparmor.d/profiles-m-z/usr.sbin.cupsd @@ -83,7 +83,7 @@ /usr/bin/* ixr, /usr/sbin/* ixr, /{usr/,}bin/* ixr, - /{usr/,}sbin/* ixr, + /{usr/,}{s,}bin/* ixr, /usr/lib/** rm, # backends which come with CUPS can be confined diff --git a/apparmor.d/profiles-m-z/usr.sbin.libvirtd b/apparmor.d/profiles-m-z/usr.sbin.libvirtd index 60829ee0..9ea5bfed 100644 --- a/apparmor.d/profiles-m-z/usr.sbin.libvirtd +++ b/apparmor.d/profiles-m-z/usr.sbin.libvirtd @@ -97,7 +97,7 @@ profile libvirtd /usr/sbin/libvirtd flags=(attach_disconnected) { /var/lib/libvirt/virtd* ixr, # force the use of virt-aa-helper - audit deny /{usr/,}sbin/apparmor_parser rwxl, + audit deny /{usr/,}{s,}bin/apparmor_parser rwxl, audit deny /etc/apparmor.d/libvirt/** wxl, audit deny /sys/kernel/security/apparmor/features rwxl, audit deny /sys/kernel/security/apparmor/matching rwxl, diff --git a/apparmor.d/profiles-m-z/vidcutter b/apparmor.d/profiles-m-z/vidcutter index 0b3cc076..92b0d3a0 100644 --- a/apparmor.d/profiles-m-z/vidcutter +++ b/apparmor.d/profiles-m-z/vidcutter @@ -56,7 +56,7 @@ profile vidcutter @{exec_path} { /{usr/,}bin/python3.[0-9]* r, /{usr/,}bin/ r, - /{usr/,}sbin/ldconfig rix, + /{usr/,}{s,}bin/ldconfig rix, /{usr/,}bin/ffmpeg rPUx, /{usr/,}bin/ffprobe rPUx, diff --git a/apparmor.d/profiles-m-z/vipw-vigr b/apparmor.d/profiles-m-z/vipw-vigr index 0c88d723..57aef59c 100644 --- a/apparmor.d/profiles-m-z/vipw-vigr +++ b/apparmor.d/profiles-m-z/vipw-vigr @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/vi{pw,gr} +@{exec_path} = /{usr/,}{s,}bin/vi{pw,gr} profile vipw-vigr @{exec_path} { include diff --git a/apparmor.d/profiles-m-z/virt-manager b/apparmor.d/profiles-m-z/virt-manager index 33033286..cc742276 100644 --- a/apparmor.d/profiles-m-z/virt-manager +++ b/apparmor.d/profiles-m-z/virt-manager @@ -40,7 +40,7 @@ profile virt-manager @{exec_path} { /{usr/,}bin/getfacl rix, /{usr/,}bin/setfacl rix, - /{usr/,}sbin/libvirtd rPx, + /{usr/,}{s,}bin/libvirtd rPx, /{usr/,}lib/@{multiarch}/gstreamer[0-9]*.[0-9]*/gstreamer-[0-9]*.[0-9]*/gst-plugin-scanner rPUx, diff --git a/apparmor.d/profiles-m-z/vnstatd b/apparmor.d/profiles-m-z/vnstatd index 67d0d8f6..eeb31801 100644 --- a/apparmor.d/profiles-m-z/vnstatd +++ b/apparmor.d/profiles-m-z/vnstatd @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/vnstatd +@{exec_path} = /{usr/,}{s,}bin/vnstatd profile vnstatd @{exec_path} { include diff --git a/apparmor.d/profiles-m-z/vsftpd b/apparmor.d/profiles-m-z/vsftpd index 8da72ada..5ad4f383 100644 --- a/apparmor.d/profiles-m-z/vsftpd +++ b/apparmor.d/profiles-m-z/vsftpd @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/vsftpd +@{exec_path} = /{usr/,}{s,}bin/vsftpd profile vsftpd @{exec_path} { include include diff --git a/apparmor.d/profiles-m-z/whdd b/apparmor.d/profiles-m-z/whdd index 2a2c0250..7656f7f9 100644 --- a/apparmor.d/profiles-m-z/whdd +++ b/apparmor.d/profiles-m-z/whdd @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/whdd +@{exec_path} = /{usr/,}{s,}bin/whdd profile whdd @{exec_path} { include @@ -24,7 +24,7 @@ profile whdd @{exec_path} { /{usr/,}bin/tr rix, # To read SMART attributes - /{usr/,}sbin/smartctl rPx, + /{usr/,}{s,}bin/smartctl rPx, owner @{PROC}/@{pid}/mounts r, @{PROC}/partitions r, diff --git a/apparmor.d/profiles-m-z/wpa-gui b/apparmor.d/profiles-m-z/wpa-gui index ff86e031..2521335f 100644 --- a/apparmor.d/profiles-m-z/wpa-gui +++ b/apparmor.d/profiles-m-z/wpa-gui @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/wpa_gui +@{exec_path} = /{usr/,}{s,}bin/wpa_gui profile wpa-gui @{exec_path} { include include diff --git a/apparmor.d/profiles-m-z/wpa-supplicant b/apparmor.d/profiles-m-z/wpa-supplicant index 10d3bded..0a27d270 100644 --- a/apparmor.d/profiles-m-z/wpa-supplicant +++ b/apparmor.d/profiles-m-z/wpa-supplicant @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/wpa_supplicant +@{exec_path} = /{usr/,}{s,}bin/wpa_supplicant profile wpa-supplicant @{exec_path} { include include diff --git a/apparmor.d/profiles-m-z/wpa_cli b/apparmor.d/profiles-m-z/wpa_cli index f8c34c76..a5862431 100644 --- a/apparmor.d/profiles-m-z/wpa_cli +++ b/apparmor.d/profiles-m-z/wpa_cli @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/wpa_cli +@{exec_path} = /{usr/,}{s,}bin/wpa_cli profile wpa_cli @{exec_path} { include diff --git a/apparmor.d/profiles-m-z/wrmsr b/apparmor.d/profiles-m-z/wrmsr index fa13f586..94ed7608 100644 --- a/apparmor.d/profiles-m-z/wrmsr +++ b/apparmor.d/profiles-m-z/wrmsr @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/wrmsr +@{exec_path} = /{usr/,}{s,}bin/wrmsr profile wrmsr @{exec_path} { include diff --git a/apparmor.d/profiles-m-z/youtube-dl b/apparmor.d/profiles-m-z/youtube-dl index 806e4ae9..6585f5da 100644 --- a/apparmor.d/profiles-m-z/youtube-dl +++ b/apparmor.d/profiles-m-z/youtube-dl @@ -66,7 +66,7 @@ profile youtube-dl @{exec_path} { /{usr/,}bin/ r, /{usr/,}bin/gcc rix, - /{usr/,}sbin/ldconfig rix, + /{usr/,}{s,}bin/ldconfig rix, /{usr/,}bin/uname rix, /{usr/,}bin/rtmpdump rix, /{usr/,}bin/git rix, diff --git a/apparmor.d/profiles-m-z/ytdl b/apparmor.d/profiles-m-z/ytdl index c3bf02c4..4e3e6f0c 100644 --- a/apparmor.d/profiles-m-z/ytdl +++ b/apparmor.d/profiles-m-z/ytdl @@ -59,7 +59,7 @@ profile ytdl @{exec_path} { /{usr/,}bin/python3.[0-9]* r, /{usr/,}bin/ r, - /{usr/,}sbin/ldconfig rix, + /{usr/,}{s,}bin/ldconfig rix, /{usr/,}bin/uname rix, # Which files youtube-dl should be able to open