From e4e54a26ef437286afd2034b3498af7ddd2017b8 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Thu, 6 Oct 2022 20:50:41 +0100
Subject: [PATCH] feat(profiles): restrict path access in pacman.

---
 apparmor.d/groups/pacman/pacman | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/apparmor.d/groups/pacman/pacman b/apparmor.d/groups/pacman/pacman
index 29684946..623065e9 100644
--- a/apparmor.d/groups/pacman/pacman
+++ b/apparmor.d/groups/pacman/pacman
@@ -104,13 +104,13 @@ profile pacman @{exec_path} {
 
   # Install/update packages
   / r,
-  /*/ rwl,
-  /boot/{,**} rwl,
-  /etc/{,**} rwl,
-  /opt/{,**} rwl,
-  /srv/{,**} rwl,
-  /usr/{,**} rwlk,
-  /var/{,**} rwlk,
+  /*/ rw,
+  /boot/** rwl -> /boot/**,
+  /etc/** rwl -> /etc/**,
+  /opt/** rwl -> /opt/**,
+  /srv/** rwl -> /srv/**,
+  /usr/** rwlk -> /usr/**,
+  /var/** rwlk -> /var/**,
 
   @{PROC}/ r,
   @{run}/ r,