# apparmor.d - Full set of apparmor profiles # Copyright (C) 2020-2021 Mikhail Morfikov # SPDX-License-Identifier: GPL-2.0-only abi , include @{exec_path} = /{usr/,}bin/check-support-status profile check-support-status @{exec_path} { include include @{exec_path} rix, /{usr/,}bin/{,ba,da}sh rix, /{usr/,}bin/ r, /{usr/,}bin/gettext.sh r, /{usr/,}bin/cat rix, /{usr/,}bin/{,e}grep rix, /{usr/,}bin/cut rix, /{usr/,}bin/date rix, /{usr/,}bin/getopt rix, /{usr/,}bin/fold rix, /{usr/,}bin/mktemp rix, /{usr/,}bin/rm rix, /{usr/,}bin/awk rix, /{usr/,}bin/comm rix, /{usr/,}bin/mkdir rix, /{usr/,}bin/mv rix, /{usr/,}bin/find rix, /{usr/,}bin/wc rix, /{usr/,}bin/basename rix, /{usr/,}bin/gawk rix, /{usr/,}bin/sort rix, /{usr/,}bin/head rix, /{usr/,}bin/gettext rix, /{usr/,}bin/sed rix, /{usr/,}bin/envsubst rix, /{usr/,}bin/dirname rix, # Do not strip env to avoid errors like the following: # ERROR: ld.so: object 'libfakeroot-sysv.so' from LD_PRELOAD cannot be preloaded (cannot open # shared object file): ignored. /{usr/,}bin/dpkg-query rpx, /{usr/,}bin/dpkg rPx -> child-dpkg, /{usr/,}bin/debconf-escape rCx -> debconf-escape, /etc/debian_version r, # For shell pwd / r, owner @{HOME}/ r, /tmp/ r, owner /tmp/debian-security-support.*/{,**} rw, /tmp/debian-security-support.postinst.*/output w, /var/lib/debian-security-support/ r, owner /var/lib/debian-security-support/security-support.semaphore rw, owner /var/lib/debian-security-support/tmp.* rw, /usr/share/debian-security-support/ r, /usr/share/debian-security-support/* r, profile debconf-escape { include include /{usr/,}bin/debconf-escape r, /{usr/,}bin/perl r, owner /tmp/debian-security-support.postinst.*/output r, } include if exists }