Replace rm with mr.

2025-01-18 08:58:15 +01:00 · 2022-08-13 21:02:42 +02:00 · 2022-08-13 21:02:42 +02:00 · af0c622b35
commit af0c622b35
parent e62465b72f
45 changed files with 72 additions and 72 deletions
--- a/apparmor.d/abstractions/lightdm
+++ b/apparmor.d/abstractions/lightdm
@ -46,15 +46,15 @@
  /opt/ r,
  /opt/** rmixk,
  @{PROC}/ r,
-  @{PROC}/* rm,
+  @{PROC}/* mr,
  @{PROC}/[0-9]*/net/ r,
  @{PROC}/[0-9]*/net/dev r,
-  @{PROC}/asound rm,
-  @{PROC}/asound/** rm,
-  @{PROC}/ati rm,
-  @{PROC}/ati/** rm,
+  @{PROC}/asound mr,
+  @{PROC}/asound/** mr,
+  @{PROC}/ati mr,
+  @{PROC}/ati/** mr,
  @{PROC}/sys/vm/overcommit_memory r,
-  owner @{PROC}/** rm,
+  owner @{PROC}/** mr,
  # needed for gnome-keyring-daemon
  @{PROC}/*/status r,
  # needed for bamfdaemon and utilities such as ps and killall
@ -62,7 +62,7 @@
  /sbin/ r,
  /sbin/** rmixk,
  /sys/ r,
-  /sys/** rm,
+  /sys/** mr,
  # needed for confined trusted helpers, such as dbus-daemon
  /sys/kernel/security/apparmor/.access rw,
  /tmp/ rw,
--- a/apparmor.d/groups/apps/usr.lib.libreoffice.program.soffice.bin
+++ b/apparmor.d/groups/apps/usr.lib.libreoffice.program.soffice.bin
@ -217,9 +217,9 @@ profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin flags=(comp
  profile gpg {
    #include <abstractions/base>

-   /usr/bin/gpgconf rm,
-   /usr/bin/gpg rm,
-   /usr/bin/gpgsm rm,
+   /usr/bin/gpgconf mr,
+   /usr/bin/gpg mr,
+   /usr/bin/gpgsm mr,

    owner @{HOME}/@{XDG_GPG_DIR}/* r,
    owner @{HOME}/@{XDG_GPG_DIR}/random_seed rk,
@ -231,7 +231,7 @@ profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin flags=(comp
  owner @{user_config_dirs}/kdeglobals r,
  /usr/lib/libreoffice/program/lo_kde5filepicker rPUx,
  /usr/share/qt5/translations/* r,
-  /usr/lib/*/qt5/plugins/** rm,
+  /usr/lib/*/qt5/plugins/** mr,
  /usr/share/plasma/look-and-feel/**/contents/defaults r,

  # TODO: remove when rules are available in abstractions/kde
--- a/apparmor.d/groups/avahi/avahi-autoipd
+++ b/apparmor.d/groups/avahi/avahi-autoipd
@ -19,7 +19,7 @@ profile avahi-autoipd @{exec_path} flags=(complain) {

  signal receive set=(kill,term),

-  @{exec_path} rm,
+  @{exec_path} mr,
  /etc/avahi/avahi-autoipd.action rix,

  include if exists <local/avahi-autoipd>
--- a/apparmor.d/groups/avahi/avahi-browse
+++ b/apparmor.d/groups/avahi/avahi-browse
@ -24,7 +24,7 @@ profile avahi-browse @{exec_path} flags=(complain) {
      interface=org.freedesktop.Avahi.ServiceTypeBrowser
      member={ItemNew,CacheExhausted,AllForNow},

-  @{exec_path} rm,
+  @{exec_path} mr,

  /{usr/,}lib/@{multiarch}/avahi/service-types.db rwk,

--- a/apparmor.d/groups/avahi/avahi-daemon
+++ b/apparmor.d/groups/avahi/avahi-daemon
@ -14,7 +14,7 @@ profile avahi-daemon @{exec_path} flags=(complain) {
  network inet dgram,
  network inet6 dgram,

-  @{exec_path} rm,
+  @{exec_path} mr,

  /etc/avahi/** r,

--- a/apparmor.d/groups/avahi/avahi-publish
+++ b/apparmor.d/groups/avahi/avahi-publish
@ -11,7 +11,7 @@ profile avahi-publish @{exec_path} flags=(complain) {
  include <abstractions/base>
  include <abstractions/consoles>

-  @{exec_path} rm,
+  @{exec_path} mr,

  include if exists <local/avahi-publish>
 }
--- a/apparmor.d/groups/avahi/avahi-resolve
+++ b/apparmor.d/groups/avahi/avahi-resolve
@ -28,7 +28,7 @@ profile avahi-resolve @{exec_path} flags=(complain) {
      interface=org.freedesktop.Avahi.AddressResolver
      member={Failure,Found},

-  @{exec_path} rm,
+  @{exec_path} mr,

  include if exists <local/avahi-resolve>
 }
--- a/apparmor.d/groups/avahi/avahi-set-host-name
+++ b/apparmor.d/groups/avahi/avahi-set-host-name
@ -11,7 +11,7 @@ profile avahi-set-host-name @{exec_path} flags=(complain) {
  include <abstractions/base>
  include <abstractions/consoles>

-  @{exec_path} rm,
+  @{exec_path} mr,

  include if exists <local/avahi-set-host-name>
 }
--- a/apparmor.d/groups/freedesktop/xdg-document-portal
+++ b/apparmor.d/groups/freedesktop/xdg-document-portal
@ -36,7 +36,7 @@ profile xdg-document-portal @{exec_path} {
  profile flatpak {
    include <abstractions/base>

-    /{usr/,}bin/flatpak rm,
+    /{usr/,}bin/flatpak mr,

    / r,
    /etc/flatpak/remotes.d/{,*} r,
--- a/apparmor.d/groups/grub/grub-bios-setup
+++ b/apparmor.d/groups/grub/grub-bios-setup
@ -11,7 +11,7 @@ profile grub-bios-setup @{exec_path} flags=(complain) {
  include <abstractions/base>
  include <abstractions/consoles>

-  @{exec_path} rm,
+  @{exec_path} mr,

  include if exists <local/grub-bios-setup>
 }
--- a/apparmor.d/groups/grub/grub-editenv
+++ b/apparmor.d/groups/grub/grub-editenv
@ -11,7 +11,7 @@ profile grub-editenv @{exec_path} flags=(complain) {
  include <abstractions/base>
  include <abstractions/consoles>

-  @{exec_path} rm,
+  @{exec_path} mr,

  /boot/grub/grubenv rw,

--- a/apparmor.d/groups/grub/grub-file
+++ b/apparmor.d/groups/grub/grub-file
@ -11,7 +11,7 @@ profile grub-file @{exec_path} flags=(complain) {
  include <abstractions/base>
  include <abstractions/consoles>

-  @{exec_path} rm,
+  @{exec_path} mr,

  include if exists <local/grub-file>
 }
--- a/apparmor.d/groups/grub/grub-fstest
+++ b/apparmor.d/groups/grub/grub-fstest
@ -11,7 +11,7 @@ profile grub-fstest @{exec_path} flags=(complain) {
  include <abstractions/base>
  include <abstractions/consoles>

-  @{exec_path} rm,
+  @{exec_path} mr,

  include if exists <local/grub-fstest>
 }
--- a/apparmor.d/groups/grub/grub-glue-efi
+++ b/apparmor.d/groups/grub/grub-glue-efi
@ -11,7 +11,7 @@ profile grub-glue-efi @{exec_path} flags=(complain) {
  include <abstractions/base>
  include <abstractions/consoles>

-  @{exec_path} rm,
+  @{exec_path} mr,

  include if exists <local/grub-glue-efi>
 }
--- a/apparmor.d/groups/grub/grub-install
+++ b/apparmor.d/groups/grub/grub-install
@ -11,7 +11,7 @@ profile grub-install @{exec_path} flags=(complain) {
  include <abstractions/base>
  include <abstractions/consoles>

-  @{exec_path} rm,
+  @{exec_path} mr,

  include if exists <local/grub-install>
 }
--- a/apparmor.d/groups/grub/grub-kbdcomp
+++ b/apparmor.d/groups/grub/grub-kbdcomp
@ -11,7 +11,7 @@ profile grub-kbdcomp @{exec_path} flags=(complain) {
  include <abstractions/base>
  include <abstractions/consoles>

-  @{exec_path} rm,
+  @{exec_path} mr,

  include if exists <local/grub-kbdcomp>
 }
--- a/apparmor.d/groups/grub/grub-macbless
+++ b/apparmor.d/groups/grub/grub-macbless
@ -11,7 +11,7 @@ profile grub-macbless @{exec_path} flags=(complain) {
  include <abstractions/base>
  include <abstractions/consoles>

-  @{exec_path} rm,
+  @{exec_path} mr,

  include if exists <local/grub-macbless>
 }
--- a/apparmor.d/groups/grub/grub-menulst2cfg
+++ b/apparmor.d/groups/grub/grub-menulst2cfg
@ -11,7 +11,7 @@ profile grub-menulst2cfg @{exec_path} flags=(complain) {
  include <abstractions/base>
  include <abstractions/consoles>

-  @{exec_path} rm,
+  @{exec_path} mr,

  include if exists <local/grub-menulst2cfg>
 }
--- a/apparmor.d/groups/grub/grub-mkconfig
+++ b/apparmor.d/groups/grub/grub-mkconfig
@ -13,7 +13,7 @@ profile grub-mkconfig @{exec_path} flags=(complain) {

  capability dac_read_search,

-  @{exec_path}                     rm,
+  @{exec_path}                     mr,
  /etc/grub.d/{**,}                rix,
  /{usr/,}bin/{m,g,}awk            rix,
  /{usr/,}bin/basename             rix,
--- a/apparmor.d/groups/grub/grub-mkdevicemap
+++ b/apparmor.d/groups/grub/grub-mkdevicemap
@ -11,7 +11,7 @@ profile grub-mkdevicemap @{exec_path} flags=(complain) {
  include <abstractions/base>
  include <abstractions/consoles>

-  @{exec_path} rm,
+  @{exec_path} mr,

  include if exists <local/grub-mkdevicemap>
 }
--- a/apparmor.d/groups/grub/grub-mkfont
+++ b/apparmor.d/groups/grub/grub-mkfont
@ -11,7 +11,7 @@ profile grub-mkfont @{exec_path} flags=(complain) {
  include <abstractions/base>
  include <abstractions/consoles>

-  @{exec_path} rm,
+  @{exec_path} mr,

  include if exists <local/grub-mkfont>
 }
--- a/apparmor.d/groups/grub/grub-mkimage
+++ b/apparmor.d/groups/grub/grub-mkimage
@ -11,7 +11,7 @@ profile grub-mkimage @{exec_path} flags=(complain) {
  include <abstractions/base>
  include <abstractions/consoles>

-  @{exec_path} rm,
+  @{exec_path} mr,

  include if exists <local/grub-mkimage>
 }
--- a/apparmor.d/groups/grub/grub-mklayout
+++ b/apparmor.d/groups/grub/grub-mklayout
@ -11,7 +11,7 @@ profile grub-mklayout @{exec_path} flags=(complain) {
  include <abstractions/base>
  include <abstractions/consoles>

-  @{exec_path} rm,
+  @{exec_path} mr,

  include if exists <local/grub-mklayout>
 }
--- a/apparmor.d/groups/grub/grub-mknetdir
+++ b/apparmor.d/groups/grub/grub-mknetdir
@ -11,7 +11,7 @@ profile grub-mknetdir @{exec_path} flags=(complain) {
  include <abstractions/base>
  include <abstractions/consoles>

-  @{exec_path} rm,
+  @{exec_path} mr,

  include if exists <local/grub-mknetdir>
 }
--- a/apparmor.d/groups/grub/grub-mkpasswd-pbkdf2
+++ b/apparmor.d/groups/grub/grub-mkpasswd-pbkdf2
@ -11,7 +11,7 @@ profile grub-mkpasswd-pbkdf2 @{exec_path} flags=(complain) {
  include <abstractions/base>
  include <abstractions/consoles>

-  @{exec_path} rm,
+  @{exec_path} mr,

  include if exists <local/grub-mkpasswd-pbkdf2>
 }
--- a/apparmor.d/groups/grub/grub-mkrelpath
+++ b/apparmor.d/groups/grub/grub-mkrelpath
@ -11,7 +11,7 @@ profile grub-mkrelpath @{exec_path} flags=(complain) {
  include <abstractions/base>
  include <abstractions/consoles>

-  @{exec_path} rm,
+  @{exec_path} mr,
  /{usr/,}{local/,}{s,}bin/zpool rPx,

  @{PROC}/@{pids}/mountinfo r,
--- a/apparmor.d/groups/grub/grub-mkrescue
+++ b/apparmor.d/groups/grub/grub-mkrescue
@ -11,7 +11,7 @@ profile grub-mkrescue @{exec_path} flags=(complain) {
  include <abstractions/base>
  include <abstractions/consoles>

-  @{exec_path} rm,
+  @{exec_path} mr,

  include if exists <local/grub-mkrescue>
 }
--- a/apparmor.d/groups/grub/grub-mkstandalone
+++ b/apparmor.d/groups/grub/grub-mkstandalone
@ -11,7 +11,7 @@ profile grub-mkstandalone @{exec_path} flags=(complain) {
  include <abstractions/base>
  include <abstractions/consoles>

-  @{exec_path} rm,
+  @{exec_path} mr,

  include if exists <local/grub-mkstandalone>
 }
--- a/apparmor.d/groups/grub/grub-mount
+++ b/apparmor.d/groups/grub/grub-mount
@ -11,7 +11,7 @@ profile grub-mount @{exec_path} flags=(complain) {
  include <abstractions/base>
  include <abstractions/consoles>

-  @{exec_path} rm,
+  @{exec_path} mr,

  include if exists <local/grub-mount>
 }
--- a/apparmor.d/groups/grub/grub-ntldr-img
+++ b/apparmor.d/groups/grub/grub-ntldr-img
@ -11,7 +11,7 @@ profile grub-ntldr-img @{exec_path} flags=(complain) {
  include <abstractions/base>
  include <abstractions/consoles>

-  @{exec_path} rm,
+  @{exec_path} mr,

  include if exists <local/grub-ntldr-img>
 }
--- a/apparmor.d/groups/grub/grub-probe
+++ b/apparmor.d/groups/grub/grub-probe
@ -14,7 +14,7 @@ profile grub-probe @{exec_path} flags=(complain) {

  capability sys_admin,

-  @{exec_path} rm,
+  @{exec_path} mr,
  /{usr/,}bin/lsb_release        rPx -> lsb_release,
  /{usr/,}bin/udevadm            rPx,
  /{usr/,}{local/,}{s,}bin/zpool rPx,
--- a/apparmor.d/groups/grub/grub-reboot
+++ b/apparmor.d/groups/grub/grub-reboot
@ -11,7 +11,7 @@ profile grub-reboot @{exec_path} flags=(complain) {
  include <abstractions/base>
  include <abstractions/consoles>

-  @{exec_path} rm,
+  @{exec_path} mr,

  include if exists <local/grub-reboot>
 }
--- a/apparmor.d/groups/grub/grub-render-label
+++ b/apparmor.d/groups/grub/grub-render-label
@ -11,7 +11,7 @@ profile grub-render-label @{exec_path} flags=(complain) {
  include <abstractions/base>
  include <abstractions/consoles>

-  @{exec_path} rm,
+  @{exec_path} mr,

  include if exists <local/grub-render-label>
 }
--- a/apparmor.d/groups/grub/grub-script-check
+++ b/apparmor.d/groups/grub/grub-script-check
@ -11,7 +11,7 @@ profile grub-script-check @{exec_path} flags=(complain) {
  include <abstractions/base>
  include <abstractions/consoles>

-  @{exec_path} rm,
+  @{exec_path} mr,

  /boot/grub/grub.cfg{.new,} rw,

--- a/apparmor.d/groups/grub/grub-set-default
+++ b/apparmor.d/groups/grub/grub-set-default
@ -11,7 +11,7 @@ profile grub-set-default @{exec_path} flags=(complain) {
  include <abstractions/base>
  include <abstractions/consoles>

-  @{exec_path} rm,
+  @{exec_path} mr,

  include if exists <local/grub-set-default>
 }
--- a/apparmor.d/groups/grub/grub-syslinux2cfg
+++ b/apparmor.d/groups/grub/grub-syslinux2cfg
@ -11,7 +11,7 @@ profile grub-syslinux2cfg @{exec_path} flags=(complain) {
  include <abstractions/base>
  include <abstractions/consoles>

-  @{exec_path} rm,
+  @{exec_path} mr,

  include if exists <local/grub-syslinux2cfg>
 }
--- a/apparmor.d/groups/network/mullvad-gui
+++ b/apparmor.d/groups/network/mullvad-gui
@ -33,7 +33,7 @@ profile mullvad-gui @{exec_path} {

  @{exec_path} mrix,

-  "/opt/Mullvad VPN/*.so*" rm,
+  "/opt/Mullvad VPN/*.so*" mr,

  /{usr/,}bin/{,ba,da}sh  rix,
  /{usr/,}bin/gsettings   rix,
--- a/apparmor.d/groups/pacman/mkinitcpio
+++ b/apparmor.d/groups/pacman/mkinitcpio
@ -77,10 +77,10 @@ profile mkinitcpio @{exec_path} flags=(attach_disconnected) {

  # Can copy any program to the initframs
  /{usr/,}bin/ r,
-  /{usr/,}bin/[a-z0-9]* rm,
-  /{usr/,}lib/plymouth/plymouthd-* rm,
-  /{usr/,}lib/systemd/systemd-* rm,
-  /{usr/,}lib/udev/[a-z0-9]* rm,
+  /{usr/,}bin/[a-z0-9]* mr,
+  /{usr/,}lib/plymouth/plymouthd-* mr,
+  /{usr/,}lib/systemd/systemd-* mr,
+  /{usr/,}lib/udev/[a-z0-9]* mr,

  # Manage /boot
  / r,
--- a/apparmor.d/groups/ubuntu/update-grub
+++ b/apparmor.d/groups/ubuntu/update-grub
@ -11,7 +11,7 @@ profile update-grub @{exec_path} flags=(complain) {
  include <abstractions/base>
  include <abstractions/consoles>

-  @{exec_path} rm,
+  @{exec_path} mr,
  /{usr/,}bin/{,ba,da}sh rix,
  /{usr/,}{s,}bin/grub-mkconfig rPx,

--- a/apparmor.d/profiles-a-f/anyremote
+++ b/apparmor.d/profiles-a-f/anyremote
@ -18,7 +18,7 @@ profile anyremote @{exec_path} {
  network inet stream,
  network inet6 stream,

-  @{exec_path} rm,
+  @{exec_path} mr,

  /{usr/,}bin/{,ba,da}sh rix,
  /{usr/,}bin/cat        rix,
--- a/apparmor.d/profiles-m-r/man
+++ b/apparmor.d/profiles-m-r/man
@ -58,14 +58,14 @@ profile man_groff {

  signal peer=man,

-  /{usr/,}bin/eqn      rm,
-  /{usr/,}bin/grap     rm,
-  /{usr/,}bin/pic      rm,
-  /{usr/,}bin/preconv  rm,
-  /{usr/,}bin/refer    rm,
-  /{usr/,}bin/tbl      rm,
-  /{usr/,}bin/troff    rm,
-  /{usr/,}bin/vgrind   rm,
+  /{usr/,}bin/eqn      mr,
+  /{usr/,}bin/grap     mr,
+  /{usr/,}bin/pic      mr,
+  /{usr/,}bin/preconv  mr,
+  /{usr/,}bin/refer    mr,
+  /{usr/,}bin/tbl      mr,
+  /{usr/,}bin/troff    mr,
+  /{usr/,}bin/vgrind   mr,

  /{usr/,}lib/groff/site-tmac/** r,
  /usr/share/groff/** r,
@ -83,14 +83,14 @@ profile man_filter {

  signal peer=man,

-  /{usr/,}bin/bzip2      rm,
-  /{usr/,}bin/gzip       rm,
-  /{usr/,}bin/col        rm,
-  /{usr/,}bin/compress   rm,
-  /{usr/,}bin/iconv      rm,
-  /{usr/,}bin/lzip.lzip  rm,
-  /{usr/,}bin/tr         rm,
-  /{usr/,}bin/xz         rm,
+  /{usr/,}bin/bzip2      mr,
+  /{usr/,}bin/gzip       mr,
+  /{usr/,}bin/col        mr,
+  /{usr/,}bin/compress   mr,
+  /{usr/,}bin/iconv      mr,
+  /{usr/,}bin/lzip.lzip  mr,
+  /{usr/,}bin/tr         mr,
+  /{usr/,}bin/xz         mr,

  # Manual pages can be more or less anywhere, especially with "man -l", and
  # there's no harm in allowing wide read access here since the worst it can
--- a/apparmor.d/profiles-s-z/sanoid
+++ b/apparmor.d/profiles-s-z/sanoid
@ -11,7 +11,7 @@ profile sanoid @{exec_path} flags=(complain) {
  include <abstractions/base>
  include <abstractions/perl>

-  @{exec_path}                 rm,
+  @{exec_path}                 mr,
  /{usr/,}bin/{,ba,da}sh       rix,
  /{usr/,}bin/perl             rix,
  /{usr/,}bin/ps               rPx,
--- a/apparmor.d/profiles-s-z/syncoid
+++ b/apparmor.d/profiles-s-z/syncoid
@ -12,7 +12,7 @@ profile syncoid @{exec_path} flags=(complain) {
  include <abstractions/consoles>
  include <abstractions/perl>

-  @{exec_path}                   rm,
+  @{exec_path}                   mr,
  /{usr/,}bin/grep               rix,
  /{usr/,}bin/mbuffer            rix,
  /{usr/,}bin/perl               rix,
--- a/apparmor.d/profiles-s-z/zpool
+++ b/apparmor.d/profiles-s-z/zpool
@ -14,7 +14,7 @@ profile zpool @{exec_path} {

  capability sys_admin,

-  @{exec_path} rm,
+  @{exec_path} mr,

  /{usr/,}bin/{,ba,da}sh rix,
  /{usr/,}{local/,}lib/zfs-linux/zpool.d/* rix,
--- a/apparmor.d/profiles-s-z/zsys-system-autosnapshot
+++ b/apparmor.d/profiles-s-z/zsys-system-autosnapshot
@ -11,7 +11,7 @@ profile zsys-system-autosnapshot @{exec_path} flags=(complain) {
  include <abstractions/base>
  include <abstractions/consoles>

-  @{exec_path}            rm,
+  @{exec_path}            mr,
  /{usr/,}bin/{,ba,da}sh  rix,
  /{usr/,}bin/cat         rix,
  /{usr/,}bin/cp          rix,