From f922a5f8e88ea6cd35a9762f497a96834a34c684 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Sun, 22 Aug 2021 15:28:23 +0100 Subject: [PATCH] BUILD_DIR -> user_build_dirs. --- apparmor.d/groups/apt/apt | 6 ++---- apparmor.d/groups/apt/apt-extracttemplates | 4 +--- apparmor.d/groups/apt/apt-ftparchive | 4 +--- apparmor.d/groups/apt/apt-get | 6 ++---- apparmor.d/groups/apt/apt-methods-cdrom | 4 +--- apparmor.d/groups/apt/apt-methods-copy | 4 +--- apparmor.d/groups/apt/apt-methods-file | 4 +--- apparmor.d/groups/apt/apt-methods-ftp | 4 +--- apparmor.d/groups/apt/apt-methods-gpgv | 4 +--- apparmor.d/groups/apt/apt-methods-http | 4 +--- apparmor.d/groups/apt/apt-methods-mirror | 4 +--- apparmor.d/groups/apt/apt-methods-rred | 4 +--- apparmor.d/groups/apt/apt-methods-rsh | 4 +--- apparmor.d/groups/apt/apt-methods-store | 4 +--- apparmor.d/groups/apt/apt-show-versions | 4 +--- apparmor.d/groups/apt/aptitude | 4 +--- apparmor.d/groups/apt/debsign | 4 +--- apparmor.d/groups/apt/debtags | 4 +--- apparmor.d/groups/apt/dpkg-checkbuilddeps | 4 +--- apparmor.d/groups/apt/dpkg-deb | 4 +--- apparmor.d/groups/apt/dpkg-genbuildinfo | 4 +--- apparmor.d/groups/apt/dpkg-genchanges | 4 +--- apparmor.d/groups/apt/dpkg-split | 4 +--- apparmor.d/groups/apt/synaptic | 4 +--- apparmor.d/profiles-a-l/changestool | 4 +--- apparmor.d/profiles-a-l/execute-dput | 10 ++++------ apparmor.d/profiles-a-l/kmod | 12 +++++------- apparmor.d/profiles-m-z/reprepro | 7 +++---- apparmor.d/profiles-m-z/uscan | 10 ++++------ apparmor.d/profiles-m-z/uupdate | 4 +--- 30 files changed, 44 insertions(+), 103 deletions(-) diff --git a/apparmor.d/groups/apt/apt b/apparmor.d/groups/apt/apt index 4a0519b7..5eb581e9 100644 --- a/apparmor.d/groups/apt/apt +++ b/apparmor.d/groups/apt/apt @@ -6,8 +6,6 @@ abi , include -@{BUILD_DIR} = @{MOUNTS}/debuilder/ - @{exec_path} = /{usr/,}bin/apt profile apt @{exec_path} flags=(complain) { include @@ -119,7 +117,7 @@ profile apt @{exec_path} flags=(complain) { /var/cache/apt/** rwk, # For package building - @{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, + @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**, profile editor flags=(complain) { @@ -164,7 +162,7 @@ profile apt @{exec_path} flags=(complain) { /etc/dpkg/origins/debian r, - owner @{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, + owner @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**, owner @{HOME}/** rwkl -> @{HOME}/**, audit deny owner @{HOME}/.* mrwkl, audit deny owner @{HOME}/.*/ rw, diff --git a/apparmor.d/groups/apt/apt-extracttemplates b/apparmor.d/groups/apt/apt-extracttemplates index bfbbd845..49c8253e 100644 --- a/apparmor.d/groups/apt/apt-extracttemplates +++ b/apparmor.d/groups/apt/apt-extracttemplates @@ -6,8 +6,6 @@ abi , include -@{BUILD_DIR} = @{MOUNTS}/debuilder/ - @{exec_path} = /{usr/,}bin/apt-extracttemplates profile apt-extracttemplates @{exec_path} { include @@ -26,7 +24,7 @@ profile apt-extracttemplates @{exec_path} { owner /tmp/*.{config,template}.?????? rw, # For package building - @{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, + @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**, include if exists } diff --git a/apparmor.d/groups/apt/apt-ftparchive b/apparmor.d/groups/apt/apt-ftparchive index a4e56a2f..22c62f6c 100644 --- a/apparmor.d/groups/apt/apt-ftparchive +++ b/apparmor.d/groups/apt/apt-ftparchive @@ -6,8 +6,6 @@ abi , include -@{BUILD_DIR} = @{MOUNTS}/debuilder/ - @{exec_path} = /{usr/,}bin/apt-ftparchive profile apt-ftparchive @{exec_path} { include @@ -18,7 +16,7 @@ profile apt-ftparchive @{exec_path} { /etc/apt/apt.conf.d/{,*} r, # For package building - @{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, + @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**, include if exists } diff --git a/apparmor.d/groups/apt/apt-get b/apparmor.d/groups/apt/apt-get index d589f1d7..de36d6d8 100644 --- a/apparmor.d/groups/apt/apt-get +++ b/apparmor.d/groups/apt/apt-get @@ -6,8 +6,6 @@ abi , include -@{BUILD_DIR} = @{MOUNTS}/debuilder/ - @{exec_path} = /{usr/,}bin/apt-get profile apt-get @{exec_path} flags=(complain) { include @@ -122,7 +120,7 @@ profile apt-get @{exec_path} flags=(complain) { /var/cache/apt/** rwk, # For package building - @{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, + @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**, # file_inherit owner /var/log/cron-apt/temp w, @@ -171,7 +169,7 @@ profile apt-get @{exec_path} flags=(complain) { /etc/dpkg/origins/debian r, - owner @{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, + owner @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**, owner @{HOME}/** rwkl -> @{HOME}/**, audit deny owner @{HOME}/.* mrwkl, audit deny owner @{HOME}/.*/ rw, diff --git a/apparmor.d/groups/apt/apt-methods-cdrom b/apparmor.d/groups/apt/apt-methods-cdrom index cda7d149..09a5cb16 100644 --- a/apparmor.d/groups/apt/apt-methods-cdrom +++ b/apparmor.d/groups/apt/apt-methods-cdrom @@ -6,8 +6,6 @@ abi , include -@{BUILD_DIR} = @{MOUNTS}/debuilder/ - @{exec_path} = /{usr/,}lib/apt/methods/cdrom profile apt-methods-cdrom @{exec_path} { include @@ -37,7 +35,7 @@ profile apt-methods-cdrom @{exec_path} { /root/ r, # For package building - @{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, + @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**, # file_inherit owner /dev/tty[0-9]* rw, diff --git a/apparmor.d/groups/apt/apt-methods-copy b/apparmor.d/groups/apt/apt-methods-copy index 62e6c193..d831b772 100644 --- a/apparmor.d/groups/apt/apt-methods-copy +++ b/apparmor.d/groups/apt/apt-methods-copy @@ -6,8 +6,6 @@ abi , include -@{BUILD_DIR} = @{MOUNTS}/debuilder/ - @{exec_path} = /{usr/,}lib/apt/methods/copy profile apt-methods-copy @{exec_path} { include @@ -47,7 +45,7 @@ profile apt-methods-copy @{exec_path} { owner /var/lib/apt/lists/partial/* rw, # For package building - @{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, + @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**, # file_inherit owner /dev/tty[0-9]* rw, diff --git a/apparmor.d/groups/apt/apt-methods-file b/apparmor.d/groups/apt/apt-methods-file index f41b6a35..21e6ab06 100644 --- a/apparmor.d/groups/apt/apt-methods-file +++ b/apparmor.d/groups/apt/apt-methods-file @@ -6,8 +6,6 @@ abi , include -@{BUILD_DIR} = @{MOUNTS}/debuilder/ - @{exec_path} = /{usr/,}lib/apt/methods/file profile apt-methods-file @{exec_path} { include @@ -47,7 +45,7 @@ profile apt-methods-file @{exec_path} { owner /var/lib/apt/lists/partial/* rw, # For package building - @{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, + @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**, # file_inherit owner /dev/tty[0-9]* rw, diff --git a/apparmor.d/groups/apt/apt-methods-ftp b/apparmor.d/groups/apt/apt-methods-ftp index 47d1b8b3..54b53194 100644 --- a/apparmor.d/groups/apt/apt-methods-ftp +++ b/apparmor.d/groups/apt/apt-methods-ftp @@ -6,8 +6,6 @@ abi , include -@{BUILD_DIR} = @{MOUNTS}/debuilder/ - @{exec_path} = /{usr/,}lib/apt/methods/ftp profile apt-methods-ftp @{exec_path} { include @@ -37,7 +35,7 @@ profile apt-methods-ftp @{exec_path} { /root/ r, # For package building - @{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, + @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**, # file_inherit owner /dev/tty[0-9]* rw, diff --git a/apparmor.d/groups/apt/apt-methods-gpgv b/apparmor.d/groups/apt/apt-methods-gpgv index b6d2e40a..f1b86056 100644 --- a/apparmor.d/groups/apt/apt-methods-gpgv +++ b/apparmor.d/groups/apt/apt-methods-gpgv @@ -6,8 +6,6 @@ abi , include -@{BUILD_DIR} = @{MOUNTS}/debuilder/ - @{exec_path} = /{usr/,}lib/apt/methods/gpgv profile apt-methods-gpgv @{exec_path} { include @@ -83,7 +81,7 @@ profile apt-methods-gpgv @{exec_path} { /etc/keyrings/*.gpg r, # For package building - @{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, + @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**, # file_inherit owner /dev/tty[0-9]* rw, diff --git a/apparmor.d/groups/apt/apt-methods-http b/apparmor.d/groups/apt/apt-methods-http index c7bb75a5..c3e56edf 100644 --- a/apparmor.d/groups/apt/apt-methods-http +++ b/apparmor.d/groups/apt/apt-methods-http @@ -6,8 +6,6 @@ abi , include -@{BUILD_DIR} = @{MOUNTS}/debuilder/ - @{exec_path} = /{usr/,}lib/apt/methods/http{,s} profile apt-methods-http @{exec_path} { include @@ -67,7 +65,7 @@ profile apt-methods-http @{exec_path} { @{PROC}/@{pid}/cgroup r, # For package building - @{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, + @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**, # file_inherit owner /dev/tty[0-9]* rw, diff --git a/apparmor.d/groups/apt/apt-methods-mirror b/apparmor.d/groups/apt/apt-methods-mirror index ca8164f1..8b94a8e2 100644 --- a/apparmor.d/groups/apt/apt-methods-mirror +++ b/apparmor.d/groups/apt/apt-methods-mirror @@ -6,8 +6,6 @@ abi , include -@{BUILD_DIR} = @{MOUNTS}/debuilder/ - @{exec_path} = /{usr/,}lib/apt/methods/mirror{,+*} profile apt-methods-mirror @{exec_path} { include @@ -37,7 +35,7 @@ profile apt-methods-mirror @{exec_path} { /root/ r, # For package building - @{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, + @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**, # file_inherit owner /dev/tty[0-9]* rw, diff --git a/apparmor.d/groups/apt/apt-methods-rred b/apparmor.d/groups/apt/apt-methods-rred index 5b86c56f..d6e2850e 100644 --- a/apparmor.d/groups/apt/apt-methods-rred +++ b/apparmor.d/groups/apt/apt-methods-rred @@ -6,8 +6,6 @@ abi , include -@{BUILD_DIR} = @{MOUNTS}/debuilder/ - @{exec_path} = /{usr/,}lib/apt/methods/rred profile apt-methods-rred @{exec_path} { include @@ -47,7 +45,7 @@ profile apt-methods-rred @{exec_path} { owner /var/lib/apt/lists/partial/* rw, # For package building - @{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, + @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**, # file_inherit owner /dev/tty[0-9]* rw, diff --git a/apparmor.d/groups/apt/apt-methods-rsh b/apparmor.d/groups/apt/apt-methods-rsh index e51b710d..256742c4 100644 --- a/apparmor.d/groups/apt/apt-methods-rsh +++ b/apparmor.d/groups/apt/apt-methods-rsh @@ -6,8 +6,6 @@ abi , include -@{BUILD_DIR} = @{MOUNTS}/debuilder/ - @{exec_path} = /{usr/,}lib/apt/methods/{r,s}sh profile apt-methods-rsh @{exec_path} { include @@ -37,7 +35,7 @@ profile apt-methods-rsh @{exec_path} { /root/ r, # For package building - @{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, + @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**, # file_inherit owner /dev/tty[0-9]* rw, diff --git a/apparmor.d/groups/apt/apt-methods-store b/apparmor.d/groups/apt/apt-methods-store index d05789c6..d425e5cb 100644 --- a/apparmor.d/groups/apt/apt-methods-store +++ b/apparmor.d/groups/apt/apt-methods-store @@ -6,8 +6,6 @@ abi , include -@{BUILD_DIR} = @{MOUNTS}/debuilder/ - @{exec_path} = /{usr/,}lib/apt/methods/store profile apt-methods-store @{exec_path} { include @@ -52,7 +50,7 @@ profile apt-methods-store @{exec_path} { owner /tmp/apt-changelog-*/*.changelog{,.*} rw, # For package building - @{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, + @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**, # file_inherit owner /dev/tty[0-9]* rw, diff --git a/apparmor.d/groups/apt/apt-show-versions b/apparmor.d/groups/apt/apt-show-versions index 40ee7b43..03cea021 100644 --- a/apparmor.d/groups/apt/apt-show-versions +++ b/apparmor.d/groups/apt/apt-show-versions @@ -6,8 +6,6 @@ abi , include -@{BUILD_DIR} = @{MOUNTS}/debuilder/ - @{exec_path} = /{usr/,}bin/apt-show-versions profile apt-show-versions @{exec_path} { include @@ -31,7 +29,7 @@ profile apt-show-versions @{exec_path} { /var/lib/dbus/machine-id r, /etc/machine-id r, - @{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, + @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**, # file_inherit owner /dev/tty[0-9]* rw, diff --git a/apparmor.d/groups/apt/aptitude b/apparmor.d/groups/apt/aptitude index 18e7be9e..d7c93d77 100644 --- a/apparmor.d/groups/apt/aptitude +++ b/apparmor.d/groups/apt/aptitude @@ -6,8 +6,6 @@ abi , include -@{BUILD_DIR} = @{MOUNTS}/debuilder/ - @{exec_path} = /{usr/,}bin/aptitude{,-curses} profile aptitude @{exec_path} flags=(complain) { include @@ -162,7 +160,7 @@ profile aptitude @{exec_path} flags=(complain) { /etc/machine-id r, # For package building - @{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, + @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**, # file_inherit /var/log/cron-apt/temp w, diff --git a/apparmor.d/groups/apt/debsign b/apparmor.d/groups/apt/debsign index 1d04210e..47b46c05 100644 --- a/apparmor.d/groups/apt/debsign +++ b/apparmor.d/groups/apt/debsign @@ -6,8 +6,6 @@ abi , include -@{BUILD_DIR} = @{MOUNTS}/debuilder/ - @{exec_path} = /{usr/,}bin/debsign profile debsign @{exec_path} { include @@ -40,7 +38,7 @@ profile debsign @{exec_path} { owner @{HOME}/.devscripts r, # For package building - owner @{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, + owner @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**, owner /tmp/debsign.*/ rw, owner /tmp/debsign.*/*.{dsc,changes,buildinfo}{,.asc} rw, diff --git a/apparmor.d/groups/apt/debtags b/apparmor.d/groups/apt/debtags index 22b63983..e6fbc963 100644 --- a/apparmor.d/groups/apt/debtags +++ b/apparmor.d/groups/apt/debtags @@ -6,8 +6,6 @@ abi , include -@{BUILD_DIR} = @{MOUNTS}/debuilder/ - @{exec_path} = /{usr/,}bin/debtags profile debtags @{exec_path} { include @@ -36,7 +34,7 @@ profile debtags @{exec_path} { /var/lib/dbus/machine-id r, /etc/machine-id r, - @{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, + @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**, # file_inherit /var/log/cron-apt/temp w , diff --git a/apparmor.d/groups/apt/dpkg-checkbuilddeps b/apparmor.d/groups/apt/dpkg-checkbuilddeps index aca3b97a..ce110c04 100644 --- a/apparmor.d/groups/apt/dpkg-checkbuilddeps +++ b/apparmor.d/groups/apt/dpkg-checkbuilddeps @@ -6,8 +6,6 @@ abi , include -@{BUILD_DIR} = @{MOUNTS}/debuilder/ - @{exec_path} = /{usr/,}bin/dpkg-checkbuilddeps profile dpkg-checkbuilddeps @{exec_path} flags=(complain) { include @@ -24,7 +22,7 @@ profile dpkg-checkbuilddeps @{exec_path} flags=(complain) { /usr/share/dpkg/tupletable r, # For package building - owner @{BUILD_DIR}/**/debian/control r, + owner @{user_build_dirs}/**/debian/control r, include if exists } diff --git a/apparmor.d/groups/apt/dpkg-deb b/apparmor.d/groups/apt/dpkg-deb index 8a1cd05e..a7259fe0 100644 --- a/apparmor.d/groups/apt/dpkg-deb +++ b/apparmor.d/groups/apt/dpkg-deb @@ -6,8 +6,6 @@ abi , include -@{BUILD_DIR} = @{MOUNTS}/debuilder/ - @{exec_path} = /{usr/,}bin/dpkg-deb profile dpkg-deb @{exec_path} { include @@ -36,7 +34,7 @@ profile dpkg-deb @{exec_path} { /var/cache/apt/archives/*.deb r, # For package building - @{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, + @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**, include if exists } diff --git a/apparmor.d/groups/apt/dpkg-genbuildinfo b/apparmor.d/groups/apt/dpkg-genbuildinfo index 61d221d6..52750d75 100644 --- a/apparmor.d/groups/apt/dpkg-genbuildinfo +++ b/apparmor.d/groups/apt/dpkg-genbuildinfo @@ -6,8 +6,6 @@ abi , include -@{BUILD_DIR} = @{MOUNTS}/debuilder/ - @{exec_path} = /{usr/,}bin/dpkg-genbuildinfo profile dpkg-genbuildinfo @{exec_path} flags=(complain) { include @@ -19,7 +17,7 @@ profile dpkg-genbuildinfo @{exec_path} flags=(complain) { /etc/dpkg/origins/debian r, # For package building - owner @{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, + owner @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**, /var/lib/dpkg/status r, diff --git a/apparmor.d/groups/apt/dpkg-genchanges b/apparmor.d/groups/apt/dpkg-genchanges index 18a0267e..12f2fd16 100644 --- a/apparmor.d/groups/apt/dpkg-genchanges +++ b/apparmor.d/groups/apt/dpkg-genchanges @@ -6,8 +6,6 @@ abi , include -@{BUILD_DIR} = @{MOUNTS}/debuilder/ - @{exec_path} = /{usr/,}bin/dpkg-genchanges profile dpkg-genchanges @{exec_path} flags=(complain) { include @@ -22,7 +20,7 @@ profile dpkg-genchanges @{exec_path} flags=(complain) { /usr/share/dpkg/tupletable r, # For package building - owner @{BUILD_DIR}/** r, + owner @{user_build_dirs}/** r, include if exists } diff --git a/apparmor.d/groups/apt/dpkg-split b/apparmor.d/groups/apt/dpkg-split index d33b7984..6fa38e7a 100644 --- a/apparmor.d/groups/apt/dpkg-split +++ b/apparmor.d/groups/apt/dpkg-split @@ -6,8 +6,6 @@ abi , include -@{BUILD_DIR} = @{MOUNTS}/debuilder/ - @{exec_path} = /{usr/,}bin/dpkg-split profile dpkg-split @{exec_path} { include @@ -26,7 +24,7 @@ profile dpkg-split @{exec_path} { /var/cache/apt/archives/*.deb r, # For package building - @{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, + @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**, include if exists } diff --git a/apparmor.d/groups/apt/synaptic b/apparmor.d/groups/apt/synaptic index 093da5fc..b3a7cbb2 100644 --- a/apparmor.d/groups/apt/synaptic +++ b/apparmor.d/groups/apt/synaptic @@ -4,8 +4,6 @@ abi , -@{BUILD_DIR} = @{MOUNTS}/debuilder/ - include @{exec_path} = /{usr/,}sbin/synaptic /{usr/,}bin/synaptic-pkexec @@ -158,7 +156,7 @@ profile synaptic @{exec_path} { @{HOME}/.Xauthority r, # For package building - @{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, + @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**, # file_inherit owner /dev/tty[0-9]* rw, diff --git a/apparmor.d/profiles-a-l/changestool b/apparmor.d/profiles-a-l/changestool index d04f8d43..3265887b 100644 --- a/apparmor.d/profiles-a-l/changestool +++ b/apparmor.d/profiles-a-l/changestool @@ -6,8 +6,6 @@ abi , include -@{BUILD_DIR} = @{MOUNTS}/debuilder/ - @{exec_path} = /{usr/,}bin/changestool profile changestool @{exec_path} { include @@ -21,7 +19,7 @@ profile changestool @{exec_path} { owner @{PROC}/@{pid}/fd/ r, # For package building - owner @{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, + owner @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**, profile gpg { diff --git a/apparmor.d/profiles-a-l/execute-dput b/apparmor.d/profiles-a-l/execute-dput index d9acad82..59904a4e 100644 --- a/apparmor.d/profiles-a-l/execute-dput +++ b/apparmor.d/profiles-a-l/execute-dput @@ -6,8 +6,6 @@ abi , include -@{BUILD_DIR} = @{MOUNTS}/debuilder/ - @{exec_path} = /{usr/,}bin/dput /usr/share/dput/execute-dput profile execute-dput @{exec_path} flags=(complain) { include @@ -34,10 +32,10 @@ profile execute-dput @{exec_path} flags=(complain) { owner @{PROC}/@{pid}/fd/ r, # sources dir - owner @{BUILD_DIR}/**.changes r, - owner @{BUILD_DIR}/**.dsc r, - owner @{BUILD_DIR}/**.buildinfo r, - owner @{BUILD_DIR}/**.tar.xz r, + owner @{user_build_dirs}/**.changes r, + owner @{user_build_dirs}/**.dsc r, + owner @{user_build_dirs}/**.buildinfo r, + owner @{user_build_dirs}/**.tar.xz r, profile gpg { diff --git a/apparmor.d/profiles-a-l/kmod b/apparmor.d/profiles-a-l/kmod index ff09733c..f555fa61 100644 --- a/apparmor.d/profiles-a-l/kmod +++ b/apparmor.d/profiles-a-l/kmod @@ -7,8 +7,6 @@ abi , include -@{BUILD_DIR} = @{MOUNTS}/debuilder/ - @{exec_path} = /{usr/,}bin/{kmod,lsmod} @{exec_path} += /{usr/,}{s,}bin/{depmod,insmod,lsmod,rmmod,modinfo,modprobe} profile kmod @{exec_path} { @@ -54,11 +52,11 @@ profile kmod @{exec_path} { # For local kernel build owner /tmp/depmod.*/lib/modules/*/ r, owner /tmp/depmod.*/lib/modules/*/modules.* rw, - owner @{BUILD_DIR}/**/System.map r, - owner @{BUILD_DIR}/**/debian/*/lib/modules/*/ r, - owner @{BUILD_DIR}/**/debian/*/lib/modules/*/modules.* rw, - owner @{BUILD_DIR}/**/debian/*/lib/modules/*/kernel/{,**/} r, - owner @{BUILD_DIR}/**/debian/*/lib/modules/*/kernel/**/*.ko r, + owner @{user_build_dirs}/**/System.map r, + owner @{user_build_dirs}/**/debian/*/lib/modules/*/ r, + owner @{user_build_dirs}/**/debian/*/lib/modules/*/modules.* rw, + owner @{user_build_dirs}/**/debian/*/lib/modules/*/kernel/{,**/} r, + owner @{user_build_dirs}/**/debian/*/lib/modules/*/kernel/**/*.ko r, include if exists } diff --git a/apparmor.d/profiles-m-z/reprepro b/apparmor.d/profiles-m-z/reprepro index 70755244..7ae7b7a1 100644 --- a/apparmor.d/profiles-m-z/reprepro +++ b/apparmor.d/profiles-m-z/reprepro @@ -7,7 +7,6 @@ abi , include @{REPO_DIR} = @{MOUNTS}/debuilder/repo -@{BUILD_DIR} = @{MOUNTS}/debuilder/ @{exec_path} = /{usr/,}bin/reprepro profile reprepro @{exec_path} { @@ -51,9 +50,9 @@ profile reprepro @{exec_path} { owner @{REPO_DIR}/*.deb r, # For package building - owner @{BUILD_DIR}/pbuilder/result/*.{dsc,changes} r, - owner @{BUILD_DIR}/pbuilder/result/*.deb r, - owner @{BUILD_DIR}/pbuilder/result/*.tar.* r, + owner @{user_build_dirs}/pbuilder/result/*.{dsc,changes} r, + owner @{user_build_dirs}/pbuilder/result/*.deb r, + owner @{user_build_dirs}/pbuilder/result/*.tar.* r, profile gpg { include diff --git a/apparmor.d/profiles-m-z/uscan b/apparmor.d/profiles-m-z/uscan index 8c389766..260a01d2 100644 --- a/apparmor.d/profiles-m-z/uscan +++ b/apparmor.d/profiles-m-z/uscan @@ -6,8 +6,6 @@ abi , include -@{BUILD_DIR} = @{MOUNTS}/debuilder/ - @{exec_path} = /{usr/,}bin/uscan profile uscan @{exec_path} { include @@ -38,7 +36,7 @@ profile uscan @{exec_path} { /{usr/,}bin/uupdate rPUx, # To run custom maintainer scripts - owner @{BUILD_DIR}/**/debian/* rPUx, + owner @{user_build_dirs}/**/debian/* rPUx, /{usr/,}bin/gpg rCx -> gpg, /{usr/,}bin/gpgv rCx -> gpg, @@ -49,7 +47,7 @@ profile uscan @{exec_path} { /etc/magic r, # For package building - owner @{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, + owner @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**, # For GPG keys @@ -67,8 +65,8 @@ profile uscan @{exec_path} { owner /tmp/*/trustedkeys.gpg rw, - owner @{BUILD_DIR}/**/debian/upstream/signing-key.asc r, - owner @{BUILD_DIR}/**/*.tar.* r, + owner @{user_build_dirs}/**/debian/upstream/signing-key.asc r, + owner @{user_build_dirs}/**/*.tar.* r, } diff --git a/apparmor.d/profiles-m-z/uupdate b/apparmor.d/profiles-m-z/uupdate index dce3dce3..4c46be97 100644 --- a/apparmor.d/profiles-m-z/uupdate +++ b/apparmor.d/profiles-m-z/uupdate @@ -6,8 +6,6 @@ abi , include -@{BUILD_DIR} = @{MOUNTS}/debuilder/ - @{exec_path} = /{usr/,}bin/uupdate profile uupdate @{exec_path} flags=(complain) { include @@ -49,7 +47,7 @@ profile uupdate @{exec_path} flags=(complain) { /etc/devscripts.conf r, # For package building - owner @{BUILD_DIR}/** rwkl -> @{BUILD_DIR}/**, + owner @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**, include if exists }