From 9f02bd0ab9067a76f6dfd515fd4b8f59cf7d7240 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Thu, 1 Apr 2021 23:36:58 +0100 Subject: [PATCH] Archlinux has no libexec. /usr/libexec ->{lib,libexec} --- apparmor.d/groups/desktop/accounts-daemon | 2 +- apparmor.d/groups/desktop/at-spi-bus-launcher | 2 +- apparmor.d/groups/desktop/at-spi2-registryd | 2 +- apparmor.d/groups/desktop/blueman-mechanism | 11 ++++++----- apparmor.d/groups/desktop/blueman-rfcomm-watcher | 4 ++-- apparmor.d/groups/desktop/bluetoothd | 2 +- apparmor.d/groups/desktop/colord | 8 ++++---- apparmor.d/groups/desktop/colord-sane | 2 +- apparmor.d/groups/desktop/colord-session | 2 +- apparmor.d/groups/desktop/dconf-service | 2 +- apparmor.d/groups/gvfs/gvfs-afc-volume-monitor | 2 +- apparmor.d/groups/gvfs/gvfs-goa-volume-monitor | 2 +- apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor | 2 +- apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor | 2 +- apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor | 2 +- apparmor.d/groups/gvfs/gvfsd | 6 +++--- apparmor.d/groups/gvfs/gvfsd-admin | 2 +- apparmor.d/groups/gvfs/gvfsd-afc | 2 +- apparmor.d/groups/gvfs/gvfsd-afp | 2 +- apparmor.d/groups/gvfs/gvfsd-afp-browse | 2 +- apparmor.d/groups/gvfs/gvfsd-archive | 2 +- apparmor.d/groups/gvfs/gvfsd-burn | 2 +- apparmor.d/groups/gvfs/gvfsd-cdda | 2 +- apparmor.d/groups/gvfs/gvfsd-computer | 2 +- apparmor.d/groups/gvfs/gvfsd-dav | 2 +- apparmor.d/groups/gvfs/gvfsd-dnssd | 2 +- apparmor.d/groups/gvfs/gvfsd-ftp | 2 +- apparmor.d/groups/gvfs/gvfsd-fuse | 2 +- apparmor.d/groups/gvfs/gvfsd-google | 2 +- apparmor.d/groups/gvfs/gvfsd-gphoto2 | 2 +- apparmor.d/groups/gvfs/gvfsd-http | 2 +- apparmor.d/groups/gvfs/gvfsd-localtest | 2 +- apparmor.d/groups/gvfs/gvfsd-metadata | 2 +- apparmor.d/groups/gvfs/gvfsd-mtp | 2 +- apparmor.d/groups/gvfs/gvfsd-network | 2 +- apparmor.d/groups/gvfs/gvfsd-nfs | 2 +- apparmor.d/groups/gvfs/gvfsd-recent | 2 +- apparmor.d/groups/gvfs/gvfsd-sftp | 2 +- apparmor.d/groups/gvfs/gvfsd-smb | 2 +- apparmor.d/groups/gvfs/gvfsd-smb-browse | 2 +- apparmor.d/groups/gvfs/gvfsd-trash | 2 +- apparmor.d/groups/network/openvpn | 6 +++--- apparmor.d/groups/systemd/systemd-fsck | 4 ++-- apparmor.d/profiles-a-l/iwconfig | 2 +- apparmor.d/profiles-a-l/lightdm | 2 +- apparmor.d/profiles-a-l/lightdm-gtk-greeter | 2 +- apparmor.d/profiles-m-z/obexd | 2 +- apparmor.d/profiles-m-z/openbox | 4 ++-- apparmor.d/profiles-m-z/rfkill | 2 +- apparmor.d/profiles-m-z/rtkit-daemon | 2 +- apparmor.d/profiles-m-z/udisksd | 4 ++-- apparmor.d/profiles-m-z/upowerd | 4 ++-- 52 files changed, 69 insertions(+), 68 deletions(-) diff --git a/apparmor.d/groups/desktop/accounts-daemon b/apparmor.d/groups/desktop/accounts-daemon index a3dfed9d..0553f410 100644 --- a/apparmor.d/groups/desktop/accounts-daemon +++ b/apparmor.d/groups/desktop/accounts-daemon @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/accountsservice/accounts-daemon -@{exec_path} += /usr/libexec/accounts-daemon +@{exec_path} += /usr/{lib,libexec}/accounts-daemon profile accounts-daemon @{exec_path} { include include diff --git a/apparmor.d/groups/desktop/at-spi-bus-launcher b/apparmor.d/groups/desktop/at-spi-bus-launcher index 11813a6d..36bd5342 100644 --- a/apparmor.d/groups/desktop/at-spi-bus-launcher +++ b/apparmor.d/groups/desktop/at-spi-bus-launcher @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/at-spi2-core/at-spi-bus-launcher -@{exec_path} += /usr/libexec/at-spi-bus-launcher +@{exec_path} += /usr/{lib,libexec}/at-spi-bus-launcher profile at-spi-bus-launcher @{exec_path} { include include diff --git a/apparmor.d/groups/desktop/at-spi2-registryd b/apparmor.d/groups/desktop/at-spi2-registryd index a23e990b..566c46cb 100644 --- a/apparmor.d/groups/desktop/at-spi2-registryd +++ b/apparmor.d/groups/desktop/at-spi2-registryd @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/at-spi2-core/at-spi2-registryd -@{exec_path} += /usr/libexec/at-spi2-registryd +@{exec_path} += /usr/{lib,libexec}/at-spi2-registryd profile at-spi2-registryd @{exec_path} { include include diff --git a/apparmor.d/groups/desktop/blueman-mechanism b/apparmor.d/groups/desktop/blueman-mechanism index dff13659..35580348 100644 --- a/apparmor.d/groups/desktop/blueman-mechanism +++ b/apparmor.d/groups/desktop/blueman-mechanism @@ -6,7 +6,8 @@ abi , include -@{exec_path} = /usr/libexec/blueman-mechanism +@{exec_path} = /usr/{lib,libexec}/blueman-mechanism +@{exec_path} += /{usr/,}lib/blueman/blueman-mechanism profile blueman-mechanism @{exec_path} { include include @@ -22,7 +23,7 @@ profile blueman-mechanism @{exec_path} { @{exec_path} r, /{usr/,}bin/python3.[0-9]* r, - /usr/libexec/ r, + /usr/{lib,libexec}/ r, /var/lib/blueman/network.state rw, @@ -33,9 +34,9 @@ profile blueman-mechanism @{exec_path} { # For network AP #/{usr/,}bin/ip rix, - #/{usr/,}sbin/xtables-nft-multi rix, - #/{usr/,}sbin/dnsmasq rPx, - #/{usr/,}sbin/dhclient rPx, + #/{usr/,}{s,}bin/xtables-nft-multi rix, + #/{usr/,}{s,}bin/dnsmasq rPx, + #/{usr/,}{s,}bin/dhclient rPx, # @{PROC}/sys/net/ipv4/ip_forward w, # @{PROC}/sys/net/ipv4/conf/ r, # @{PROC}/sys/net/ipv4/conf/*/forwarding w, diff --git a/apparmor.d/groups/desktop/blueman-rfcomm-watcher b/apparmor.d/groups/desktop/blueman-rfcomm-watcher index 729df775..a52a9ba0 100644 --- a/apparmor.d/groups/desktop/blueman-rfcomm-watcher +++ b/apparmor.d/groups/desktop/blueman-rfcomm-watcher @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /usr/libexec/blueman-rfcomm-watcher +@{exec_path} = /usr/{lib,libexec}/blueman-rfcomm-watcher profile blueman-rfcomm-watcher @{exec_path} { include include @@ -14,7 +14,7 @@ profile blueman-rfcomm-watcher @{exec_path} { @{exec_path} r, /{usr/,}bin/python3.[0-9]* r, - /usr/libexec/ r, + /usr/{lib,libexec}/ r, owner @{PROC}/@{pid}/mounts r, diff --git a/apparmor.d/groups/desktop/bluetoothd b/apparmor.d/groups/desktop/bluetoothd index 660f24f2..8209d16d 100644 --- a/apparmor.d/groups/desktop/bluetoothd +++ b/apparmor.d/groups/desktop/bluetoothd @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/bluetooth/bluetoothd -@{exec_path} += /usr/libexec/bluetooth/bluetoothd +@{exec_path} += /usr/{lib,libexec}/bluetooth/bluetoothd profile bluetoothd @{exec_path} { include diff --git a/apparmor.d/groups/desktop/colord b/apparmor.d/groups/desktop/colord index 375c9493..88a48d63 100644 --- a/apparmor.d/groups/desktop/colord +++ b/apparmor.d/groups/desktop/colord @@ -6,8 +6,8 @@ abi , include -@{exec_path} = /{usr/,}lib/colord/colord /usr/libexec/colord -profile colord @{exec_path} { +@{exec_path} = /{usr/,}lib/colord/colord /usr/lib/colord +profile colord @{exec_path} flags=(attach_disconnected) { include include include @@ -16,8 +16,8 @@ profile colord @{exec_path} { @{exec_path} mr, - /{usr/,}lib/colord/colord-sane rPx, - /usr/libexec/colord-sane rPx, + /{usr/,}lib/colord/colord-sane rPx, + /usr/{lib,libexec}/colord-sane rPx, owner /var/lib/colord/** r, owner /var/lib/colord/.cache/ rw, diff --git a/apparmor.d/groups/desktop/colord-sane b/apparmor.d/groups/desktop/colord-sane index c6f66fe8..9488de01 100644 --- a/apparmor.d/groups/desktop/colord-sane +++ b/apparmor.d/groups/desktop/colord-sane @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/colord/colord-sane -@{exec_path} += /usr/libexec/colord-sane +@{exec_path} += /usr/{lib,libexec}/colord-sane profile colord-sane @{exec_path} flags=(complain) { include include diff --git a/apparmor.d/groups/desktop/colord-session b/apparmor.d/groups/desktop/colord-session index 72e38c55..624d63a0 100644 --- a/apparmor.d/groups/desktop/colord-session +++ b/apparmor.d/groups/desktop/colord-session @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/colord/colord-session /usr/libexec/colord-session +@{exec_path} = /{usr/,}lib/colord/colord-session /usr/{lib,libexec}/colord-session profile colord-session @{exec_path} flags=(complain) { include diff --git a/apparmor.d/groups/desktop/dconf-service b/apparmor.d/groups/desktop/dconf-service index a20573b2..c7d72bd2 100644 --- a/apparmor.d/groups/desktop/dconf-service +++ b/apparmor.d/groups/desktop/dconf-service @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/dconf/dconf-service /usr/libexec/dconf-service +@{exec_path} = /{usr/,}lib/dconf/dconf-service /usr/{lib,libexec}/dconf-service profile dconf-service @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfs-afc-volume-monitor b/apparmor.d/groups/gvfs/gvfs-afc-volume-monitor index 080be9d7..a41fcea3 100644 --- a/apparmor.d/groups/gvfs/gvfs-afc-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-afc-volume-monitor @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfs-afc-volume-monitor -@{exec_path} += /usr/libexec/gvfs-afc-volume-monitor +@{exec_path} += /usr/{lib,libexec}/gvfs-afc-volume-monitor profile gvfs-afc-volume-monitor @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfs-goa-volume-monitor b/apparmor.d/groups/gvfs/gvfs-goa-volume-monitor index 42d19cd6..172715a7 100644 --- a/apparmor.d/groups/gvfs/gvfs-goa-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-goa-volume-monitor @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfs-goa-volume-monitor -@{exec_path} += /usr/libexec/gvfs-goa-volume-monitor +@{exec_path} += /usr/{lib,libexec}/gvfs-goa-volume-monitor profile gvfs-goa-volume-monitor @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor b/apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor index 103e0afb..61712fff 100644 --- a/apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfs-gphoto2-volume-monitor -@{exec_path} += /usr/libexec/gvfs-gphoto2-volume-monitor +@{exec_path} += /usr/{lib,libexec}/gvfs-gphoto2-volume-monitor profile gvfs-gphoto2-volume-monitor @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor b/apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor index a4a1b0ce..eac62d54 100644 --- a/apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfs-mtp-volume-monitor -@{exec_path} += /usr/libexec/gvfs-mtp-volume-monitor +@{exec_path} += /usr/{lib,libexec}/gvfs-mtp-volume-monitor profile gvfs-mtp-volume-monitor @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor b/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor index 3ba42c32..fd5521b5 100644 --- a/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfs-udisks2-volume-monitor -@{exec_path} += /usr/libexec/gvfs-udisks2-volume-monitor +@{exec_path} += /usr/{lib,libexec}/gvfs-udisks2-volume-monitor profile gvfs-udisks2-volume-monitor @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfsd b/apparmor.d/groups/gvfs/gvfsd index 716b2ffe..64d5ad27 100644 --- a/apparmor.d/groups/gvfs/gvfsd +++ b/apparmor.d/groups/gvfs/gvfsd @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd -@{exec_path} += /usr/libexec/gvfsd +@{exec_path} += /usr/{lib,libexec}/gvfsd profile gvfsd @{exec_path} { include @@ -16,8 +16,8 @@ profile gvfsd @{exec_path} { /{usr/,}bin/{,ba,da}sh rix, # Don't strip env here. - /{usr/,}lib/gvfs/gvfsd-* rPx, - /usr/libexec/gvfsd-* rPx, + /{usr/,}lib/gvfs/gvfsd-* rPx, + /usr/{lib,libexec}/gvfsd-* rPx, /usr/share/gvfs/{,**} r, diff --git a/apparmor.d/groups/gvfs/gvfsd-admin b/apparmor.d/groups/gvfs/gvfsd-admin index a3726b83..7a67acee 100644 --- a/apparmor.d/groups/gvfs/gvfsd-admin +++ b/apparmor.d/groups/gvfs/gvfsd-admin @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-admin -@{exec_path} += /usr/libexec/gvfsd-admin +@{exec_path} += /usr/{lib,libexec}/gvfsd-admin profile gvfsd-admin @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-afc b/apparmor.d/groups/gvfs/gvfsd-afc index 1ed38657..624c062d 100644 --- a/apparmor.d/groups/gvfs/gvfsd-afc +++ b/apparmor.d/groups/gvfs/gvfsd-afc @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-afc -@{exec_path} += /usr/libexec/gvfsd-afc +@{exec_path} += /usr/{lib,libexec}/gvfsd-afc profile gvfsd-afc @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-afp b/apparmor.d/groups/gvfs/gvfsd-afp index 8869db27..d1a29b24 100644 --- a/apparmor.d/groups/gvfs/gvfsd-afp +++ b/apparmor.d/groups/gvfs/gvfsd-afp @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-afp -@{exec_path} += /usr/libexec/gvfsd-afp +@{exec_path} += /usr/{lib,libexec}/gvfsd-afp profile gvfsd-afp @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-afp-browse b/apparmor.d/groups/gvfs/gvfsd-afp-browse index 525ddb2b..b114de57 100644 --- a/apparmor.d/groups/gvfs/gvfsd-afp-browse +++ b/apparmor.d/groups/gvfs/gvfsd-afp-browse @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-afp-browse -@{exec_path} += /usr/libexec/gvfsd-afp-browse +@{exec_path} += /usr/{lib,libexec}/gvfsd-afp-browse profile gvfsd-afp-browse @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-archive b/apparmor.d/groups/gvfs/gvfsd-archive index 73d78135..11b57741 100644 --- a/apparmor.d/groups/gvfs/gvfsd-archive +++ b/apparmor.d/groups/gvfs/gvfsd-archive @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-archive -@{exec_path} += /usr/libexec/gvfsd-archive +@{exec_path} += /usr/{lib,libexec}/gvfsd-archive profile gvfsd-archive @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfsd-burn b/apparmor.d/groups/gvfs/gvfsd-burn index 6d60f65e..bdff2011 100644 --- a/apparmor.d/groups/gvfs/gvfsd-burn +++ b/apparmor.d/groups/gvfs/gvfsd-burn @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-burn -@{exec_path} += /usr/libexec/gvfsd-burn +@{exec_path} += /usr/{lib,libexec}/gvfsd-burn profile gvfsd-burn @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-cdda b/apparmor.d/groups/gvfs/gvfsd-cdda index 6debb275..3a592ac2 100644 --- a/apparmor.d/groups/gvfs/gvfsd-cdda +++ b/apparmor.d/groups/gvfs/gvfsd-cdda @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-cdda -@{exec_path} += /usr/libexec/gvfsd-cdda +@{exec_path} += /usr/{lib,libexec}/gvfsd-cdda profile gvfsd-cdda @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-computer b/apparmor.d/groups/gvfs/gvfsd-computer index 0b839ce8..6e685bb4 100644 --- a/apparmor.d/groups/gvfs/gvfsd-computer +++ b/apparmor.d/groups/gvfs/gvfsd-computer @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-computer -@{exec_path} += /usr/libexec/gvfsd-computer +@{exec_path} += /usr/{lib,libexec}/gvfsd-computer profile gvfsd-computer @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-dav b/apparmor.d/groups/gvfs/gvfsd-dav index c831603b..0963b552 100644 --- a/apparmor.d/groups/gvfs/gvfsd-dav +++ b/apparmor.d/groups/gvfs/gvfsd-dav @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-dav -@{exec_path} += /usr/libexec/gvfsd-dav +@{exec_path} += /usr/{lib,libexec}/gvfsd-dav profile gvfsd-dav @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-dnssd b/apparmor.d/groups/gvfs/gvfsd-dnssd index b356c6bd..ce3e09b8 100644 --- a/apparmor.d/groups/gvfs/gvfsd-dnssd +++ b/apparmor.d/groups/gvfs/gvfsd-dnssd @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-dnssd -@{exec_path} += /usr/libexec/gvfsd-dnssd +@{exec_path} += /usr/{lib,libexec}/gvfsd-dnssd profile gvfsd-dnssd @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-ftp b/apparmor.d/groups/gvfs/gvfsd-ftp index 939d5908..9c3e8e8f 100644 --- a/apparmor.d/groups/gvfs/gvfsd-ftp +++ b/apparmor.d/groups/gvfs/gvfsd-ftp @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-ftp -@{exec_path} += /usr/libexec/gvfsd-ftp +@{exec_path} += /usr/{lib,libexec}/gvfsd-ftp profile gvfsd-ftp @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfsd-fuse b/apparmor.d/groups/gvfs/gvfsd-fuse index 0f0f749e..0094e54b 100644 --- a/apparmor.d/groups/gvfs/gvfsd-fuse +++ b/apparmor.d/groups/gvfs/gvfsd-fuse @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-fuse -@{exec_path} += /usr/libexec/gvfsd-fuse +@{exec_path} += /usr/{lib,libexec}/gvfsd-fuse profile gvfsd-fuse @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-google b/apparmor.d/groups/gvfs/gvfsd-google index 8ffbce34..0da9033f 100644 --- a/apparmor.d/groups/gvfs/gvfsd-google +++ b/apparmor.d/groups/gvfs/gvfsd-google @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-google -@{exec_path} += /usr/libexec/gvfsd-google +@{exec_path} += /usr/{lib,libexec}/gvfsd-google profile gvfsd-google @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-gphoto2 b/apparmor.d/groups/gvfs/gvfsd-gphoto2 index 7a6948d2..c22aa273 100644 --- a/apparmor.d/groups/gvfs/gvfsd-gphoto2 +++ b/apparmor.d/groups/gvfs/gvfsd-gphoto2 @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-gphoto2 -@{exec_path} += /usr/libexec/gvfsd-gphoto2 +@{exec_path} += /usr/{lib,libexec}/gvfsd-gphoto2 profile gvfsd-gphoto2 @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-http b/apparmor.d/groups/gvfs/gvfsd-http index 21c28ceb..42826525 100644 --- a/apparmor.d/groups/gvfs/gvfsd-http +++ b/apparmor.d/groups/gvfs/gvfsd-http @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-http -@{exec_path} += /usr/libexec/gvfsd-http +@{exec_path} += /usr/{lib,libexec}/gvfsd-http profile gvfsd-http @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfsd-localtest b/apparmor.d/groups/gvfs/gvfsd-localtest index 8ad2f9d5..fb7dd151 100644 --- a/apparmor.d/groups/gvfs/gvfsd-localtest +++ b/apparmor.d/groups/gvfs/gvfsd-localtest @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-localtest -@{exec_path} += /usr/libexec/gvfsd-localtest +@{exec_path} += /usr/{lib,libexec}/gvfsd-localtest profile gvfsd-localtest @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-metadata b/apparmor.d/groups/gvfs/gvfsd-metadata index c57bb99f..b727142d 100644 --- a/apparmor.d/groups/gvfs/gvfsd-metadata +++ b/apparmor.d/groups/gvfs/gvfsd-metadata @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-metadata -@{exec_path} += /usr/libexec/gvfsd-metadata +@{exec_path} += /usr/{lib,libexec}/gvfsd-metadata profile gvfsd-metadata @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfsd-mtp b/apparmor.d/groups/gvfs/gvfsd-mtp index 0ed77575..7840dffd 100644 --- a/apparmor.d/groups/gvfs/gvfsd-mtp +++ b/apparmor.d/groups/gvfs/gvfsd-mtp @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-mtp -@{exec_path} += /usr/libexec/gvfsd-mtp +@{exec_path} += /usr/{lib,libexec}/gvfsd-mtp profile gvfsd-mtp @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfsd-network b/apparmor.d/groups/gvfs/gvfsd-network index ac3c06b2..a501165d 100644 --- a/apparmor.d/groups/gvfs/gvfsd-network +++ b/apparmor.d/groups/gvfs/gvfsd-network @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-network -@{exec_path} += /usr/libexec/gvfsd-network +@{exec_path} += /usr/{lib,libexec}/gvfsd-network profile gvfsd-network @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-nfs b/apparmor.d/groups/gvfs/gvfsd-nfs index b386a6d3..e6f48a99 100644 --- a/apparmor.d/groups/gvfs/gvfsd-nfs +++ b/apparmor.d/groups/gvfs/gvfsd-nfs @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-nfs -@{exec_path} += /usr/libexec/gvfsd-nfs +@{exec_path} += /usr/{lib,libexec}/gvfsd-nfs profile gvfsd-nfs @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfsd-recent b/apparmor.d/groups/gvfs/gvfsd-recent index 58e61473..0a3d059d 100644 --- a/apparmor.d/groups/gvfs/gvfsd-recent +++ b/apparmor.d/groups/gvfs/gvfsd-recent @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-recent -@{exec_path} += /usr/libexec/gvfsd-recent +@{exec_path} += /usr/{lib,libexec}/gvfsd-recent profile gvfsd-recent @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-sftp b/apparmor.d/groups/gvfs/gvfsd-sftp index 9296d2d3..62d6d026 100644 --- a/apparmor.d/groups/gvfs/gvfsd-sftp +++ b/apparmor.d/groups/gvfs/gvfsd-sftp @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-sftp -@{exec_path} += /usr/libexec/gvfsd-sftp +@{exec_path} += /usr/{lib,libexec}/gvfsd-sftp profile gvfsd-sftp @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfsd-smb b/apparmor.d/groups/gvfs/gvfsd-smb index d0cb263a..ca9d62a8 100644 --- a/apparmor.d/groups/gvfs/gvfsd-smb +++ b/apparmor.d/groups/gvfs/gvfsd-smb @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-smb -@{exec_path} += /usr/libexec/gvfsd-smb +@{exec_path} += /usr/{lib,libexec}/gvfsd-smb profile gvfsd-smb @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfsd-smb-browse b/apparmor.d/groups/gvfs/gvfsd-smb-browse index 696926aa..56565252 100644 --- a/apparmor.d/groups/gvfs/gvfsd-smb-browse +++ b/apparmor.d/groups/gvfs/gvfsd-smb-browse @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-smb-browse -@{exec_path} += /usr/libexec/gvfsd-smb-browse +@{exec_path} += /usr/{lib,libexec}/gvfsd-smb-browse profile gvfsd-smb-browse @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-trash b/apparmor.d/groups/gvfs/gvfsd-trash index 39b8fe4f..8eaaca3f 100644 --- a/apparmor.d/groups/gvfs/gvfsd-trash +++ b/apparmor.d/groups/gvfs/gvfsd-trash @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-trash -@{exec_path} += /usr/libexec/gvfsd-trash +@{exec_path} += /usr/{lib,libexec}/gvfsd-trash profile gvfsd-trash @{exec_path} { include include diff --git a/apparmor.d/groups/network/openvpn b/apparmor.d/groups/network/openvpn index 0fa2d220..082c7fd3 100644 --- a/apparmor.d/groups/network/openvpn +++ b/apparmor.d/groups/network/openvpn @@ -16,7 +16,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/openvpn +@{exec_path} = /{usr/,}{s,}bin/openvpn profile openvpn @{exec_path} { include include @@ -81,7 +81,7 @@ profile openvpn @{exec_path} { /{usr/,}bin/cut rix, /{usr/,}bin/which rix, /{usr/,}bin/ip rix, - /{usr/,}sbin/xtables-nft-multi rix, + /{usr/,}{s,}bin/xtables-nft-multi rix, /etc/iproute2/rt_tables r, /etc/iproute2/rt_tables.d/ r, @@ -106,7 +106,7 @@ profile openvpn @{exec_path} { /{usr/,}bin/cut rix, /{usr/,}bin/{,e}grep rix, /{usr/,}bin/ip rix, - /{usr/,}sbin/nft rix, + /{usr/,}{s,}bin/nft rix, /{usr/,}bin/env rix, /etc/iproute2/rt_realms r, diff --git a/apparmor.d/groups/systemd/systemd-fsck b/apparmor.d/groups/systemd/systemd-fsck index 03f21fc6..ec06fdf8 100644 --- a/apparmor.d/groups/systemd/systemd-fsck +++ b/apparmor.d/groups/systemd/systemd-fsck @@ -20,8 +20,8 @@ profile systemd-fsck @{exec_path} { @{exec_path} mr, - /{usr/,}sbin/fsck rPx, - /{usr/,}sbin/e2fsck rPx, + /{usr/,}{s,}bin/fsck rPx, + /{usr/,}{s,}bin/e2fsck rPx, owner @{run}/systemd/quotacheck w, diff --git a/apparmor.d/profiles-a-l/iwconfig b/apparmor.d/profiles-a-l/iwconfig index 1f2d89d4..aa636c58 100644 --- a/apparmor.d/profiles-a-l/iwconfig +++ b/apparmor.d/profiles-a-l/iwconfig @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/iwconfig +@{exec_path} = /{usr/,}{s,}bin/iwconfig profile iwconfig @{exec_path} { include diff --git a/apparmor.d/profiles-a-l/lightdm b/apparmor.d/profiles-a-l/lightdm index ace96c0a..5da3f778 100644 --- a/apparmor.d/profiles-a-l/lightdm +++ b/apparmor.d/profiles-a-l/lightdm @@ -116,7 +116,7 @@ profile lightdm @{exec_path} { /var/cache/lightdm/dmrc/*.dmrc* rw, /{usr/,}lib/at-spi2-core/at-spi-bus-launcher rPUx, - /usr/libexec/at-spi-bus-launcher rPUx, + /usr/{lib,libexec}/at-spi-bus-launcher rPUx, include if exists } diff --git a/apparmor.d/profiles-a-l/lightdm-gtk-greeter b/apparmor.d/profiles-a-l/lightdm-gtk-greeter index f05f3737..476afcc7 100644 --- a/apparmor.d/profiles-a-l/lightdm-gtk-greeter +++ b/apparmor.d/profiles-a-l/lightdm-gtk-greeter @@ -51,7 +51,7 @@ profile lightdm-gtk-greeter @{exec_path} { @{HOME}/.face r, /{usr/,}lib/at-spi2-core/at-spi-bus-launcher rPUx, - /usr/libexec/at-spi-bus-launcher rPUx, + /usr/{lib,libexec}/at-spi-bus-launcher rPUx, profile systemd { diff --git a/apparmor.d/profiles-m-z/obexd b/apparmor.d/profiles-m-z/obexd index 549a67c4..95d016ae 100644 --- a/apparmor.d/profiles-m-z/obexd +++ b/apparmor.d/profiles-m-z/obexd @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /usr/libexec/bluetooth/obexd +@{exec_path} = /usr/{lib,libexec}/bluetooth/obexd profile obexd @{exec_path} { include include diff --git a/apparmor.d/profiles-m-z/openbox b/apparmor.d/profiles-m-z/openbox index d659eeda..ba976417 100644 --- a/apparmor.d/profiles-m-z/openbox +++ b/apparmor.d/profiles-m-z/openbox @@ -24,7 +24,7 @@ profile openbox @{exec_path} { # Apps allowed to run /{usr/,}{s,}bin/* rPUx, /{usr/,}bin/* rPUx, - /usr/libexec/* rPUx, + /usr/{lib,libexec}/* rPUx, /usr/share/themes/*/openbox-3/themerc r, @@ -61,7 +61,7 @@ profile openbox @{exec_path} { # Apps allowed to run /{usr/,}bin/* rPUx, - /usr/libexec/* rPUx, + /usr/{lib,libexec}/* rPUx, /{usr/,}lib/@{multiarch}/*/** rPUx, /usr/local/lib/python*/dist-packages/ r, diff --git a/apparmor.d/profiles-m-z/rfkill b/apparmor.d/profiles-m-z/rfkill index 16a592ce..b87cdb02 100644 --- a/apparmor.d/profiles-m-z/rfkill +++ b/apparmor.d/profiles-m-z/rfkill @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/rfkill +@{exec_path} = /{usr/,}{s,}bin/rfkill profile rfkill @{exec_path} { include diff --git a/apparmor.d/profiles-m-z/rtkit-daemon b/apparmor.d/profiles-m-z/rtkit-daemon index b6e95722..31347b7e 100644 --- a/apparmor.d/profiles-m-z/rtkit-daemon +++ b/apparmor.d/profiles-m-z/rtkit-daemon @@ -7,7 +7,7 @@ abi , include -@{exec_path} = /usr/libexec/rtkit-daemon +@{exec_path} = /usr/{lib,libexec}/rtkit-daemon profile rtkit-daemon @{exec_path} { include include diff --git a/apparmor.d/profiles-m-z/udisksd b/apparmor.d/profiles-m-z/udisksd index 8fc2b449..f2f519f1 100644 --- a/apparmor.d/profiles-m-z/udisksd +++ b/apparmor.d/profiles-m-z/udisksd @@ -7,8 +7,8 @@ abi , include @{exec_path} = /{usr/,}lib/udisks2/udisksd -@{exec_path} += /usr/libexec/udisks2/udisksd -profile udisksd @{exec_path} { +@{exec_path} += /usr/{lib,libexec}/udisks2/udisksd +profile udisksd @{exec_path} flags=(attach_disconnected) { include include include diff --git a/apparmor.d/profiles-m-z/upowerd b/apparmor.d/profiles-m-z/upowerd index ce648a4f..73f119d3 100644 --- a/apparmor.d/profiles-m-z/upowerd +++ b/apparmor.d/profiles-m-z/upowerd @@ -7,8 +7,8 @@ abi , include @{exec_path} = /{usr/,}lib/upower/upowerd -@{exec_path} += /usr/libexec/upowerd -profile upowerd @{exec_path} { +@{exec_path} += /usr/{lib,libexec}/upowerd +profile upowerd @{exec_path} flags=(attach_disconnected) { include include