diff --git a/apparmor.d/abstractions/X-strict b/apparmor.d/abstractions/X-strict index add84619..088d5c91 100644 --- a/apparmor.d/abstractions/X-strict +++ b/apparmor.d/abstractions/X-strict @@ -17,7 +17,7 @@ owner @{HOME}/.Xauthority r, # Xauthority files required for X connections, per user /tmp/.ICE-unix/* rw, - /tmp/.X{0,1}-lock rw, + /tmp/.X@{int}-lock rw, /tmp/.X11-unix/* rw, owner /tmp/xauth_@{rand6} rl -> /tmp/#@{int}, diff --git a/apparmor.d/groups/apps/calibre b/apparmor.d/groups/apps/calibre index c625ab9c..487174c3 100644 --- a/apparmor.d/groups/apps/calibre +++ b/apparmor.d/groups/apps/calibre @@ -50,7 +50,7 @@ profile calibre @{exec_path} { unix (bind) type=stream addr="@calibre-*", @{exec_path} mrix, - @{bin}/python3.[0-9]* r, + @{bin}/python3.@{int} r, @{bin}/ldconfig{,.real} rix, @{bin}/{,ba,da}sh rix, diff --git a/apparmor.d/groups/apps/discord b/apparmor.d/groups/apps/discord index 88d90192..c966d179 100644 --- a/apparmor.d/groups/apps/discord +++ b/apparmor.d/groups/apps/discord @@ -143,7 +143,7 @@ profile discord @{exec_path} { signal (receive) set=(kill, term) peer=discord, @{bin}/lsb_release r, - @{bin}/python3.[0-9]* r, + @{bin}/python3.@{int} r, @{bin}/ r, @{bin}/apt-cache rPx, diff --git a/apparmor.d/groups/apps/dropbox b/apparmor.d/groups/apps/dropbox index f4275e7f..f1b1daf8 100644 --- a/apparmor.d/groups/apps/dropbox +++ b/apparmor.d/groups/apps/dropbox @@ -29,7 +29,7 @@ profile dropbox @{exec_path} { @{exec_path} r, @{bin}/ r, - @{bin}/python3.[0-9]* r, + @{bin}/python3.@{int} r, # Dropbox home files owner @{HOME}/ r, diff --git a/apparmor.d/groups/apt/apt-listchanges b/apparmor.d/groups/apt/apt-listchanges index 2f44cb10..6243f447 100644 --- a/apparmor.d/groups/apt/apt-listchanges +++ b/apparmor.d/groups/apt/apt-listchanges @@ -16,7 +16,7 @@ profile apt-listchanges @{exec_path} { #capability sys_tty_config, @{exec_path} r, - @{bin}/python3.[0-9]* r, + @{bin}/python3.@{int} r, @{bin}/ r, @{bin}/{,ba,da}sh rix, diff --git a/apparmor.d/groups/apt/command-not-found b/apparmor.d/groups/apt/command-not-found index 98d224bd..134b5908 100644 --- a/apparmor.d/groups/apt/command-not-found +++ b/apparmor.d/groups/apt/command-not-found @@ -18,7 +18,7 @@ profile command-not-found @{exec_path} { include @{exec_path} r, - @{bin}/python3.[0-9]* r, + @{bin}/python3.@{int} r, @{bin}/lsb_release rPx -> lsb_release, @{bin}/snap rPUx, diff --git a/apparmor.d/groups/apt/debsecan b/apparmor.d/groups/apt/debsecan index 96e84736..f7dab3f1 100644 --- a/apparmor.d/groups/apt/debsecan +++ b/apparmor.d/groups/apt/debsecan @@ -21,7 +21,7 @@ profile debsecan @{exec_path} { network inet6 stream, @{exec_path} r, - @{bin}/python3.[0-9]* r, + @{bin}/python3.@{int} r, @{bin}/ r, @{bin}/{,ba,da}sh rix, diff --git a/apparmor.d/groups/apt/debtags b/apparmor.d/groups/apt/debtags index e9d2a4a3..65a0d34e 100644 --- a/apparmor.d/groups/apt/debtags +++ b/apparmor.d/groups/apt/debtags @@ -16,7 +16,7 @@ profile debtags @{exec_path} { #capability sys_tty_config, @{exec_path} r, - @{bin}/python3.[0-9]* r, + @{bin}/python3.@{int} r, @{bin}/ r, @{bin}/dpkg rPx -> child-dpkg, diff --git a/apparmor.d/groups/apt/querybts b/apparmor.d/groups/apt/querybts index a8062c1c..68c1d6ab 100644 --- a/apparmor.d/groups/apt/querybts +++ b/apparmor.d/groups/apt/querybts @@ -26,7 +26,7 @@ profile querybts @{exec_path} { network netlink raw, @{exec_path} r, - @{bin}/python3.[0-9]* r, + @{bin}/python3.@{int} r, @{bin}/ r, @{bin}/{,ba,da}sh rix, diff --git a/apparmor.d/groups/apt/reportbug b/apparmor.d/groups/apt/reportbug index a6cc7afd..897e004b 100644 --- a/apparmor.d/groups/apt/reportbug +++ b/apparmor.d/groups/apt/reportbug @@ -31,7 +31,7 @@ profile reportbug @{exec_path} { @{exec_path} r, @{bin}/ r, - @{bin}/python3.[0-9]* r, + @{bin}/python3.@{int} r, @{bin}/ldconfig rix, @{bin}/selinuxenabled rix, diff --git a/apparmor.d/groups/apt/unattended-upgrade b/apparmor.d/groups/apt/unattended-upgrade index d1e0e7d0..269c70df 100644 --- a/apparmor.d/groups/apt/unattended-upgrade +++ b/apparmor.d/groups/apt/unattended-upgrade @@ -42,7 +42,7 @@ profile unattended-upgrade @{exec_path} flags=(attach_disconnected) { @{bin}/echo rix, @{bin}/gdbus rix, @{bin}/ischroot rix, - @{bin}/python3.[0-9]* rix, + @{bin}/python3.@{int} rix, @{bin}/test rix, @{bin}/touch rix, @{bin}/uname rix, diff --git a/apparmor.d/groups/apt/update-apt-xapian-index b/apparmor.d/groups/apt/update-apt-xapian-index index 286912f8..c6c3b2ef 100644 --- a/apparmor.d/groups/apt/update-apt-xapian-index +++ b/apparmor.d/groups/apt/update-apt-xapian-index @@ -13,7 +13,7 @@ profile update-apt-xapian-index @{exec_path} { include @{exec_path} r, - @{bin}/python3.[0-9]* r, + @{bin}/python3.@{int} r, @{bin}/ r, @{bin}/dpkg rPx -> child-dpkg, diff --git a/apparmor.d/groups/bus/ibus-engine-table b/apparmor.d/groups/bus/ibus-engine-table index a702b4a1..539365cc 100644 --- a/apparmor.d/groups/bus/ibus-engine-table +++ b/apparmor.d/groups/bus/ibus-engine-table @@ -14,7 +14,7 @@ profile ibus-engine-table @{exec_path} { @{exec_path} mr, @{bin}/{,ba,da}sh rix, - @{bin}/python3.[0-9]* rix, + @{bin}/python3.@{int} rix, /usr/share/ibus-table/engine/{,**} r, /usr/share/ibus-table/tables/ r, diff --git a/apparmor.d/groups/freedesktop/xorg b/apparmor.d/groups/freedesktop/xorg index fb0a8b11..40b431dc 100644 --- a/apparmor.d/groups/freedesktop/xorg +++ b/apparmor.d/groups/freedesktop/xorg @@ -65,15 +65,15 @@ profile xorg @{exec_path} flags=(attach_disconnected) { owner @{HOME}/.xsession-errors w, owner @{user_share_dirs}/xorg/ rw, - owner @{user_share_dirs}/xorg/Xorg.[0-9].log{,.old} rw, + owner @{user_share_dirs}/xorg/Xorg.@{int}.log{,.old} rw, owner @{user_share_dirs}/xorg/Xorg.pid-@{pid}.log{,.old} rw, owner /var/log/lightdm/x-*.log* rw, - owner /var/log/Xorg.[0-9].log{,.old} rw, + owner /var/log/Xorg.@{int}.log{,.old} rw, owner /var/log/Xorg.pid-@{pid}.log{,.old} rw, /var/lib/gdm{3,}/.local/share/xorg/ rw, - /var/lib/gdm{3,}/.local/share/xorg/Xorg.[0-9].log{,.old} rw, + /var/lib/gdm{3,}/.local/share/xorg/Xorg.@{int}.log{,.old} rw, /var/lib/gdm{3,}/.local/share/xorg/Xorg.pid-@{pid}.log{,.old} rw, /var/lib/gdm{3,}/.cache/mesa_shader_cache/index rw, @@ -82,9 +82,9 @@ profile xorg @{exec_path} flags=(attach_disconnected) { @{run}/lightdm/{,**} rw, /tmp/ r, - /tmp/server-[0-9].xkm rw, - owner /tmp/.tX[0-9]-lock rwk, - owner /tmp/.X[0-9]-lock rwkl -> /tmp/.tX[0-9]-lock, + /tmp/server-@{int}.xkm rw, + owner /tmp/.tX@{int}-lock rwk, + owner /tmp/.X@{int}-lock rwkl -> /tmp/.tX@{int}-lock, owner /tmp/server-* rwk, owner /tmp/serverauth.* r, diff --git a/apparmor.d/groups/gnome/gnome-browser-connector-host b/apparmor.d/groups/gnome/gnome-browser-connector-host index a5a088af..92afcddb 100644 --- a/apparmor.d/groups/gnome/gnome-browser-connector-host +++ b/apparmor.d/groups/gnome/gnome-browser-connector-host @@ -15,9 +15,9 @@ profile gnome-browser-connector-host @{exec_path} { @{exec_path} mr, @{bin}/env rix, - @{bin}/python3.[0-9]* rix, + @{bin}/python3.@{int} rix, - @{lib}/python3.[0-9]*/site-packages/gnome_browser_connector/__pycache__/{,**} rw, + @{lib}/python3.@{int}/site-packages/gnome_browser_connector/__pycache__/{,**} rw, /usr/share/glib-2.0/schemas/gschemas.compiled r, diff --git a/apparmor.d/groups/gnome/gnome-music b/apparmor.d/groups/gnome/gnome-music index 545d9f55..55a03ecf 100644 --- a/apparmor.d/groups/gnome/gnome-music +++ b/apparmor.d/groups/gnome/gnome-music @@ -28,8 +28,8 @@ profile gnome-music @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, @{bin}/ r, - @{bin}/python3.[0-9]* rix, - @{lib}/python3.[0-9]*/site-packages//gnomemusic/__pycache__/{,**} rw, + @{bin}/python3.@{int} rix, + @{lib}/python3.@{int}/site-packages//gnomemusic/__pycache__/{,**} rw, /usr/share/grilo-plugins/grl-lua-factory/{,*} r, /usr/share/org.gnome.Music/{,**} r, diff --git a/apparmor.d/groups/gnome/gnome-tweaks b/apparmor.d/groups/gnome/gnome-tweaks index b54e2959..84638981 100644 --- a/apparmor.d/groups/gnome/gnome-tweaks +++ b/apparmor.d/groups/gnome/gnome-tweaks @@ -18,9 +18,9 @@ profile gnome-tweaks @{exec_path} { @{bin}/ r, @{bin}/ps rPx, - @{bin}/python3.[0-9]* rix, + @{bin}/python3.@{int} rix, - @{lib}/python3.[0-9]*/site-packages/gtweak/{,*/,**/}__pycache__/*pyc* w, + @{lib}/python3.@{int}/site-packages/gtweak/{,*/,**/}__pycache__/*pyc* w, /usr/share/gnome-tweaks/{,**} r, diff --git a/apparmor.d/groups/kde/kconf_update b/apparmor.d/groups/kde/kconf_update index d2987b2b..90cf9175 100644 --- a/apparmor.d/groups/kde/kconf_update +++ b/apparmor.d/groups/kde/kconf_update @@ -27,7 +27,7 @@ profile kconf_update @{exec_path} { @{bin}/{,ba,da}sh rix, @{bin}/{,p}grep rix, - @{bin}/python3.[0-9]* rix, + @{bin}/python3.@{int} rix, @{bin}/qtpaths rix, @{bin}/sed rix, diff --git a/apparmor.d/groups/kde/kwin_wayland_wrapper b/apparmor.d/groups/kde/kwin_wayland_wrapper index a3b9ceed..8b3a31e1 100644 --- a/apparmor.d/groups/kde/kwin_wayland_wrapper +++ b/apparmor.d/groups/kde/kwin_wayland_wrapper @@ -21,7 +21,7 @@ profile kwin_wayland_wrapper @{exec_path} { owner @{run}/user/@{uid}/#@{int} rw, owner @{run}/user/@{uid}/xauth_@{rand6} w, - owner /tmp/.X1-lock rw, + owner /tmp/.X@{int}-lock rw, include if exists } diff --git a/apparmor.d/groups/pacman/pacman-hook-code b/apparmor.d/groups/pacman/pacman-hook-code index fad05ca4..aec2ef94 100644 --- a/apparmor.d/groups/pacman/pacman-hook-code +++ b/apparmor.d/groups/pacman/pacman-hook-code @@ -16,7 +16,7 @@ profile pacman-hook-code @{exec_path} { @{exec_path} mr, @{bin}/env r, - @{bin}/python3.[0-9]* rix, + @{bin}/python3.@{int} rix, @{lib}/code/product.json rw, diff --git a/apparmor.d/groups/ubuntu/apport-checkreports b/apparmor.d/groups/ubuntu/apport-checkreports index f13fca37..e07166db 100644 --- a/apparmor.d/groups/ubuntu/apport-checkreports +++ b/apparmor.d/groups/ubuntu/apport-checkreports @@ -15,7 +15,7 @@ profile apport-checkreports @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, - @{bin}/python3.[0-9]* r, + @{bin}/python3.@{int} r, /usr/share/dpkg/cputable r, /usr/share/dpkg/tupletable r, diff --git a/apparmor.d/groups/ubuntu/software-properties-dbus b/apparmor.d/groups/ubuntu/software-properties-dbus index ddbc7170..f8438d8e 100644 --- a/apparmor.d/groups/ubuntu/software-properties-dbus +++ b/apparmor.d/groups/ubuntu/software-properties-dbus @@ -28,7 +28,7 @@ profile software-properties-dbus @{exec_path} { @{exec_path} mr, - @{bin}/python3.[0-9]* rix, + @{bin}/python3.@{int} rix, @{bin}/env rix, @{bin}/apt-key rPx, # Changing trusted keys @{bin}/lsb_release rPx -> lsb_release, @@ -40,7 +40,7 @@ profile software-properties-dbus @{exec_path} { /usr/share/distro-info/*.csv r, /usr/share/xml/iso-codes/{,**} r, - owner /tmp/???????? rw, + owner /tmp/???????? rw, # unconventional '_' tail owner /tmp/tmp????????/ w, # change to 'c' owner /tmp/tmp????????/apt.conf w, diff --git a/apparmor.d/groups/ubuntu/software-properties-gtk b/apparmor.d/groups/ubuntu/software-properties-gtk index bbf2ef74..04cc5755 100644 --- a/apparmor.d/groups/ubuntu/software-properties-gtk +++ b/apparmor.d/groups/ubuntu/software-properties-gtk @@ -48,7 +48,7 @@ profile software-properties-gtk @{exec_path} { @{bin}/ r, - @{bin}/python3.[0-9]* r, + @{bin}/python3.@{int} r, @{bin}/{,da,ba}sh rix, @{bin}/aplay rPx, @{bin}/apt-key rPx, diff --git a/apparmor.d/groups/ubuntu/update-motd-updates-available b/apparmor.d/groups/ubuntu/update-motd-updates-available index 4fd603f6..b069c481 100644 --- a/apparmor.d/groups/ubuntu/update-motd-updates-available +++ b/apparmor.d/groups/ubuntu/update-motd-updates-available @@ -19,7 +19,7 @@ profile update-motd-updates-available @{exec_path} { @{exec_path} mr, - @{bin}/python3.[0-9]* r, + @{bin}/python3.@{int} r, @{bin}/{,ba,da}sh rix, @{bin}/apt-config rPx, diff --git a/apparmor.d/groups/ubuntu/update-notifier b/apparmor.d/groups/ubuntu/update-notifier index df0e96ff..15ede455 100644 --- a/apparmor.d/groups/ubuntu/update-notifier +++ b/apparmor.d/groups/ubuntu/update-notifier @@ -62,7 +62,7 @@ profile update-notifier @{exec_path} { /usr/share/apport/apport-checkreports rPx, /usr/share/apport/apport-gtk rPx, - @{lib}/python3.[0-9]*/dist-packages/{apt,gi}/**/__pycache__/{,**} rw, + @{lib}/python3.@{int}/dist-packages/{apt,gi}/**/__pycache__/{,**} rw, /usr/share/dpkg/cputable r, /usr/share/dpkg/tupletable r, diff --git a/apparmor.d/profiles-a-f/arandr b/apparmor.d/profiles-a-f/arandr index 26c11243..9cccce4e 100644 --- a/apparmor.d/profiles-a-f/arandr +++ b/apparmor.d/profiles-a-f/arandr @@ -18,7 +18,7 @@ profile arandr @{exec_path} { include @{exec_path} r, - @{bin}/python3.[0-9]* r, + @{bin}/python3.@{int} r, @{bin}/ r, @{bin}/xrandr rPx, diff --git a/apparmor.d/profiles-a-f/borg b/apparmor.d/profiles-a-f/borg index aefabbac..063dfc78 100644 --- a/apparmor.d/profiles-a-f/borg +++ b/apparmor.d/profiles-a-f/borg @@ -29,7 +29,7 @@ profile borg @{exec_path} { @{exec_path} r, @{bin}/ r, - @{bin}/python3.[0-9]* r, + @{bin}/python3.@{int} r, @{bin}/{,@{multiarch}-}ld.bfd rix, @{bin}/cat rix, diff --git a/apparmor.d/profiles-a-f/convertall b/apparmor.d/profiles-a-f/convertall index cbdfab62..4fcaf34d 100644 --- a/apparmor.d/profiles-a-f/convertall +++ b/apparmor.d/profiles-a-f/convertall @@ -23,7 +23,7 @@ profile convertall @{exec_path} { @{exec_path} r, @{bin}/{,ba,da}sh rix, - @{bin}/python3.[0-9]* rix, + @{bin}/python3.@{int} rix, owner @{HOME}/.convertall rw, diff --git a/apparmor.d/profiles-a-f/cupsd b/apparmor.d/profiles-a-f/cupsd index 10e9bd7e..3ee0af65 100644 --- a/apparmor.d/profiles-a-f/cupsd +++ b/apparmor.d/profiles-a-f/cupsd @@ -56,7 +56,7 @@ profile cupsd @{exec_path} flags=(attach_disconnected) { @{bin}/ippfind rix, @{bin}/mktemp rix, @{bin}/printenv rix, - @{bin}/python3.[0-9]* rix, + @{bin}/python3.@{int} rix, @{bin}/rm rix, @{bin}/sed rix, @{bin}/smbspool rPx, diff --git a/apparmor.d/profiles-a-f/execute-dcut b/apparmor.d/profiles-a-f/execute-dcut index bf705a3e..849b396d 100644 --- a/apparmor.d/profiles-a-f/execute-dcut +++ b/apparmor.d/profiles-a-f/execute-dcut @@ -12,7 +12,7 @@ profile execute-dcut @{exec_path} flags=(complain) { include @{exec_path} r, - @{bin}/python3.[0-9]* r, + @{bin}/python3.@{int} r, include if exists } diff --git a/apparmor.d/profiles-a-f/execute-dput b/apparmor.d/profiles-a-f/execute-dput index 26f843e5..af9c693f 100644 --- a/apparmor.d/profiles-a-f/execute-dput +++ b/apparmor.d/profiles-a-f/execute-dput @@ -15,7 +15,7 @@ profile execute-dput @{exec_path} flags=(complain) { @{exec_path} r, - @{bin}/python3.[0-9]* r, + @{bin}/python3.@{int} r, @{bin}/{,ba,da}sh rix, @{bin}/dpkg rPx -> child-dpkg, diff --git a/apparmor.d/profiles-a-f/fail2ban-client b/apparmor.d/profiles-a-f/fail2ban-client index 6c1e7337..0ae8687e 100644 --- a/apparmor.d/profiles-a-f/fail2ban-client +++ b/apparmor.d/profiles-a-f/fail2ban-client @@ -15,7 +15,7 @@ profile fail2ban-client @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, @{bin}/ r, - @{bin}/python3.[0-9]* r, + @{bin}/python3.@{int} r, /etc/fail2ban/{,**} r, diff --git a/apparmor.d/profiles-a-f/fail2ban-server b/apparmor.d/profiles-a-f/fail2ban-server index 9d5138cb..ced4ec55 100644 --- a/apparmor.d/profiles-a-f/fail2ban-server +++ b/apparmor.d/profiles-a-f/fail2ban-server @@ -25,7 +25,7 @@ profile fail2ban-server @{exec_path} flags=(attach_disconnected) { @{bin}/iptables rix, @{bin}/ r, - @{bin}/python3.[0-9]* r, + @{bin}/python3.@{int} r, /etc/fail2ban/{,**} r, diff --git a/apparmor.d/profiles-g-l/ganyremote b/apparmor.d/profiles-g-l/ganyremote index ba657908..4e150fb6 100644 --- a/apparmor.d/profiles-g-l/ganyremote +++ b/apparmor.d/profiles-g-l/ganyremote @@ -23,7 +23,7 @@ profile ganyremote @{exec_path} { network inet6 stream, @{exec_path} r, - @{bin}/python3.[0-9]* r, + @{bin}/python3.@{int} r, @{bin}/ r, @{bin}/{,ba,da}sh rix, diff --git a/apparmor.d/profiles-g-l/gpo b/apparmor.d/profiles-g-l/gpo index 5401b194..2d2a49b7 100644 --- a/apparmor.d/profiles-g-l/gpo +++ b/apparmor.d/profiles-g-l/gpo @@ -22,7 +22,7 @@ profile gpo @{exec_path} { network inet6 stream, @{exec_path} r, - @{bin}/python3.[0-9]* r, + @{bin}/python3.@{int} r, @{bin}/ r, @{bin}/{,ba,da}sh rix, diff --git a/apparmor.d/profiles-g-l/gpodder b/apparmor.d/profiles-g-l/gpodder index a798e6c8..4ac144f8 100644 --- a/apparmor.d/profiles-g-l/gpodder +++ b/apparmor.d/profiles-g-l/gpodder @@ -26,7 +26,7 @@ profile gpodder @{exec_path} { network netlink raw, @{exec_path} r, - @{bin}/python3.[0-9]* r, + @{bin}/python3.@{int} r, @{bin}/ r, @{bin}/{,ba,da}sh rix, diff --git a/apparmor.d/profiles-g-l/gpodder-migrate2tres b/apparmor.d/profiles-g-l/gpodder-migrate2tres index 4bf4cc49..62f87659 100644 --- a/apparmor.d/profiles-g-l/gpodder-migrate2tres +++ b/apparmor.d/profiles-g-l/gpodder-migrate2tres @@ -12,7 +12,7 @@ profile gpodder-migrate2tres @{exec_path} { include @{exec_path} r, - @{bin}/python3.[0-9]* r, + @{bin}/python3.@{int} r, @{bin}/ r, @{bin}/{,ba,da}sh rix, diff --git a/apparmor.d/profiles-g-l/hardinfo b/apparmor.d/profiles-g-l/hardinfo index acbcdccc..1a82c287 100644 --- a/apparmor.d/profiles-g-l/hardinfo +++ b/apparmor.d/profiles-g-l/hardinfo @@ -40,7 +40,7 @@ profile hardinfo @{exec_path} { @{bin}/make rix, @{bin}/perl rix, @{bin}/python2.[0-9]* rix, - @{bin}/python3.[0-9]* rix, + @{bin}/python3.@{int} rix, @{bin}/route rix, @{bin}/ruby[0-9].@{int} rix, @{bin}/strace rix, diff --git a/apparmor.d/profiles-g-l/hypnotix b/apparmor.d/profiles-g-l/hypnotix index dad76ca1..ecf6b80f 100644 --- a/apparmor.d/profiles-g-l/hypnotix +++ b/apparmor.d/profiles-g-l/hypnotix @@ -36,7 +36,7 @@ profile hypnotix @{exec_path} { network netlink raw, @{exec_path} rix, - @{bin}/python3.[0-9]* r, + @{bin}/python3.@{int} r, @{bin}/{,ba,da}sh rix, @{bin}/ldconfig rix, diff --git a/apparmor.d/profiles-g-l/install-printerdriver b/apparmor.d/profiles-g-l/install-printerdriver index a6e13cf7..f44dc138 100644 --- a/apparmor.d/profiles-g-l/install-printerdriver +++ b/apparmor.d/profiles-g-l/install-printerdriver @@ -15,7 +15,7 @@ profile install-printerdriver @{exec_path} flags=(complain) { @{exec_path} mrix, @{bin}/{,ba,da}sh rix, - @{bin}/python3.[0-9]* r, + @{bin}/python3.@{int} r, /usr/share/system-config-printer/{,**} r, diff --git a/apparmor.d/profiles-g-l/iotop b/apparmor.d/profiles-g-l/iotop index 32a28bc5..cbf05f6d 100644 --- a/apparmor.d/profiles-g-l/iotop +++ b/apparmor.d/profiles-g-l/iotop @@ -19,7 +19,7 @@ profile iotop @{exec_path} { capability sys_nice, @{exec_path} r, - @{bin}/python3.[0-9]* r, + @{bin}/python3.@{int} r, @{bin}/file rix, diff --git a/apparmor.d/profiles-g-l/kconfig-hardened-check b/apparmor.d/profiles-g-l/kconfig-hardened-check index 356cf319..4e24d381 100644 --- a/apparmor.d/profiles-g-l/kconfig-hardened-check +++ b/apparmor.d/profiles-g-l/kconfig-hardened-check @@ -12,7 +12,7 @@ profile kconfig-hardened-check @{exec_path} { include @{exec_path} r, - @{bin}/python3.[0-9]* r, + @{bin}/python3.@{int} r, @{bin}/ r, diff --git a/apparmor.d/profiles-g-l/labwc b/apparmor.d/profiles-g-l/labwc index 8b6ad560..157a1ceb 100644 --- a/apparmor.d/profiles-g-l/labwc +++ b/apparmor.d/profiles-g-l/labwc @@ -60,9 +60,9 @@ profile labwc @{exec_path} flags=(attach_disconnected) { owner @{PROC}/@{pid}/fd/ r, - owner /tmp/.X[0-9]*-lock rw, + owner /tmp/.X@{int}-lock rw, owner /tmp/.X11-unix/ rw, - owner /tmp/.X11-unix/X[0-9]* rw, + owner /tmp/.X11-unix/X@{int} rw, include if exists } diff --git a/apparmor.d/profiles-m-r/mpsyt b/apparmor.d/profiles-m-r/mpsyt index ea40cb8e..0b30f3a4 100644 --- a/apparmor.d/profiles-m-r/mpsyt +++ b/apparmor.d/profiles-m-r/mpsyt @@ -24,7 +24,7 @@ profile mpsyt @{exec_path} { network netlink raw, @{exec_path} r, - @{bin}/python3.[0-9]* r, + @{bin}/python3.@{int} r, @{bin}/ r, @{bin}/ldconfig rix, diff --git a/apparmor.d/profiles-m-r/needrestart b/apparmor.d/profiles-m-r/needrestart index a82d9a2e..b36ab967 100644 --- a/apparmor.d/profiles-m-r/needrestart +++ b/apparmor.d/profiles-m-r/needrestart @@ -28,7 +28,7 @@ profile needrestart @{exec_path} flags=(attach_disconnected) { @{bin}/dpkg-query rpx, @{bin}/fail2ban-server rPx, @{bin}/locale rix, - @{bin}/python3.[0-9]* rix, + @{bin}/python3.@{int} rix, @{bin}/sed rix, @{bin}/stty rix, @{bin}/systemctl rPx -> child-systemctl, diff --git a/apparmor.d/profiles-m-r/obamenu b/apparmor.d/profiles-m-r/obamenu index ca2493fc..b0eb3d72 100644 --- a/apparmor.d/profiles-m-r/obamenu +++ b/apparmor.d/profiles-m-r/obamenu @@ -12,7 +12,7 @@ profile obamenu @{exec_path} { include @{exec_path} r, - @{bin}/python3.[0-9]* rix, + @{bin}/python3.@{int} rix, @{bin}/ r, diff --git a/apparmor.d/profiles-m-r/pass-import b/apparmor.d/profiles-m-r/pass-import index d8274428..81b9d859 100644 --- a/apparmor.d/profiles-m-r/pass-import +++ b/apparmor.d/profiles-m-r/pass-import @@ -25,10 +25,10 @@ profile pass-import @{exec_path} { @{bin}/ld rix, @{bin}/ldconfig rix, @{bin}/pass rPx, - @{bin}/python3.[0-9]* rix, + @{bin}/python3.@{int} rix, @{lib}/gcc/**/collect2 rix, - @{lib}/python{2.[4-7],3,3.[0-9]*}/** w, # TODO: Test deny + @{lib}/python{2.[4-7],3,3.@{int}}/** w, # TODO: Test deny /usr/share/file/misc/magic.mgc r, @@ -39,4 +39,4 @@ profile pass-import @{exec_path} { @{PROC}/@{pids}/fd/ r, include if exists -} \ No newline at end of file +} diff --git a/apparmor.d/profiles-m-r/ps-mem b/apparmor.d/profiles-m-r/ps-mem index b90bf724..c5af4a76 100644 --- a/apparmor.d/profiles-m-r/ps-mem +++ b/apparmor.d/profiles-m-r/ps-mem @@ -16,7 +16,7 @@ profile ps-mem @{exec_path} { ptrace (read), @{exec_path} r, - @{bin}/python3.[0-9]* r, + @{bin}/python3.@{int} r, @{bin}/ r, diff --git a/apparmor.d/profiles-m-r/qbittorrent b/apparmor.d/profiles-m-r/qbittorrent index 72279e41..6423c9f6 100644 --- a/apparmor.d/profiles-m-r/qbittorrent +++ b/apparmor.d/profiles-m-r/qbittorrent @@ -79,7 +79,7 @@ profile qbittorrent @{exec_path} { @{exec_path} mr, @{open_path} rPx -> child-open, - @{bin}/python3.[0-9]* rCx -> python, # For "search engine" + @{bin}/python3.@{int} rCx -> python, # For "search engine" # Allowed apps to open @{bin}/spacefm rPx, @@ -147,13 +147,13 @@ profile qbittorrent @{exec_path} { network inet6 stream, network netlink raw, - @{bin}/python3.[0-9]* r, + @{bin}/python3.@{int} r, owner @{user_share_dirs}/{,data/}qBittorrent/nova[0-9]/{,**} rw, owner @{user_torrents_dirs}/** r, - owner /dev/shm/sem.mp-* rwl -> /dev/shm/@{int}, + owner /dev/shm/sem.mp-???????? rwl -> /dev/shm/@{int}, # unconventional '_' tail owner /dev/shm/* rw, owner /tmp/@{int} rw, diff --git a/apparmor.d/profiles-m-r/repo b/apparmor.d/profiles-m-r/repo index a57bb508..70a0fe1a 100644 --- a/apparmor.d/profiles-m-r/repo +++ b/apparmor.d/profiles-m-r/repo @@ -23,7 +23,7 @@ profile repo @{exec_path} { network netlink raw, @{exec_path} r, - @{bin}/python3.[0-9]* rix, + @{bin}/python3.@{int} rix, @{bin}/ r, @{bin}/env rix, @@ -57,7 +57,7 @@ profile repo @{exec_path} { owner @{PROC}/@{pid}/mounts r, owner /dev/shm/* rw, - owner /dev/shm/sem.mp* rwl -> /dev/shm/*, + owner /dev/shm/sem.mp-???????? rwl -> /dev/shm/*, # unconventional '_' tail # Silencer deny /etc/.repo_gitconfig.json w, diff --git a/apparmor.d/profiles-m-r/rustdesk b/apparmor.d/profiles-m-r/rustdesk index 709a34d4..c2ba2970 100644 --- a/apparmor.d/profiles-m-r/rustdesk +++ b/apparmor.d/profiles-m-r/rustdesk @@ -37,7 +37,7 @@ profile rustdesk @{exec_path} { @{bin}/curl rix, @{bin}/ls rix, - @{bin}/python3.[0-9]* rPx -> rustdesk_python, + @{bin}/python3.@{int} rPx -> rustdesk_python, @{bin}/{,ba,da}sh rPx -> rustdesk_shell, /etc/gdm{,3}/custom.conf r, @@ -141,7 +141,7 @@ profile rustdesk @{exec_path} { owner @{PROC}/@{pid}/fd/ r, /{,usr/}{,local/}bin/rustdesk rPx, - @{bin}/python3.[0-9]* rPx -> rustdesk_python, + @{bin}/python3.@{int} rPx -> rustdesk_python, include if exists } @@ -165,14 +165,14 @@ profile rustdesk_python { capability dac_read_search, capability dac_override, - @{bin}/python3.[0-9]* r, + @{bin}/python3.@{int} r, @{bin}/{,ba,da}sh rix, @{bin}/chmod rix, @{bin}/uname rPx, /usr/share/rustdesk/files/pynput_service.py rPx, - /usr/local/lib/python3.[0-9]*/dist-packages/pynput/{,**} r, + /usr/local/lib/python3.@{int}/dist-packages/pynput/{,**} r, /usr/share/[rR]ust[dD]esk/files/{,**} r, /tmp/[rR]ust[dD]esk/ w, /tmp/[rR]ust[dD]esk/pynput_service rw, diff --git a/apparmor.d/profiles-s-z/speedtest b/apparmor.d/profiles-s-z/speedtest index 03965d42..6687fab4 100644 --- a/apparmor.d/profiles-s-z/speedtest +++ b/apparmor.d/profiles-s-z/speedtest @@ -20,7 +20,7 @@ profile speedtest @{exec_path} { network netlink raw, @{exec_path} r, - @{bin}/python3.[0-9]* r, + @{bin}/python3.@{int} r, @{bin}/ r, @{bin}/file rix, diff --git a/apparmor.d/profiles-s-z/steam-game b/apparmor.d/profiles-s-z/steam-game index f18c152a..c98cd0d5 100644 --- a/apparmor.d/profiles-s-z/steam-game +++ b/apparmor.d/profiles-s-z/steam-game @@ -66,7 +66,7 @@ profile steam-game @{exec_path} flags=(attach_disconnected) { @{bin}/getopt rix, @{bin}/gzip rix, @{bin}/localedef rix, - @{bin}/python3.[0-9]* rix, + @{bin}/python3.@{int} rix, @{bin}/readlink rix, @{bin}/steam-runtime-launcher-interface-* rix, @{bin}/steam-runtime-system-info rix, diff --git a/apparmor.d/profiles-s-z/system-config-printer b/apparmor.d/profiles-s-z/system-config-printer index 748e96ea..79453ae5 100644 --- a/apparmor.d/profiles-s-z/system-config-printer +++ b/apparmor.d/profiles-s-z/system-config-printer @@ -32,7 +32,7 @@ profile system-config-printer @{exec_path} flags=(complain) { @{exec_path} mrix, @{bin}/{,ba,da}sh rix, - @{bin}/python3.[0-9]* r, + @{bin}/python3.@{int} r, @{lib}/cups/*/* rPUx, /usr/share/hplip/query.py rPUx, diff --git a/apparmor.d/profiles-s-z/system-config-printer-applet b/apparmor.d/profiles-s-z/system-config-printer-applet index 927bbe91..a592f326 100644 --- a/apparmor.d/profiles-s-z/system-config-printer-applet +++ b/apparmor.d/profiles-s-z/system-config-printer-applet @@ -19,7 +19,7 @@ profile system-config-printer-applet @{exec_path} { @{exec_path} mrix, @{bin}/{,ba,da}sh rix, - @{bin}/python3.[0-9]* r, + @{bin}/python3.@{int} r, /usr/share/system-config-printer/{,**} r, diff --git a/apparmor.d/profiles-s-z/terminator b/apparmor.d/profiles-s-z/terminator index 78909613..51db6333 100644 --- a/apparmor.d/profiles-s-z/terminator +++ b/apparmor.d/profiles-s-z/terminator @@ -26,7 +26,7 @@ profile terminator @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, @{bin}/ r, - @{bin}/python3.[0-9]* rix, + @{bin}/python3.@{int} rix, # The shell is not confined on purpose. @{bin}/{,b,d,rb}ash rUx, diff --git a/apparmor.d/profiles-s-z/udiskie b/apparmor.d/profiles-s-z/udiskie index 4a103341..5de5963e 100644 --- a/apparmor.d/profiles-s-z/udiskie +++ b/apparmor.d/profiles-s-z/udiskie @@ -22,7 +22,7 @@ profile udiskie @{exec_path} { include @{exec_path} r, - @{bin}/python3.[0-9]* r, + @{bin}/python3.@{int} r, @{bin}/ r, @{bin}/xdg-open rCx -> open, diff --git a/apparmor.d/profiles-s-z/udiskie-info b/apparmor.d/profiles-s-z/udiskie-info index f1190dae..d737c93c 100644 --- a/apparmor.d/profiles-s-z/udiskie-info +++ b/apparmor.d/profiles-s-z/udiskie-info @@ -12,7 +12,7 @@ profile udiskie-info @{exec_path} { include @{exec_path} r, - @{bin}/python3.[0-9]* r, + @{bin}/python3.@{int} r, /usr/bin/ r, diff --git a/apparmor.d/profiles-s-z/udiskie-mount b/apparmor.d/profiles-s-z/udiskie-mount index b76d4be5..36b5d4da 100644 --- a/apparmor.d/profiles-s-z/udiskie-mount +++ b/apparmor.d/profiles-s-z/udiskie-mount @@ -12,7 +12,7 @@ profile udiskie-mount @{exec_path} { include @{exec_path} r, - @{bin}/python3.[0-9]* r, + @{bin}/python3.@{int} r, /usr/bin/ r, diff --git a/apparmor.d/profiles-s-z/udiskie-umount b/apparmor.d/profiles-s-z/udiskie-umount index fd4c752a..65d2fe5f 100644 --- a/apparmor.d/profiles-s-z/udiskie-umount +++ b/apparmor.d/profiles-s-z/udiskie-umount @@ -12,7 +12,7 @@ profile udiskie-umount @{exec_path} { include @{exec_path} r, - @{bin}/python3.[0-9]* r, + @{bin}/python3.@{int} r, /usr/bin/ r, diff --git a/apparmor.d/profiles-s-z/update-command-not-found b/apparmor.d/profiles-s-z/update-command-not-found index 4074fd58..b52a30e4 100644 --- a/apparmor.d/profiles-s-z/update-command-not-found +++ b/apparmor.d/profiles-s-z/update-command-not-found @@ -20,7 +20,7 @@ profile update-command-not-found @{exec_path} { @{exec_path} r, - @{bin}/python3.[0-9]* r, + @{bin}/python3.@{int} r, @{lib}/ r, @{bin}/dpkg rPx -> child-dpkg, diff --git a/apparmor.d/profiles-s-z/vcsi b/apparmor.d/profiles-s-z/vcsi index 94868446..6a32b50b 100644 --- a/apparmor.d/profiles-s-z/vcsi +++ b/apparmor.d/profiles-s-z/vcsi @@ -15,7 +15,7 @@ profile vcsi @{exec_path} { include @{exec_path} r, - @{bin}/python3.[0-9]* r, + @{bin}/python3.@{int} r, @{bin}/ r, @{bin}/ffmpeg rPx, diff --git a/apparmor.d/profiles-s-z/vidcutter b/apparmor.d/profiles-s-z/vidcutter index c7edccdd..49c89e54 100644 --- a/apparmor.d/profiles-s-z/vidcutter +++ b/apparmor.d/profiles-s-z/vidcutter @@ -29,7 +29,7 @@ profile vidcutter @{exec_path} { include @{exec_path} r, - @{bin}/python3.[0-9]* r, + @{bin}/python3.@{int} r, @{bin}/ r, @{bin}/ldconfig rix, diff --git a/apparmor.d/profiles-s-z/virt-manager b/apparmor.d/profiles-s-z/virt-manager index 1311f77b..aeef50d5 100644 --- a/apparmor.d/profiles-s-z/virt-manager +++ b/apparmor.d/profiles-s-z/virt-manager @@ -32,8 +32,8 @@ profile virt-manager @{exec_path} flags=(attach_disconnected) { @{exec_path} rix, @{bin}/{,ba,da}sh rix, - @{bin}/python3.[0-9]* r, - @{lib}/python3.[0-9]*/site-packages/__pycache__/guestfs.cpython-[0-9]*.pyc.[0-9]* w, + @{bin}/python3.@{int} r, + @{lib}/python3.@{int}/site-packages/__pycache__/guestfs.cpython-[0-9]*.pyc.[0-9]* w, @{bin}/ r, @{bin}/env rix, diff --git a/apparmor.d/profiles-s-z/youtube-dl b/apparmor.d/profiles-s-z/youtube-dl index fce659c4..b3f3837c 100644 --- a/apparmor.d/profiles-s-z/youtube-dl +++ b/apparmor.d/profiles-s-z/youtube-dl @@ -31,7 +31,7 @@ profile youtube-dl @{exec_path} { signal (receive) set=(term, kill), @{exec_path} r, - @{bin}/python3.[0-9]* r, + @{bin}/python3.@{int} r, @{bin}/ffmpeg rPx, @{bin}/ffprobe rPx, diff --git a/apparmor.d/profiles-s-z/yt-dlp b/apparmor.d/profiles-s-z/yt-dlp index 2e2fa0b0..5a9ca88b 100644 --- a/apparmor.d/profiles-s-z/yt-dlp +++ b/apparmor.d/profiles-s-z/yt-dlp @@ -25,7 +25,7 @@ profile yt-dlp @{exec_path} { network netlink raw, @{exec_path} r, - @{bin}/python3.[0-9]* r, + @{bin}/python3.@{int} r, @{bin}/ r, @{bin}/file rix, diff --git a/apparmor.d/profiles-s-z/ytdl b/apparmor.d/profiles-s-z/ytdl index bd3f6bac..3d6daf26 100644 --- a/apparmor.d/profiles-s-z/ytdl +++ b/apparmor.d/profiles-s-z/ytdl @@ -25,7 +25,7 @@ profile ytdl @{exec_path} { signal (receive) set=(term, kill), @{exec_path} r, - @{bin}/python3.[0-9]* r, + @{bin}/python3.@{int} r, @{bin}/ r, @{bin}/ldconfig rix, diff --git a/apparmor.d/profiles-s-z/zenmap b/apparmor.d/profiles-s-z/zenmap index b6d659d4..3156331e 100644 --- a/apparmor.d/profiles-s-z/zenmap +++ b/apparmor.d/profiles-s-z/zenmap @@ -19,7 +19,7 @@ profile zenmap @{exec_path} { signal (send) set=(term, kill) peer=nmap, @{exec_path} r, - @{bin}/python3.[0-9]* r, + @{bin}/python3.@{int} r, @{bin}/nmap rPx, diff --git a/docs/install.md b/docs/install.md index 2e097e22..7d038629 100644 --- a/docs/install.md +++ b/docs/install.md @@ -93,7 +93,7 @@ sudo make profile-names... Warning: profile dependencies fallback to unconfined. @{bin}/wl-{copy,paste} rPx, @{bin}/xclip rPx, - @{bin}/python3.[0-9]* rPx -> pass-import, # pass-import + @{bin}/python3.@{int} rPx -> pass-import, # pass-import @{bin}/pager rPx -> child-pager, @{bin}/less rPx -> child-pager, @{bin}/more rPx -> child-pager,