From 2333fbcf746dbe92c837b8aac05b830f126296c1 Mon Sep 17 00:00:00 2001
From: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Date: Wed, 14 Aug 2024 18:15:28 +0900
Subject: [PATCH] profiles: runc: allow /usr/bin/runc as well as /usr/sbin/runc

Docker, Inc's `containerd.io` package installs runc onto `/usr/bin/runc`
rather than `/usr/sbin/runc`.

```
$ wget https://download.docker.com/linux/ubuntu/dists/noble/pool/stable/amd64/containerd.io_1.7.20-1_amd64.deb
$ dpkg -c containerd.io_1.7.20-1_amd64.deb | grep /runc
-rwxr-xr-x root/root   9806280 2024-08-08 23:20 ./usr/bin/runc
```

Similar to 9ab45d "profiles: support distributions which merge sbin into bin".

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
---
 profiles/apparmor.d/runc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/profiles/apparmor.d/runc b/profiles/apparmor.d/runc
index 80444bcf9..d42549503 100644
--- a/profiles/apparmor.d/runc
+++ b/profiles/apparmor.d/runc
@@ -4,7 +4,7 @@
 abi <abi/4.0>,
 include <tunables/global>
 
-profile runc /usr/sbin/runc flags=(unconfined) {
+profile runc /usr/{bin,sbin}/runc flags=(unconfined) {
   userns,
 
   # Site-specific additions and overrides. See local/README for details.