Merge branch 'fix-hats' into 'master'

profiles: update profiles for the new proc attr interfaces

See merge request apparmor/apparmor!627

Acked-by: Christian Boltz <apparmor@cboltz.de>

profiles/apparmor.d/abstractions/apparmor_api/examine

@@ -11,4 +11,4 @@
 
 abi <abi/3.0>,
 
-@{PROC}/@{pids}/attr/{current,prev,exec} r,
+@{PROC}/@{pids}/attr/{apparmor/,}{current,prev,exec} r,

profiles/apparmor.d/abstractions/apparmor_api/introspect

@@ -11,4 +11,4 @@ abi <abi/3.0>,
 # Make sure to include at least tunables/proc and tunables/kernelvars
 # when using this abstraction, if not tunables/global.
 
-@{PROC}/@{tid}/attr/{current,prev,exec} r,
+@{PROC}/@{tid}/attr/{apparmor/,}{current,prev,exec} r,

profiles/apparmor.d/php-fpm

@@ -30,7 +30,7 @@ profile php-fpm /usr/sbin/php-fpm* flags=(attach_disconnected) {
   capability dac_override,
 
   # we need write access here to move it into a different apparmor sub profile
-  @{PROC}/@{pid}/attr/current rw,
+  @{PROC}/@{pid}/attr/{apparmor/,}current rw,
 
   # the main log file
   /var/log/php*-fpm.log rw,

profiles/apparmor.d/usr.lib.dovecot.imap

@@ -35,7 +35,7 @@ profile dovecot-imap /usr/lib/dovecot/imap {
   /etc/dovecot/conf.d/** r,
 
   owner /tmp/dovecot.imap.* rw,
-  @{PROC}/@{pid}/attr/current rw,
+  @{PROC}/@{pid}/attr/{apparmor/,}current rw,
   /usr/bin/doveconf rix,
   /usr/lib/dovecot/imap mrix,
   /usr/share/dovecot/** r,

profiles/apparmor.d/usr.lib.dovecot.lmtp

@@ -30,7 +30,7 @@ profile dovecot-lmtp /usr/lib/dovecot/lmtp {
   @{DOVECOT_MAILSTORE}/** rwkl,
 
   @{HOME}/.dovecot.svbin r,
-  @{PROC}/@{pid}/attr/current rw,
+  @{PROC}/@{pid}/attr/{apparmor/,}current rw,
   @{PROC}/*/mounts r,
   /tmp/dovecot.lmtp.* rw,
   /usr/lib/dovecot/lmtp mr,