Archlinux has no libexec.

/usr/libexec ->{lib,libexec}

apparmor.d/groups/desktop/accounts-daemon

@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path} =  /{usr/,}lib/accountsservice/accounts-daemon
-@{exec_path} += /usr/libexec/accounts-daemon
+@{exec_path} += /usr/{lib,libexec}/accounts-daemon
 profile accounts-daemon @{exec_path} {
   include <abstractions/base>
   include <abstractions/wutmp>

apparmor.d/groups/desktop/at-spi-bus-launcher

@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path}  = /{usr/,}lib/at-spi2-core/at-spi-bus-launcher
-@{exec_path} += /usr/libexec/at-spi-bus-launcher
+@{exec_path} += /usr/{lib,libexec}/at-spi-bus-launcher
 profile at-spi-bus-launcher @{exec_path} {
   include <abstractions/base>
   include <abstractions/nameservice-strict>

apparmor.d/groups/desktop/at-spi2-registryd

@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path}  = /{usr/,}lib/at-spi2-core/at-spi2-registryd
-@{exec_path} += /usr/libexec/at-spi2-registryd
+@{exec_path} += /usr/{lib,libexec}/at-spi2-registryd
 profile at-spi2-registryd @{exec_path} {
   include <abstractions/base>
   include <abstractions/nameservice-strict>

apparmor.d/groups/desktop/blueman-mechanism

@@ -6,7 +6,8 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = /usr/libexec/blueman-mechanism
+@{exec_path} = /usr/{lib,libexec}/blueman-mechanism
+@{exec_path} += /{usr/,}lib/blueman/blueman-mechanism
 profile blueman-mechanism @{exec_path} {
   include <abstractions/base>
   include <abstractions/python>
@@ -22,7 +23,7 @@ profile blueman-mechanism @{exec_path} {
   @{exec_path} r,
   /{usr/,}bin/python3.[0-9]* r,
 
-  /usr/libexec/ r,
+  /usr/{lib,libexec}/ r,
 
   /var/lib/blueman/network.state rw,
 
@@ -33,9 +34,9 @@ profile blueman-mechanism @{exec_path} {
 
   # For network AP
   #/{usr/,}bin/ip                 rix,
-  #/{usr/,}sbin/xtables-nft-multi rix,
-  #/{usr/,}sbin/dnsmasq           rPx,
-  #/{usr/,}sbin/dhclient          rPx,
+  #/{usr/,}{s,}bin/xtables-nft-multi rix,
+  #/{usr/,}{s,}bin/dnsmasq           rPx,
+  #/{usr/,}{s,}bin/dhclient          rPx,
   #      @{PROC}/sys/net/ipv4/ip_forward w,
   #      @{PROC}/sys/net/ipv4/conf/ r,
   #      @{PROC}/sys/net/ipv4/conf/*/forwarding w,

apparmor.d/groups/desktop/blueman-rfcomm-watcher

@@ -6,7 +6,7 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = /usr/libexec/blueman-rfcomm-watcher
+@{exec_path} = /usr/{lib,libexec}/blueman-rfcomm-watcher
 profile blueman-rfcomm-watcher @{exec_path} {
   include <abstractions/base>
   include <abstractions/python>
@@ -14,7 +14,7 @@ profile blueman-rfcomm-watcher @{exec_path} {
   @{exec_path} r,
   /{usr/,}bin/python3.[0-9]* r,
 
-  /usr/libexec/ r,
+  /usr/{lib,libexec}/ r,
 
   owner @{PROC}/@{pid}/mounts r,
 

apparmor.d/groups/desktop/bluetoothd

@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path}  = /{usr/,}lib/bluetooth/bluetoothd
-@{exec_path} += /usr/libexec/bluetooth/bluetoothd
+@{exec_path} += /usr/{lib,libexec}/bluetooth/bluetoothd
 profile bluetoothd @{exec_path} {
   include <abstractions/base>
 

apparmor.d/groups/desktop/colord

@@ -6,8 +6,8 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = /{usr/,}lib/colord/colord /usr/libexec/colord
-profile colord @{exec_path} {
+@{exec_path} = /{usr/,}lib/colord/colord /usr/lib/colord
+profile colord @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/nameservice-strict>
   include <abstractions/devices-usb>
@@ -16,8 +16,8 @@ profile colord @{exec_path} {
 
   @{exec_path} mr,
 
-  /{usr/,}lib/colord/colord-sane rPx,
-  /usr/libexec/colord-sane       rPx,
+  /{usr/,}lib/colord/colord-sane  rPx,
+  /usr/{lib,libexec}/colord-sane  rPx,
 
   owner /var/lib/colord/** r,
   owner /var/lib/colord/.cache/ rw,

apparmor.d/groups/desktop/colord-sane

@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path}  = /{usr/,}lib/colord/colord-sane
-@{exec_path} += /usr/libexec/colord-sane
+@{exec_path} += /usr/{lib,libexec}/colord-sane
 profile colord-sane @{exec_path} flags=(complain) {
   include <abstractions/base>
   include <abstractions/devices-usb>

apparmor.d/groups/desktop/colord-session

@@ -6,7 +6,7 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = /{usr/,}lib/colord/colord-session /usr/libexec/colord-session
+@{exec_path} = /{usr/,}lib/colord/colord-session /usr/{lib,libexec}/colord-session
 profile colord-session @{exec_path} flags=(complain) {
   include <abstractions/base>
 

apparmor.d/groups/desktop/dconf-service

@@ -6,7 +6,7 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = /{usr/,}lib/dconf/dconf-service /usr/libexec/dconf-service
+@{exec_path} = /{usr/,}lib/dconf/dconf-service /usr/{lib,libexec}/dconf-service
 profile dconf-service @{exec_path} {
   include <abstractions/base>
 

apparmor.d/groups/gvfs/gvfs-afc-volume-monitor

@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path}  = /{usr/,}lib/gvfs/gvfs-afc-volume-monitor
-@{exec_path} += /usr/libexec/gvfs-afc-volume-monitor
+@{exec_path} += /usr/{lib,libexec}/gvfs-afc-volume-monitor
 profile gvfs-afc-volume-monitor @{exec_path} {
   include <abstractions/base>
 

apparmor.d/groups/gvfs/gvfs-goa-volume-monitor

@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path}  = /{usr/,}lib/gvfs/gvfs-goa-volume-monitor
-@{exec_path} += /usr/libexec/gvfs-goa-volume-monitor
+@{exec_path} += /usr/{lib,libexec}/gvfs-goa-volume-monitor
 profile gvfs-goa-volume-monitor @{exec_path} {
   include <abstractions/base>
 

apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor

@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path}  = /{usr/,}lib/gvfs/gvfs-gphoto2-volume-monitor
-@{exec_path} += /usr/libexec/gvfs-gphoto2-volume-monitor
+@{exec_path} += /usr/{lib,libexec}/gvfs-gphoto2-volume-monitor
 profile gvfs-gphoto2-volume-monitor @{exec_path} {
   include <abstractions/base>
   include <abstractions/disks-read>

apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor

@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path}  = /{usr/,}lib/gvfs/gvfs-mtp-volume-monitor
-@{exec_path} += /usr/libexec/gvfs-mtp-volume-monitor
+@{exec_path} += /usr/{lib,libexec}/gvfs-mtp-volume-monitor
 profile gvfs-mtp-volume-monitor @{exec_path} {
   include <abstractions/base>
   include <abstractions/devices-usb>

apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor

@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path}  = /{usr/,}lib/gvfs/gvfs-udisks2-volume-monitor
-@{exec_path} += /usr/libexec/gvfs-udisks2-volume-monitor
+@{exec_path} += /usr/{lib,libexec}/gvfs-udisks2-volume-monitor
 profile gvfs-udisks2-volume-monitor @{exec_path} {
   include <abstractions/base>
   include <abstractions/freedesktop.org>

apparmor.d/groups/gvfs/gvfsd

@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path}  = /{usr/,}lib/gvfs/gvfsd
-@{exec_path} += /usr/libexec/gvfsd
+@{exec_path} += /usr/{lib,libexec}/gvfsd
 profile gvfsd @{exec_path} {
   include <abstractions/base>
 
@@ -16,8 +16,8 @@ profile gvfsd @{exec_path} {
   /{usr/,}bin/{,ba,da}sh   rix,
 
   # Don't strip env here.
-  /{usr/,}lib/gvfs/gvfsd-* rPx,
-  /usr/libexec/gvfsd-*     rPx,
+  /{usr/,}lib/gvfs/gvfsd-*    rPx,
+  /usr/{lib,libexec}/gvfsd-*  rPx,
 
   /usr/share/gvfs/{,**} r,
 

apparmor.d/groups/gvfs/gvfsd-admin

@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path}  = /{usr/,}lib/gvfs/gvfsd-admin
-@{exec_path} += /usr/libexec/gvfsd-admin
+@{exec_path} += /usr/{lib,libexec}/gvfsd-admin
 profile gvfsd-admin @{exec_path} {
   include <abstractions/base>
 

apparmor.d/groups/gvfs/gvfsd-afc

@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path}  = /{usr/,}lib/gvfs/gvfsd-afc
-@{exec_path} += /usr/libexec/gvfsd-afc
+@{exec_path} += /usr/{lib,libexec}/gvfsd-afc
 profile gvfsd-afc @{exec_path} {
   include <abstractions/base>
 

apparmor.d/groups/gvfs/gvfsd-afp

@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path}  = /{usr/,}lib/gvfs/gvfsd-afp
-@{exec_path} += /usr/libexec/gvfsd-afp
+@{exec_path} += /usr/{lib,libexec}/gvfsd-afp
 profile gvfsd-afp @{exec_path} {
   include <abstractions/base>
 

apparmor.d/groups/gvfs/gvfsd-afp-browse

@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path}  = /{usr/,}lib/gvfs/gvfsd-afp-browse
-@{exec_path} += /usr/libexec/gvfsd-afp-browse
+@{exec_path} += /usr/{lib,libexec}/gvfsd-afp-browse
 profile gvfsd-afp-browse @{exec_path} {
   include <abstractions/base>
 

apparmor.d/groups/gvfs/gvfsd-archive

@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path}  = /{usr/,}lib/gvfs/gvfsd-archive
-@{exec_path} += /usr/libexec/gvfsd-archive
+@{exec_path} += /usr/{lib,libexec}/gvfsd-archive
 profile gvfsd-archive @{exec_path} {
   include <abstractions/base>
   include <abstractions/freedesktop.org>

apparmor.d/groups/gvfs/gvfsd-burn

@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path}  = /{usr/,}lib/gvfs/gvfsd-burn
-@{exec_path} += /usr/libexec/gvfsd-burn
+@{exec_path} += /usr/{lib,libexec}/gvfsd-burn
 profile gvfsd-burn @{exec_path} {
   include <abstractions/base>
 

apparmor.d/groups/gvfs/gvfsd-cdda

@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path}  = /{usr/,}lib/gvfs/gvfsd-cdda
-@{exec_path} += /usr/libexec/gvfsd-cdda
+@{exec_path} += /usr/{lib,libexec}/gvfsd-cdda
 profile gvfsd-cdda @{exec_path} {
   include <abstractions/base>
 

apparmor.d/groups/gvfs/gvfsd-computer

@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path}  = /{usr/,}lib/gvfs/gvfsd-computer
-@{exec_path} += /usr/libexec/gvfsd-computer
+@{exec_path} += /usr/{lib,libexec}/gvfsd-computer
 profile gvfsd-computer @{exec_path} {
   include <abstractions/base>
 

apparmor.d/groups/gvfs/gvfsd-dav

@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path}  = /{usr/,}lib/gvfs/gvfsd-dav
-@{exec_path} += /usr/libexec/gvfsd-dav
+@{exec_path} += /usr/{lib,libexec}/gvfsd-dav
 profile gvfsd-dav @{exec_path} {
   include <abstractions/base>
 

apparmor.d/groups/gvfs/gvfsd-dnssd

@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path}  = /{usr/,}lib/gvfs/gvfsd-dnssd
-@{exec_path} += /usr/libexec/gvfsd-dnssd
+@{exec_path} += /usr/{lib,libexec}/gvfsd-dnssd
 profile gvfsd-dnssd @{exec_path} {
   include <abstractions/base>
 

apparmor.d/groups/gvfs/gvfsd-ftp

@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path}  = /{usr/,}lib/gvfs/gvfsd-ftp
-@{exec_path} += /usr/libexec/gvfsd-ftp
+@{exec_path} += /usr/{lib,libexec}/gvfsd-ftp
 profile gvfsd-ftp @{exec_path} {
   include <abstractions/base>
   include <abstractions/freedesktop.org>

apparmor.d/groups/gvfs/gvfsd-fuse

@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path}  = /{usr/,}lib/gvfs/gvfsd-fuse
-@{exec_path} += /usr/libexec/gvfsd-fuse
+@{exec_path} += /usr/{lib,libexec}/gvfsd-fuse
 profile gvfsd-fuse @{exec_path} {
   include <abstractions/base>
 

apparmor.d/groups/gvfs/gvfsd-google

@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path}  = /{usr/,}lib/gvfs/gvfsd-google
-@{exec_path} += /usr/libexec/gvfsd-google
+@{exec_path} += /usr/{lib,libexec}/gvfsd-google
 profile gvfsd-google @{exec_path} {
   include <abstractions/base>
 

apparmor.d/groups/gvfs/gvfsd-gphoto2

@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path}  = /{usr/,}lib/gvfs/gvfsd-gphoto2
-@{exec_path} += /usr/libexec/gvfsd-gphoto2
+@{exec_path} += /usr/{lib,libexec}/gvfsd-gphoto2
 profile gvfsd-gphoto2 @{exec_path} {
   include <abstractions/base>
 

apparmor.d/groups/gvfs/gvfsd-http

@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path}  = /{usr/,}lib/gvfs/gvfsd-http
-@{exec_path} += /usr/libexec/gvfsd-http
+@{exec_path} += /usr/{lib,libexec}/gvfsd-http
 profile gvfsd-http @{exec_path} {
   include <abstractions/base>
   include <abstractions/freedesktop.org>

apparmor.d/groups/gvfs/gvfsd-localtest

@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path}  = /{usr/,}lib/gvfs/gvfsd-localtest
-@{exec_path} += /usr/libexec/gvfsd-localtest
+@{exec_path} += /usr/{lib,libexec}/gvfsd-localtest
 profile gvfsd-localtest @{exec_path} {
   include <abstractions/base>
 

apparmor.d/groups/gvfs/gvfsd-metadata

@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path}  = /{usr/,}lib/gvfs/gvfsd-metadata
-@{exec_path} += /usr/libexec/gvfsd-metadata
+@{exec_path} += /usr/{lib,libexec}/gvfsd-metadata
 profile gvfsd-metadata @{exec_path} {
   include <abstractions/base>
   include <abstractions/disks-read>

apparmor.d/groups/gvfs/gvfsd-mtp

@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path}  = /{usr/,}lib/gvfs/gvfsd-mtp
-@{exec_path} += /usr/libexec/gvfsd-mtp
+@{exec_path} += /usr/{lib,libexec}/gvfsd-mtp
 profile gvfsd-mtp @{exec_path} {
   include <abstractions/base>
   include <abstractions/freedesktop.org>

apparmor.d/groups/gvfs/gvfsd-network

@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path}  = /{usr/,}lib/gvfs/gvfsd-network
-@{exec_path} += /usr/libexec/gvfsd-network
+@{exec_path} += /usr/{lib,libexec}/gvfsd-network
 profile gvfsd-network @{exec_path} {
   include <abstractions/base>
 

apparmor.d/groups/gvfs/gvfsd-nfs

@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path}  = /{usr/,}lib/gvfs/gvfsd-nfs
-@{exec_path} += /usr/libexec/gvfsd-nfs
+@{exec_path} += /usr/{lib,libexec}/gvfsd-nfs
 profile gvfsd-nfs @{exec_path} {
   include <abstractions/base>
   include <abstractions/nameservice-strict>

apparmor.d/groups/gvfs/gvfsd-recent

@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path}  = /{usr/,}lib/gvfs/gvfsd-recent
-@{exec_path} += /usr/libexec/gvfsd-recent
+@{exec_path} += /usr/{lib,libexec}/gvfsd-recent
 profile gvfsd-recent @{exec_path} {
   include <abstractions/base>
 

apparmor.d/groups/gvfs/gvfsd-sftp

@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path}  = /{usr/,}lib/gvfs/gvfsd-sftp
-@{exec_path} += /usr/libexec/gvfsd-sftp
+@{exec_path} += /usr/{lib,libexec}/gvfsd-sftp
 profile gvfsd-sftp @{exec_path} {
   include <abstractions/base>
   include <abstractions/consoles>

apparmor.d/groups/gvfs/gvfsd-smb

@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path}  = /{usr/,}lib/gvfs/gvfsd-smb
-@{exec_path} += /usr/libexec/gvfsd-smb
+@{exec_path} += /usr/{lib,libexec}/gvfsd-smb
 profile gvfsd-smb @{exec_path} {
   include <abstractions/base>
   include <abstractions/freedesktop.org>

apparmor.d/groups/gvfs/gvfsd-smb-browse

@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path}  = /{usr/,}lib/gvfs/gvfsd-smb-browse
-@{exec_path} += /usr/libexec/gvfsd-smb-browse
+@{exec_path} += /usr/{lib,libexec}/gvfsd-smb-browse
 profile gvfsd-smb-browse @{exec_path} {
   include <abstractions/base>
 

apparmor.d/groups/gvfs/gvfsd-trash

@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path}  = /{usr/,}lib/gvfs/gvfsd-trash
-@{exec_path} += /usr/libexec/gvfsd-trash
+@{exec_path} += /usr/{lib,libexec}/gvfsd-trash
 profile gvfsd-trash @{exec_path} {
   include <abstractions/base>
   include <abstractions/nameservice-strict>

apparmor.d/groups/network/openvpn

@@ -16,7 +16,7 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = /{usr/,}sbin/openvpn
+@{exec_path} = /{usr/,}{s,}bin/openvpn
 profile openvpn @{exec_path} {
   include <abstractions/base>
   include <abstractions/nameservice-strict>
@@ -81,7 +81,7 @@ profile openvpn @{exec_path} {
     /{usr/,}bin/cut                rix,
     /{usr/,}bin/which              rix,
     /{usr/,}bin/ip                 rix,
-    /{usr/,}sbin/xtables-nft-multi rix,
+    /{usr/,}{s,}bin/xtables-nft-multi rix,
 
     /etc/iproute2/rt_tables r,
     /etc/iproute2/rt_tables.d/ r,
@@ -106,7 +106,7 @@ profile openvpn @{exec_path} {
     /{usr/,}bin/cut        rix,
     /{usr/,}bin/{,e}grep   rix,
     /{usr/,}bin/ip         rix,
-    /{usr/,}sbin/nft       rix,
+    /{usr/,}{s,}bin/nft    rix,
     /{usr/,}bin/env        rix,
 
     /etc/iproute2/rt_realms r,

apparmor.d/groups/systemd/systemd-fsck

@@ -20,8 +20,8 @@ profile systemd-fsck @{exec_path} {
 
   @{exec_path} mr,
 
-  /{usr/,}sbin/fsck   rPx,
-  /{usr/,}sbin/e2fsck rPx,
+  /{usr/,}{s,}bin/fsck   rPx,
+  /{usr/,}{s,}bin/e2fsck rPx,
 
   owner @{run}/systemd/quotacheck w,
 

apparmor.d/profiles-a-l/iwconfig

@@ -6,7 +6,7 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = /{usr/,}sbin/iwconfig
+@{exec_path} = /{usr/,}{s,}bin/iwconfig
 profile iwconfig @{exec_path} {
   include <abstractions/base>
 

apparmor.d/profiles-a-l/lightdm

@@ -116,7 +116,7 @@ profile lightdm @{exec_path} {
   /var/cache/lightdm/dmrc/*.dmrc* rw,
 
   /{usr/,}lib/at-spi2-core/at-spi-bus-launcher rPUx,
-  /usr/libexec/at-spi-bus-launcher             rPUx,
+  /usr/{lib,libexec}/at-spi-bus-launcher             rPUx,
 
   include if exists <local/lightdm>
 }

apparmor.d/profiles-a-l/lightdm-gtk-greeter

@@ -51,7 +51,7 @@ profile lightdm-gtk-greeter @{exec_path} {
   @{HOME}/.face r,
 
   /{usr/,}lib/at-spi2-core/at-spi-bus-launcher rPUx,
-  /usr/libexec/at-spi-bus-launcher             rPUx,
+  /usr/{lib,libexec}/at-spi-bus-launcher       rPUx,
 
 
   profile systemd {

apparmor.d/profiles-m-z/obexd

@@ -6,7 +6,7 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = /usr/libexec/bluetooth/obexd
+@{exec_path} = /usr/{lib,libexec}/bluetooth/obexd
 profile obexd @{exec_path} {
   include <abstractions/base>
   include <abstractions/user-download-strict>

apparmor.d/profiles-m-z/openbox

@@ -24,7 +24,7 @@ profile openbox @{exec_path} {
   # Apps allowed to run
   /{usr/,}{s,}bin/* rPUx,
   /{usr/,}bin/*  rPUx,
-  /usr/libexec/* rPUx,
+  /usr/{lib,libexec}/* rPUx,
 
   /usr/share/themes/*/openbox-3/themerc r,
 
@@ -61,7 +61,7 @@ profile openbox @{exec_path} {
 
     # Apps allowed to run
     /{usr/,}bin/*                      rPUx,
-    /usr/libexec/*                     rPUx,
+    /usr/{lib,libexec}/*               rPUx,
     /{usr/,}lib/@{multiarch}/*/**      rPUx,
 
     /usr/local/lib/python*/dist-packages/ r,

apparmor.d/profiles-m-z/rfkill

@@ -6,7 +6,7 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = /{usr/,}sbin/rfkill
+@{exec_path} = /{usr/,}{s,}bin/rfkill
 profile rfkill @{exec_path} {
   include <abstractions/base>
 

apparmor.d/profiles-m-z/rtkit-daemon

@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 
-@{exec_path} = /usr/libexec/rtkit-daemon
+@{exec_path} = /usr/{lib,libexec}/rtkit-daemon
 profile rtkit-daemon @{exec_path} {
   include <abstractions/base>
   include <abstractions/nameservice-strict>

apparmor.d/profiles-m-z/udisksd

@@ -7,8 +7,8 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path}  = /{usr/,}lib/udisks2/udisksd
-@{exec_path} += /usr/libexec/udisks2/udisksd
-profile udisksd @{exec_path} {
+@{exec_path} += /usr/{lib,libexec}/udisks2/udisksd
+profile udisksd @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/nameservice-strict>
   include <abstractions/disks-write>

apparmor.d/profiles-m-z/upowerd

@@ -7,8 +7,8 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path}  = /{usr/,}lib/upower/upowerd
-@{exec_path} += /usr/libexec/upowerd
-profile upowerd @{exec_path} {
+@{exec_path} += /usr/{lib,libexec}/upowerd
+profile upowerd @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/devices-usb>