feat(profiles): remove rules promoted into the base abstraction.

apparmor.d/groups/browsers/brave

@@ -134,7 +134,6 @@ profile brave @{exec_path} {
   @{sys}/devices/pci[0-9]*/**/usb[0-9]/{,**/}{busnum,devnum} r,
   @{sys}/devices/pci[0-9]*/**/usb[0-9]/{,**/}{descriptors,manufacturer,product,serial,bConfigurationValue} r,
   @{sys}/devices/system/cpu/cpufreq/policy[0-9]/cpuinfo_max_freq r,
-  @{sys}/devices/system/cpu/online r,
   @{sys}/devices/virtual/tty/tty[0-9]/active r,
 
   /dev/bus/usb/[0-9]*/[0-9]* rw,

apparmor.d/groups/browsers/firefox

@@ -225,7 +225,6 @@ profile firefox @{exec_path} flags=(attach_disconnected) {
        @{sys}/devices/pci[0-9]*/**/drm/renderD[0-9]*/ r,
        @{sys}/devices/pci[0-9]*/**/irq r,
        @{sys}/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us r,
-       @{sys}/devices/system/cpu/possible r,
   deny @{sys}/devices/system/cpu/cpu[0-9]/cache/index[0-9]/size r,
   deny @{sys}/devices/system/cpu/cpufreq/policy[0-9]/cpuinfo_max_freq r,
   deny @{sys}/devices/system/cpu/present r,

apparmor.d/groups/freedesktop/xwayland

@@ -38,7 +38,6 @@ profile xwayland @{exec_path} flags=(attach_disconnected) {
   owner @{run}/user/@{uid}/xwayland-shared-?????? rw,
 
   @{sys}/bus/pci/devices/ r,
-  @{sys}/devices/system/cpu/possible r,
 
         @{PROC}/@{pids}/cmdline r,
   owner @{PROC}/@{pids}/comm r,

apparmor.d/groups/gnome/gjs-console

@@ -102,8 +102,6 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) {
   owner @{run}/user/@{uid}/gdm/Xauthority r,
   owner @{run}/user/@{uid}/wayland-[0-9]* rw,
 
-  @{sys}/devices/system/cpu/possible r,
-
   owner @{PROC}/@{pid}/fd/ r,
   owner @{PROC}/@{pid}/mounts r,
   owner @{PROC}/@{pid}/stat r,

apparmor.d/groups/gnome/gnome-control-center

@@ -165,7 +165,6 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
   @{sys}/devices/**/{name,vendor,product,uevent} r,
   @{sys}/devices/**/power_supply/{,**} r,
   @{sys}/devices/platform/**/uevent r,
-  @{sys}/devices/system/cpu/possible r,
   @{sys}/devices/virtual/**/uevent r,
   @{sys}/devices/virtual/dmi/id/chassis_type r,
   @{sys}/devices/virtual/thermal/thermal_zone[0-9]/hwmon[0-9]/temp* r,

apparmor.d/groups/gnome/gnome-control-center-print-renderer

@@ -45,8 +45,6 @@ profile gnome-control-center-print-renderer @{exec_path} {
   owner @{run}/user/@{uid}/gdm/Xauthority r,
   owner @{run}/user/@{uid}/wayland-[0-9]* rw,
 
-  @{sys}/devices/system/cpu/possible r,
-
   owner @{PROC}/@{pid}/cmdline r,
   owner @{PROC}/@{pid}/comm r,
 

apparmor.d/groups/gnome/gnome-extensions-app

@@ -28,8 +28,6 @@ profile gnome-extensions-app @{exec_path} {
   /usr/share/gnome-shell/org.gnome.Extensions* r,
   /usr/share/X11/xkb/{,**} r,
 
-  @{sys}/devices/system/cpu/possible r,
-
   owner @{PROC}/@{pid}/mounts r,
   owner @{PROC}/@{pids}/stat r,
   owner @{PROC}/@{pids}/task/@{tid}/stat r,

apparmor.d/groups/gnome/gnome-shell

@@ -625,7 +625,6 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
   @{sys}/devices/pci[0-9]*/**/input[0-9]*/{properties,name} r,
   @{sys}/devices/pci[0-9]*/**/net/*/statistics/{rx_bytes,tx_bytes} r,
   @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/scaling_cur_freq r,
-  @{sys}/devices/system/cpu/possible r,
   @{sys}/devices/virtual/net/*/statistics/{rx_bytes,tx_bytes} r,
 
   owner @{PROC}/@{pid}/comm r,

apparmor.d/groups/gnome/gnome-software

@@ -87,7 +87,6 @@ profile gnome-software @{exec_path} {
   owner @{run}/user/@{uid}/.flatpak/{,**} rw,
   owner @{run}/user/@{uid}/.flatpak/**/*.ref rwk,
 
-  @{sys}/devices/system/cpu/possible r,
   @{sys}/module/nvidia/version r,
 
         @{PROC}/@{pids}/mounts r,

apparmor.d/groups/gnome/tracker-extract

@@ -107,8 +107,6 @@ profile tracker-extract @{exec_path} {
   @{run}/udev/data/c51[0-9]:[0-9]* r,
   @{run}/mount/utab r,
 
-  @{sys}/devices/system/cpu/possible r,
-
   owner @{PROC}/@{pid}/fd/ r,
   owner @{PROC}/@{pid}/mountinfo r,
 

apparmor.d/groups/grub/grub-multi-install

@@ -28,7 +28,6 @@ profile grub-multi-install @{exec_path} {
 
   /boot/grub/grub.cfg rw,
 
-        @{PROC}/filesystems r,
   owner @{PROC}/@{pid}/maps r,
   owner @{PROC}/@{pid}/mounts r,
 

apparmor.d/groups/network/mullvad-gui

@@ -54,7 +54,6 @@ profile mullvad-gui @{exec_path} {
   @{sys}/bus/pci/devices/ r,
   @{sys}/devices/virtual/tty/tty[0-9]*/active r,
   @{sys}/devices/pci[0-9]*/**/{vendor,device,class,config} r,
-  @{sys}/devices/system/cpu/possible r,
 
         @{PROC}/ r,
         @{PROC}/sys/fs/inotify/max_user_watches r,

apparmor.d/groups/ssh/sshd

@@ -105,7 +105,6 @@ profile sshd @{exec_path} flags=(attach_disconnected) {
         @{PROC}/@{pids}/fd/ r,
         @{PROC}/1/environ r,
         @{PROC}/cmdline r,
-        @{PROC}/filesystems r,
         @{PROC}/sys/kernel/ngroups_max r,
 
   /dev/ptmx rw,

apparmor.d/groups/systemd/networkctl

@@ -53,7 +53,6 @@ profile networkctl @{exec_path} flags=(attach_disconnected,complain) {
 
   @{sys}/devices/**/net/**/uevent r,
 
-        @{PROC}/filesystems r,
         @{PROC}/sys/kernel/random/boot_id r,
   owner @{PROC}/@{pid}/cgroup r,
   owner @{PROC}/@{pid}/stat r,

apparmor.d/groups/systemd/systemd-ask-password

@@ -13,7 +13,6 @@ profile systemd-ask-password @{exec_path} {
 
   @{exec_path} mr,
 
-        @{PROC}/filesystems r,
   owner @{PROC}/@{pid}/stat r,
 
   include if exists <local/systemd-ask-password>

apparmor.d/groups/ubuntu/list-oem-metapackages

@@ -26,7 +26,6 @@ profile list-oem-metapackages @{exec_path} {
 
   owner @{PROC}/@{pid}/fd/ r,
         @{PROC}/@{pids}/mountinfo r,
-        @{PROC}/filesystems r,
 
   include if exists <local/list-oem-metapackages>
 }

apparmor.d/groups/virt/k3s

@@ -133,7 +133,6 @@ profile k3s @{exec_path} {
 
   @{sys}/devices/pci[0-9]*/**/net/*/{address,mtu,speed} r,
   @{sys}/devices/system/edac/mc/ r,
-  @{sys}/devices/system/cpu/ r,
   @{sys}/devices/system/cpu/cpu[0-9]*/cache/{,**} r,
   @{sys}/devices/system/cpu/cpu[0-9]*/topology/{,**} r,
   @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/cpuinfo_max_freq r,

apparmor.d/groups/virt/libvirtd

@@ -189,10 +189,8 @@ profile libvirtd @{exec_path} flags=(attach_disconnected) {
   @{sys}/devices/pci[0-9]*/**/remove w,
   @{sys}/devices/pci[0-9]*/**/sriov_totalvfs r,
 
-  @{sys}/devices/system/cpu/ r,
   @{sys}/devices/system/cpu/cpu[0-9]*/cache/{,**} r,
   @{sys}/devices/system/cpu/cpu[0-9]*/topology/{,**} r,
-  @{sys}/devices/system/cpu/possible r,
   @{sys}/devices/system/cpu/present r,
   @{sys}/devices/system/cpu/present/ r,
   @{sys}/devices/system/node/ r,

apparmor.d/groups/virt/virt-aa-helper

@@ -45,7 +45,6 @@ profile virt-aa-helper @{exec_path} {
 
         @{PROC}/@{pid}/fd/ r,
         @{PROC}/@{pid}/net/psched r,
-        @{PROC}/filesystems r,
   deny  @{PROC}/@{pid}/mounts r,
   owner @{PROC}/@{pid}/status r,
 

apparmor.d/groups/virt/virtlogd

@@ -32,7 +32,6 @@ profile virtlogd @{exec_path} flags=(attach_disconnected) {
   @{run}/systemd/inhibit/[0-9]*.ref rw,
   @{run}/virtlogd.pid rwk,
 
-  @{sys}/devices/system/cpu/possible r,
   @{sys}/devices/system/node/ r,
   @{sys}/devices/system/node/node[0-9]*/meminfo r,
 

apparmor.d/profiles-a-f/apparmor.systemd

@@ -38,7 +38,6 @@ profile apparmor.systemd @{exec_path} flags=(complain) {
   @{PROC}/@{pids}/fd/ r,
   @{PROC}/@{pids}/maps r,
   @{PROC}/@{pids}/mounts r,
-  @{PROC}/filesystems r,
   @{PROC}/mounts r,
 
   /dev/tty rw,

apparmor.d/profiles-a-f/apparmor_parser

@@ -28,7 +28,6 @@ profile apparmor_parser @{exec_path} flags=(attach_disconnected) {
   
   owner /tmp/cri-containerd.apparmor.d[0-9]* r,
 
-        @{sys}/devices/system/cpu/possible r,
         @{sys}/kernel/security/apparmor/{,**} r,
   owner @{sys}/kernel/security/apparmor/.{remove,replace,load,access} rw,
 

apparmor.d/profiles-g-l/haveged

@@ -25,7 +25,6 @@ profile haveged @{exec_path} {
   @{PROC}/sys/kernel/random/write_wakeup_threshold w,
   /dev/random w,
 
-  @{sys}/devices/system/cpu/ r,
   @{sys}/devices/system/cpu/cpu*/cache/ r,
   @{sys}/devices/system/cpu/cpu*/cache/index*/{type,size,level} r,
 

apparmor.d/profiles-g-l/losetup

@@ -18,7 +18,6 @@ profile losetup @{exec_path} {
   @{exec_path} mr,
 
   @{sys}/devices/**/usb[0-9]/{,**} r,
-  @{sys}/devices/system/cpu/possible r,
 
   /dev/loop-control rw,
   /dev/loop[0-9]* rw,

apparmor.d/profiles-s-z/steam-fossilize

@@ -31,7 +31,6 @@ profile steam-fossilize @{exec_path} flags=(attach_disconnected) {
 
   owner /dev/shm/fossilize-*-[0-9]*-[0-9]* rw,
 
-  @{sys}/devices/system/cpu/possible r,
   @{sys}/devices/system/node/ r,
   @{sys}/devices/system/node/node[0-9]*/cpumap r,
 

apparmor.d/profiles-s-z/update-ca-certificates

@@ -52,9 +52,6 @@ profile update-ca-certificates @{exec_path} {
 
   /usr/local/share/ r,
 
-  @{PROC}/filesystems r,
-
-
   profile run-parts {
     include <abstractions/base>
 

apparmor.d/profiles-s-z/vlc-cache-gen

@@ -15,8 +15,6 @@ profile vlc-cache-gen @{exec_path} {
 
   /{usr/,}lib/vlc/plugins/{,*} rw,
 
-  @{sys}/devices/system/cpu/possible r,
-
   # Inherit silencer
   deny network inet6 stream,
   deny network inet stream,

apparmor.d/profiles-s-z/wireplumber

@@ -48,7 +48,6 @@ profile wireplumber @{exec_path} {
   @{sys}/devices/**/sound/**/uevent r,
   @{sys}/devices/pci[0-9]*/**/modalias r,
   @{sys}/devices/pci[0-9]*/**/video4linux/video[0-9]*/uevent r,
-  @{sys}/devices/system/cpu/possible r,
 
   /dev/media[0-9]* rw,
   /dev/snd/ r,