From b4a09ab13a85f494ee93db9867fc844ff358edd4 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Wed, 8 Feb 2023 16:36:24 +0000
Subject: [PATCH] feat(profiles): networkmanager: compatibility with some
 distribution

Co-authored-by: Andy Ramos <maplewood_broer@8shield.net>
---
 apparmor.d/groups/network/NetworkManager      | 22 +++++++++----------
 apparmor.d/groups/network/nm-daemon-helper    |  2 +-
 apparmor.d/groups/network/nm-dhcp-helper      |  2 +-
 apparmor.d/groups/network/nm-iface-helper     |  2 +-
 apparmor.d/groups/network/nm-initrd-generator |  2 +-
 .../groups/network/nm-openvpn-auth-dialog     |  2 +-
 apparmor.d/groups/network/nm-openvpn-service  |  6 ++---
 .../network/nm-openvpn-service-openvpn-helper |  2 +-
 8 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/apparmor.d/groups/network/NetworkManager b/apparmor.d/groups/network/NetworkManager
index dbd6e498..9b912d10 100644
--- a/apparmor.d/groups/network/NetworkManager
+++ b/apparmor.d/groups/network/NetworkManager
@@ -89,17 +89,17 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) {
 
   /{usr/,}bin/{,ba,da}sh rix,
 
-  /{usr/,}bin/dnsmasq                            rPx,
-  /{usr/,}bin/resolvconf                         rPx,
-  /{usr/,}bin/systemctl                          rPx -> child-systemctl,
-  @{libexec}/nm-dhcp-helper                      rPx,
-  @{libexec}/nm-dispatcher                       rPx,
-  @{libexec}/nm-iface-helper                     rPx,
-  @{libexec}/nm-initrd-generator                 rPx,
-  @{libexec}/nm-openvpn-auth-dialog              rPx,
-  @{libexec}/nm-openvpn-service                  rPx,
-  @{libexec}/nm-openvpn-service-openvpn-helper   rPx,
-  @{libexec}/nm-daemon-helper                    rPx,
+  /{usr/,}bin/dnsmasq                                            rPx,
+  /{usr/,}bin/resolvconf                                         rPx,
+  /{usr/,}bin/systemctl                                          rPx -> child-systemctl,
+  @{libexec}/{,NetworkManager/}nm-dhcp-helper                    rPx,
+  @{libexec}/{,NetworkManager/}nm-dispatcher                     rPx,
+  @{libexec}/{,NetworkManager/}nm-iface-helper                   rPx,
+  @{libexec}/{,NetworkManager/}nm-initrd-generator               rPx,
+  @{libexec}/{,NetworkManager/}nm-openvpn-auth-dialog            rPx,
+  @{libexec}/{,NetworkManager/}nm-openvpn-service                rPx,
+  @{libexec}/{,NetworkManager/}nm-openvpn-service-openvpn-helper rPx,
+  @{libexec}/{,NetworkManager/}nm-daemon-helper                  rPx,
 
   /usr/share/gvfs/remote-volume-monitors/{,*.monitor} r,
 
diff --git a/apparmor.d/groups/network/nm-daemon-helper b/apparmor.d/groups/network/nm-daemon-helper
index 4419955e..8e33cbf8 100644
--- a/apparmor.d/groups/network/nm-daemon-helper
+++ b/apparmor.d/groups/network/nm-daemon-helper
@@ -6,7 +6,7 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = @{libexec}/nm-daemon-helper
+@{exec_path} = @{libexec}/{,NetworkManager/}nm-daemon-helper
 profile nm-daemon-helper @{exec_path} {
   include <abstractions/base>
   include <abstractions/nameservice-strict>
diff --git a/apparmor.d/groups/network/nm-dhcp-helper b/apparmor.d/groups/network/nm-dhcp-helper
index 7586b7c2..e72f3458 100644
--- a/apparmor.d/groups/network/nm-dhcp-helper
+++ b/apparmor.d/groups/network/nm-dhcp-helper
@@ -6,7 +6,7 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = @{libexec}/nm-dhcp-helper
+@{exec_path} = @{libexec}/{,NetworkManager/}nm-dhcp-helper
 profile nm-dhcp-helper @{exec_path} {
   include <abstractions/base>
   include <abstractions/dbus>
diff --git a/apparmor.d/groups/network/nm-iface-helper b/apparmor.d/groups/network/nm-iface-helper
index f01f185c..e410367c 100644
--- a/apparmor.d/groups/network/nm-iface-helper
+++ b/apparmor.d/groups/network/nm-iface-helper
@@ -6,7 +6,7 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = @{libexec}/nm-iface-helper
+@{exec_path} = @{libexec}/{,NetworkManager/}nm-iface-helper
 profile nm-iface-helper @{exec_path} {
   include <abstractions/base>
 
diff --git a/apparmor.d/groups/network/nm-initrd-generator b/apparmor.d/groups/network/nm-initrd-generator
index e0a8ea8b..b51c8ac2 100644
--- a/apparmor.d/groups/network/nm-initrd-generator
+++ b/apparmor.d/groups/network/nm-initrd-generator
@@ -6,7 +6,7 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = @{libexec}/nm-initrd-generator
+@{exec_path} = @{libexec}/{,NetworkManager/}nm-initrd-generator
 profile nm-initrd-generator @{exec_path} {
   include <abstractions/base>
 
diff --git a/apparmor.d/groups/network/nm-openvpn-auth-dialog b/apparmor.d/groups/network/nm-openvpn-auth-dialog
index 603e4f50..5936aa84 100644
--- a/apparmor.d/groups/network/nm-openvpn-auth-dialog
+++ b/apparmor.d/groups/network/nm-openvpn-auth-dialog
@@ -6,7 +6,7 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = @{libexec}/nm-openvpn-auth-dialog
+@{exec_path} = @{libexec}/{,NetworkManager/}nm-openvpn-auth-dialog
 profile nm-openvpn-auth-dialog @{exec_path} {
   include <abstractions/base>
 
diff --git a/apparmor.d/groups/network/nm-openvpn-service b/apparmor.d/groups/network/nm-openvpn-service
index 8ddebe16..edbdfc23 100644
--- a/apparmor.d/groups/network/nm-openvpn-service
+++ b/apparmor.d/groups/network/nm-openvpn-service
@@ -6,7 +6,7 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = @{libexec}/nm-openvpn-service
+@{exec_path} = @{libexec}/{,NetworkManager/}nm-openvpn-service
 profile nm-openvpn-service @{exec_path} {
   include <abstractions/base>
   include <abstractions/nameservice-strict>
@@ -18,8 +18,8 @@ profile nm-openvpn-service @{exec_path} {
 
   @{exec_path} mr,
 
-  @{libexec}/nm-openvpn-auth-dialog rPx,
-  @{libexec}/nm-openvpn-service-openvpn-helper rPx,
+  @{libexec}/{,NetworkManager/}nm-openvpn-auth-dialog rPx,
+  @{libexec}/{,NetworkManager/}nm-openvpn-service-openvpn-helper rPx,
   /{usr/,}{s,}bin/openvpn rPx,
   /{usr/,}bin/{,ba,da}sh rix,
   /{usr/,}bin/kmod rPx,
diff --git a/apparmor.d/groups/network/nm-openvpn-service-openvpn-helper b/apparmor.d/groups/network/nm-openvpn-service-openvpn-helper
index 4fa764bc..d602d617 100644
--- a/apparmor.d/groups/network/nm-openvpn-service-openvpn-helper
+++ b/apparmor.d/groups/network/nm-openvpn-service-openvpn-helper
@@ -6,7 +6,7 @@ abi <abi/3.0>,
 
 include <tunables/global>
 
-@{exec_path} = @{libexec}/nm-openvpn-service-openvpn-helper
+@{exec_path} = @{libexec}/{,NetworkManager/}nm-openvpn-service-openvpn-helper
 profile nm-openvpn-service-openvpn-helper @{exec_path} {
   include <abstractions/base>