diff --git a/apparmor.d/abstractions/chromium b/apparmor.d/abstractions/chromium index 4d2e273e9..094963089 100644 --- a/apparmor.d/abstractions/chromium +++ b/apparmor.d/abstractions/chromium @@ -181,7 +181,7 @@ @{sys}/devices/pci[0-9]*/**/boot_vga r, @{sys}/devices/pci[0-9]*/**/{resource,irq} r, @{sys}/devices/pci[0-9]*/**/report_descriptor r, - @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/cpuinfo_max_freq r, + @{sys}/devices/system/cpu/cpufreq/policy@{int}/cpuinfo_max_freq r, @{sys}/devices/system/cpu/kernel_max r, @{sys}/devices/system/cpu/present r, @{sys}/devices/virtual/**/report_descriptor r, diff --git a/apparmor.d/abstractions/dbus-session-strict.d/complete b/apparmor.d/abstractions/dbus-session-strict.d/complete index c6f5f0f60..27edb92cc 100644 --- a/apparmor.d/abstractions/dbus-session-strict.d/complete +++ b/apparmor.d/abstractions/dbus-session-strict.d/complete @@ -8,6 +8,7 @@ unix (connect, send, receive, accept) type=stream peer=(addr="@/tmp/dbus-????????"), owner @{run}/user/@{uid}/at-spi/ rw, - owner @{run}/user/@{uid}/at-spi/bus{,_[0-9]*} rw, - + owner @{run}/user/@{uid}/at-spi/bus rw, + owner @{run}/user/@{uid}/at-spi/bus_@{int} rw, + owner /tmp/dbus-@{rand8} rw, diff --git a/apparmor.d/abstractions/kde-open5.d/complete b/apparmor.d/abstractions/kde-open5.d/complete index 8497bce90..0ce4b3bbc 100644 --- a/apparmor.d/abstractions/kde-open5.d/complete +++ b/apparmor.d/abstractions/kde-open5.d/complete @@ -6,4 +6,4 @@ owner @{user_config_dirs}/menus/{,**} r, - owner @{run}/user/@{uid}/kioclient*.[0-9]*.kioworker.socket rwl -> @{run}/user/@{uid}/#@{int}, + owner @{run}/user/@{uid}/kioclient*.@{int}.kioworker.socket rwl -> @{run}/user/@{uid}/#@{int}, diff --git a/apparmor.d/abstractions/nvidia.d/complete b/apparmor.d/abstractions/nvidia.d/complete index f879e06f7..6ae3a7b2d 100644 --- a/apparmor.d/abstractions/nvidia.d/complete +++ b/apparmor.d/abstractions/nvidia.d/complete @@ -8,4 +8,4 @@ /etc/nvidia/nvidia-application-profiles* r, - /dev/char/195:[0-9]* rw, + /dev/char/195:@{int} rw, diff --git a/apparmor.d/groups/akonadi/akonadi_birthdays_resource b/apparmor.d/groups/akonadi/akonadi_birthdays_resource index 2aa2007f1..64774aeb1 100644 --- a/apparmor.d/groups/akonadi/akonadi_birthdays_resource +++ b/apparmor.d/groups/akonadi/akonadi_birthdays_resource @@ -22,7 +22,7 @@ profile akonadi_birthdays_resource @{exec_path} { /usr/share/hwdata/*.ids r, /usr/share/qt{5,}/translations/*.qm r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /etc/xdg/kdeglobals r, /etc/xdg/kwinrc r, diff --git a/apparmor.d/groups/akonadi/akonadi_contacts_resource b/apparmor.d/groups/akonadi/akonadi_contacts_resource index 130268044..ba898500f 100644 --- a/apparmor.d/groups/akonadi/akonadi_contacts_resource +++ b/apparmor.d/groups/akonadi/akonadi_contacts_resource @@ -22,7 +22,7 @@ profile akonadi_contacts_resource @{exec_path} { @{exec_path} mr, /usr/share/hwdata/*.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /etc/xdg/kdeglobals r, /etc/xdg/kwinrc r, diff --git a/apparmor.d/groups/akonadi/akonadi_control b/apparmor.d/groups/akonadi/akonadi_control index 8f7b6207f..0772916af 100644 --- a/apparmor.d/groups/akonadi/akonadi_control +++ b/apparmor.d/groups/akonadi/akonadi_control @@ -26,7 +26,7 @@ profile akonadi_control @{exec_path} { /usr/share/akonadi/{,**} r, /usr/share/hwdata/*.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /etc/xdg/kdeglobals r, /etc/xdg/kwinrc r, diff --git a/apparmor.d/groups/akonadi/akonadi_followupreminder_agent b/apparmor.d/groups/akonadi/akonadi_followupreminder_agent index 8f949e172..2d7aa22a8 100644 --- a/apparmor.d/groups/akonadi/akonadi_followupreminder_agent +++ b/apparmor.d/groups/akonadi/akonadi_followupreminder_agent @@ -26,7 +26,7 @@ profile akonadi_followupreminder_agent @{exec_path} { @{exec_path} mr, /usr/share/hwdata/*.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /etc/xdg/kdeglobals r, /etc/xdg/kwinrc r, diff --git a/apparmor.d/groups/akonadi/akonadi_indexing_agent b/apparmor.d/groups/akonadi/akonadi_indexing_agent index 72feebf24..2036b9548 100644 --- a/apparmor.d/groups/akonadi/akonadi_indexing_agent +++ b/apparmor.d/groups/akonadi/akonadi_indexing_agent @@ -24,7 +24,7 @@ profile akonadi_indexing_agent @{exec_path} { /usr/share/akonadi/plugins/serializer/ r, /usr/share/akonadi/plugins/serializer/*.desktop r, /usr/share/hwdata/*.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/mime/{,**} r, /etc/machine-id r, diff --git a/apparmor.d/groups/akonadi/akonadi_maildir_resource b/apparmor.d/groups/akonadi/akonadi_maildir_resource index 27826c150..9dfc29ef8 100644 --- a/apparmor.d/groups/akonadi/akonadi_maildir_resource +++ b/apparmor.d/groups/akonadi/akonadi_maildir_resource @@ -24,7 +24,7 @@ profile akonadi_maildir_resource @{exec_path} { /usr/share/akonadi/plugins/serializer/{,*.desktop} r, /usr/share/hwdata/*.ids r, /usr/share/mime/{,**} r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /etc/xdg/kdeglobals r, /etc/xdg/kwinrc r, diff --git a/apparmor.d/groups/akonadi/akonadi_maildispatcher_agent b/apparmor.d/groups/akonadi/akonadi_maildispatcher_agent index 0c830f299..3477c53e8 100644 --- a/apparmor.d/groups/akonadi/akonadi_maildispatcher_agent +++ b/apparmor.d/groups/akonadi/akonadi_maildispatcher_agent @@ -29,7 +29,7 @@ profile akonadi_maildispatcher_agent @{exec_path} { /usr/share/hwdata/*.ids r, /usr/share/mime/{,**} r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /etc/xdg/kdeglobals r, /etc/xdg/kwinrc r, diff --git a/apparmor.d/groups/akonadi/akonadi_mailfilter_agent b/apparmor.d/groups/akonadi/akonadi_mailfilter_agent index d7061798b..1efd9f2b9 100644 --- a/apparmor.d/groups/akonadi/akonadi_mailfilter_agent +++ b/apparmor.d/groups/akonadi/akonadi_mailfilter_agent @@ -27,7 +27,7 @@ profile akonadi_mailfilter_agent @{exec_path} { /usr/share/akonadi/plugins/serializer/*.desktop r, /usr/share/hwdata/*.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/mime/{,**} r, /etc/machine-id r, @@ -62,7 +62,7 @@ profile akonadi_mailfilter_agent @{exec_path} { owner @{user_share_dirs}/akonadi/file_db_data/{,**} rw, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, + @{sys}/devices/system/node/node@{int}/meminfo r, @{PROC}/sys/kernel/core_pattern r, @{PROC}/sys/kernel/random/boot_id r, diff --git a/apparmor.d/groups/akonadi/akonadi_mailmerge_agent b/apparmor.d/groups/akonadi/akonadi_mailmerge_agent index 01f2f42c0..fd90d4d0f 100644 --- a/apparmor.d/groups/akonadi/akonadi_mailmerge_agent +++ b/apparmor.d/groups/akonadi/akonadi_mailmerge_agent @@ -26,7 +26,7 @@ profile akonadi_mailmerge_agent @{exec_path} { @{exec_path} mr, /usr/share/hwdata/*.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/qt{5,}/translations/*.qm r, /usr/share/qt5/qtlogging.ini r, diff --git a/apparmor.d/groups/akonadi/akonadi_migration_agent b/apparmor.d/groups/akonadi/akonadi_migration_agent index cf454f5d3..98a18b539 100644 --- a/apparmor.d/groups/akonadi/akonadi_migration_agent +++ b/apparmor.d/groups/akonadi/akonadi_migration_agent @@ -22,7 +22,7 @@ profile akonadi_migration_agent @{exec_path} { @{exec_path} mr, /usr/share/hwdata/*.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /etc/xdg/kdeglobals r, /etc/xdg/kwinrc r, diff --git a/apparmor.d/groups/akonadi/akonadi_newmailnotifier_agent b/apparmor.d/groups/akonadi/akonadi_newmailnotifier_agent index c60394784..7cab13ac7 100644 --- a/apparmor.d/groups/akonadi/akonadi_newmailnotifier_agent +++ b/apparmor.d/groups/akonadi/akonadi_newmailnotifier_agent @@ -24,7 +24,7 @@ profile akonadi_newmailnotifier_agent @{exec_path} { /usr/share/akonadi/plugins/serializer/{,*.desktop} r, /usr/share/hwdata/*.ids r, /usr/share/mime/{,**} r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/knotifications5/akonadi_newmailnotifier_agent.notifyrc r, /etc/machine-id r, diff --git a/apparmor.d/groups/akonadi/akonadi_notes_agent b/apparmor.d/groups/akonadi/akonadi_notes_agent index 35db08186..b47aa5507 100644 --- a/apparmor.d/groups/akonadi/akonadi_notes_agent +++ b/apparmor.d/groups/akonadi/akonadi_notes_agent @@ -27,7 +27,7 @@ profile akonadi_notes_agent @{exec_path} { @{exec_path} mr, /usr/share/hwdata/*.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/mime/{,**} r, /etc/xdg/kdeglobals r, diff --git a/apparmor.d/groups/akonadi/akonadi_sendlater_agent b/apparmor.d/groups/akonadi/akonadi_sendlater_agent index d16cbffa8..893bcfeeb 100644 --- a/apparmor.d/groups/akonadi/akonadi_sendlater_agent +++ b/apparmor.d/groups/akonadi/akonadi_sendlater_agent @@ -27,7 +27,7 @@ profile akonadi_sendlater_agent @{exec_path} { @{exec_path} mr, /usr/share/hwdata/*.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/mime/{,**} r, /etc/xdg/kdeglobals r, @@ -45,7 +45,7 @@ profile akonadi_sendlater_agent @{exec_path} { owner @{user_config_dirs}/kwinrc r, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, + @{sys}/devices/system/node/node@{int}/meminfo r, @{PROC}/sys/kernel/core_pattern r, diff --git a/apparmor.d/groups/akonadi/akonadi_unifiedmailbox_agent b/apparmor.d/groups/akonadi/akonadi_unifiedmailbox_agent index 298cec03a..982bb368e 100644 --- a/apparmor.d/groups/akonadi/akonadi_unifiedmailbox_agent +++ b/apparmor.d/groups/akonadi/akonadi_unifiedmailbox_agent @@ -23,7 +23,7 @@ profile akonadi_unifiedmailbox_agent @{exec_path} { /usr/share/hwdata/*.ids r, /usr/share/mime/{,**} r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /etc/xdg/kdeglobals r, /etc/xdg/kwinrc r, @@ -40,7 +40,7 @@ profile akonadi_unifiedmailbox_agent @{exec_path} { owner @{user_config_dirs}/kwinrc r, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, + @{sys}/devices/system/node/node@{int}/meminfo r, @{PROC}/sys/kernel/core_pattern r, diff --git a/apparmor.d/groups/apps/android-studio b/apparmor.d/groups/apps/android-studio index 593884ead..d5d9c5af0 100644 --- a/apparmor.d/groups/apps/android-studio +++ b/apparmor.d/groups/apps/android-studio @@ -248,7 +248,7 @@ profile android-studio @{exec_path} { # file_inherit owner @{HOME}/.android/avd/** r, - /dev/dri/card[0-9]* rw, + /dev/dri/card@{int} rw, } diff --git a/apparmor.d/groups/apps/calibre b/apparmor.d/groups/apps/calibre index aee551210..0592883f6 100644 --- a/apparmor.d/groups/apps/calibre +++ b/apparmor.d/groups/apps/calibre @@ -134,16 +134,16 @@ profile calibre @{exec_path} { owner @{user_cache_dirs}/qtshadercache/@{hex} rwl -> @{user_cache_dirs}/qtshadercache/#@{int}, owner @{user_cache_dirs}/qtshadercache/#@{int} rw, - owner @{user_cache_dirs}/gstreamer-[0-9]*/ rw, - owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp@{rand6}} rw, + owner @{user_cache_dirs}/gstreamer-@{int}/ rw, + owner @{user_cache_dirs}/gstreamer-@{int}/registry.*.bin{,.tmp@{rand6}} rw, owner @{user_config_dirs}/qt5ct/{,**} r, owner /tmp/calibre_*_tmp_*/{,**} rw, owner /tmp/calibre-*/{,**} rw, - owner /tmp/[0-9]*-*/ rw, - owner /tmp/[0-9]*-*/** rwl, -# owner /tmp/[0-9]*-*/** rwl -> /tmp/[0-9]*-*/**, # newer AA version + owner /tmp/@{int}-*/ rw, + owner /tmp/@{int}-*/** rwl, +# owner /tmp/@{int}-*/** rwl -> /tmp/@{int}-*/**, # newer AA version owner /tmp/* rw, owner /dev/shm/#@{int} rw, @@ -167,7 +167,7 @@ profile calibre @{exec_path} { deny owner @{PROC}/@{pid}/oom_{,score_}adj rw, deny @{PROC}/sys/kernel/random/boot_id r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/apps/discord b/apparmor.d/groups/apps/discord index 1c930fde6..a594a9e78 100644 --- a/apparmor.d/groups/apps/discord +++ b/apparmor.d/groups/apps/discord @@ -62,8 +62,8 @@ profile discord @{exec_path} { owner @{DISCORD_HOMEDIR}/ rw, owner @{DISCORD_HOMEDIR}/** rwk, - owner @{DISCORD_HOMEDIR}/[0-9]*/modules/discord_[a-z]*/*.node mrwk, - owner @{DISCORD_HOMEDIR}/[0-9]*/modules/discord_[a-z]*/lib*.so.[0-9] mrw, + owner @{DISCORD_HOMEDIR}/@{int}/modules/discord_[a-z]*/*.node mrwk, + owner @{DISCORD_HOMEDIR}/@{int}/modules/discord_[a-z]*/lib*.so.[0-9] mrw, # Reading of the /proc/ dir is needed to start discord. # Otherwise it returns the following error: @@ -110,7 +110,7 @@ profile discord @{exec_path} { @{lib}/firefox/firefox rPx, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile xdg-mime { diff --git a/apparmor.d/groups/apps/filezilla b/apparmor.d/groups/apps/filezilla index 630a1cef3..f6141b8c7 100644 --- a/apparmor.d/groups/apps/filezilla +++ b/apparmor.d/groups/apps/filezilla @@ -65,7 +65,7 @@ profile filezilla @{exec_path} { /*/*/ r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/apps/flameshot b/apparmor.d/groups/apps/flameshot index 645934f4d..a12d6c042 100644 --- a/apparmor.d/groups/apps/flameshot +++ b/apparmor.d/groups/apps/flameshot @@ -66,7 +66,7 @@ profile flameshot @{exec_path} { /dev/shm/#@{int} rw, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile open { diff --git a/apparmor.d/groups/apps/freetube b/apparmor.d/groups/apps/freetube index be20c66a1..8f2519cf4 100644 --- a/apparmor.d/groups/apps/freetube +++ b/apparmor.d/groups/apps/freetube @@ -93,7 +93,7 @@ profile freetube @{exec_path} { @{bin}/vlc rPx, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile open { diff --git a/apparmor.d/groups/apps/spotify b/apparmor.d/groups/apps/spotify index 0f85a29eb..773182092 100644 --- a/apparmor.d/groups/apps/spotify +++ b/apparmor.d/groups/apps/spotify @@ -70,7 +70,7 @@ profile spotify @{exec_path} { owner /tmp/@{hex}-@{hex}-@{hex}-@{hex} rw, # What's this for? - #owner /tmp/[0-9]*.[0-9]*.[0-9]*.[0-9]*-linux-*.zip rw, + #owner /tmp/@{int}.@{int}.@{int}.[0-9]*-linux-*.zip rw, include if exists } diff --git a/apparmor.d/groups/apps/telegram-desktop b/apparmor.d/groups/apps/telegram-desktop index 96260592d..5a39fe004 100644 --- a/apparmor.d/groups/apps/telegram-desktop +++ b/apparmor.d/groups/apps/telegram-desktop @@ -88,7 +88,7 @@ profile telegram-desktop @{exec_path} { @{bin}/geany rPx, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile open { diff --git a/apparmor.d/groups/apps/vlc b/apparmor.d/groups/apps/vlc index 44e0b4c95..e4dea4e36 100644 --- a/apparmor.d/groups/apps/vlc +++ b/apparmor.d/groups/apps/vlc @@ -194,7 +194,7 @@ profile vlc @{exec_path} { audit owner @{PROC}/@{pid}/cmdline r, /dev/shm/#@{int} rw, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, # Silencer deny @{lib}/@{multiarch}/vlc/{,**} w, @@ -217,7 +217,7 @@ profile vlc @{exec_path} { owner @{HOME}/.Xauthority r, # file_inherit - /dev/dri/card[0-9]* rw, + /dev/dri/card@{int} rw, network inet stream, network inet6 stream, diff --git a/apparmor.d/groups/apt/apt b/apparmor.d/groups/apt/apt index de7705bda..104804eb2 100644 --- a/apparmor.d/groups/apt/apt +++ b/apparmor.d/groups/apt/apt @@ -144,7 +144,7 @@ profile apt @{exec_path} flags=(attach_disconnected) { /tmp/apt-changelog-*/*.changelog w, owner /tmp/apt-changelog-*/.apt-acquire-privs-test.* rw, owner /tmp/apt-dpkg-install-*/ rw, - owner /tmp/apt-dpkg-install-*/[0-9]*-*.deb w, + owner /tmp/apt-dpkg-install-*/@{int}-*.deb w, owner /tmp/apt.conf.* rw, owner /tmp/apt.data.* rw, diff --git a/apparmor.d/groups/apt/apt-listbugs b/apparmor.d/groups/apt/apt-listbugs index ebec43fc9..6b48a7d31 100644 --- a/apparmor.d/groups/apt/apt-listbugs +++ b/apparmor.d/groups/apt/apt-listbugs @@ -23,7 +23,7 @@ profile apt-listbugs @{exec_path} { network netlink raw, @{exec_path} r, - @{bin}/ruby[0-9].[0-9]* rix, + @{bin}/ruby[0-9].@{int} rix, @{bin}/{,ba,da}sh rix, @{bin}/logname rix, diff --git a/apparmor.d/groups/apt/apt-listbugs-migratepins b/apparmor.d/groups/apt/apt-listbugs-migratepins index 37bb62530..a5624a0e0 100644 --- a/apparmor.d/groups/apt/apt-listbugs-migratepins +++ b/apparmor.d/groups/apt/apt-listbugs-migratepins @@ -13,7 +13,7 @@ profile apt-listbugs-migratepins @{exec_path} { include @{exec_path} r, - @{bin}/ruby[0-9].[0-9]* rix, + @{bin}/ruby[0-9].@{int} rix, /usr/share/rubygems-integration/*/specifications/ r, /usr/share/rubygems-integration/*/specifications/*.gemspec rwk, diff --git a/apparmor.d/groups/apt/apt-listbugs-prefclean b/apparmor.d/groups/apt/apt-listbugs-prefclean index d0e129144..a34d12605 100644 --- a/apparmor.d/groups/apt/apt-listbugs-prefclean +++ b/apparmor.d/groups/apt/apt-listbugs-prefclean @@ -13,7 +13,7 @@ profile apt-listbugs-prefclean @{exec_path} { include @{exec_path} r, - @{bin}/ruby[0-9].[0-9]* rix, + @{bin}/ruby[0-9].@{int} rix, @{bin}/date rix, @{bin}/cat rix, diff --git a/apparmor.d/groups/apt/apt-mark b/apparmor.d/groups/apt/apt-mark index db2c672a4..540ef981a 100644 --- a/apparmor.d/groups/apt/apt-mark +++ b/apparmor.d/groups/apt/apt-mark @@ -25,7 +25,7 @@ profile apt-mark @{exec_path} { /var/cache/apt/ r, /var/cache/apt/** rwk, - /dev/pts/[0-9]* rw, + /dev/pts/@{int} rw, include if exists } diff --git a/apparmor.d/groups/apt/apt-methods-cdrom b/apparmor.d/groups/apt/apt-methods-cdrom index ac1036e8f..c5efd32e3 100644 --- a/apparmor.d/groups/apt/apt-methods-cdrom +++ b/apparmor.d/groups/apt/apt-methods-cdrom @@ -38,7 +38,7 @@ profile apt-methods-cdrom @{exec_path} { @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/apt/apt-methods-copy b/apparmor.d/groups/apt/apt-methods-copy index 304f1db03..5f7e91744 100644 --- a/apparmor.d/groups/apt/apt-methods-copy +++ b/apparmor.d/groups/apt/apt-methods-copy @@ -48,7 +48,7 @@ profile apt-methods-copy @{exec_path} { @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, /var/log/cron-apt/temp w, include if exists diff --git a/apparmor.d/groups/apt/apt-methods-file b/apparmor.d/groups/apt/apt-methods-file index 48a782bdd..b74d4da92 100644 --- a/apparmor.d/groups/apt/apt-methods-file +++ b/apparmor.d/groups/apt/apt-methods-file @@ -48,7 +48,7 @@ profile apt-methods-file @{exec_path} { @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, /var/log/cron-apt/temp w, include if exists diff --git a/apparmor.d/groups/apt/apt-methods-ftp b/apparmor.d/groups/apt/apt-methods-ftp index 94bb01497..91a16a58e 100644 --- a/apparmor.d/groups/apt/apt-methods-ftp +++ b/apparmor.d/groups/apt/apt-methods-ftp @@ -38,7 +38,7 @@ profile apt-methods-ftp @{exec_path} { @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/apt/apt-methods-gpgv b/apparmor.d/groups/apt/apt-methods-gpgv index cd58b70f2..17f4ffb0d 100644 --- a/apparmor.d/groups/apt/apt-methods-gpgv +++ b/apparmor.d/groups/apt/apt-methods-gpgv @@ -89,7 +89,7 @@ profile apt-methods-gpgv @{exec_path} { @{PROC}/@{pid}/fd/ r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, /var/log/cron-apt/temp w, include if exists diff --git a/apparmor.d/groups/apt/apt-methods-http b/apparmor.d/groups/apt/apt-methods-http index a24c02ca5..0282cf3d6 100644 --- a/apparmor.d/groups/apt/apt-methods-http +++ b/apparmor.d/groups/apt/apt-methods-http @@ -75,7 +75,7 @@ profile apt-methods-http @{exec_path} { @{PROC}/1/cgroup r, @{PROC}/@{pid}/cgroup r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/apt/apt-methods-mirror b/apparmor.d/groups/apt/apt-methods-mirror index 66d9af94c..2a0d20ff0 100644 --- a/apparmor.d/groups/apt/apt-methods-mirror +++ b/apparmor.d/groups/apt/apt-methods-mirror @@ -38,7 +38,7 @@ profile apt-methods-mirror @{exec_path} { @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/apt/apt-methods-rred b/apparmor.d/groups/apt/apt-methods-rred index 88871d630..ac80f6239 100644 --- a/apparmor.d/groups/apt/apt-methods-rred +++ b/apparmor.d/groups/apt/apt-methods-rred @@ -48,7 +48,7 @@ profile apt-methods-rred @{exec_path} { @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, /var/log/cron-apt/temp w, include if exists diff --git a/apparmor.d/groups/apt/apt-methods-rsh b/apparmor.d/groups/apt/apt-methods-rsh index bb405268d..ee1a50168 100644 --- a/apparmor.d/groups/apt/apt-methods-rsh +++ b/apparmor.d/groups/apt/apt-methods-rsh @@ -38,7 +38,7 @@ profile apt-methods-rsh @{exec_path} { @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/apt/apt-methods-store b/apparmor.d/groups/apt/apt-methods-store index 00c47c936..4ed183a43 100644 --- a/apparmor.d/groups/apt/apt-methods-store +++ b/apparmor.d/groups/apt/apt-methods-store @@ -54,7 +54,7 @@ profile apt-methods-store @{exec_path} { @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, owner /var/log/cron-apt/temp w, include if exists diff --git a/apparmor.d/groups/apt/apt-show-versions b/apparmor.d/groups/apt/apt-show-versions index 4bbd917db..e6099f4fe 100644 --- a/apparmor.d/groups/apt/apt-show-versions +++ b/apparmor.d/groups/apt/apt-show-versions @@ -37,7 +37,7 @@ profile apt-show-versions @{exec_path} { @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, owner /var/log/cron-apt/temp w, include if exists diff --git a/apparmor.d/groups/apt/aptitude b/apparmor.d/groups/apt/aptitude index 13586224c..4cba0a034 100644 --- a/apparmor.d/groups/apt/aptitude +++ b/apparmor.d/groups/apt/aptitude @@ -124,7 +124,7 @@ profile aptitude @{exec_path} flags=(complain) { owner /tmp/aptitude-*.@{pid}:*/{pkgstates,control}* rw, /tmp/aptitude-*.@{pid}:*/pkgstates* r, owner /tmp/apt-dpkg-install-*/ rw, - owner /tmp/apt-dpkg-install-*/[0-9]*-*.deb w, + owner /tmp/apt-dpkg-install-*/@{int}-*.deb w, /var/cache/apt/ r, /var/cache/apt/** rwk, @@ -152,7 +152,7 @@ profile aptitude @{exec_path} flags=(complain) { # aptitude[]: /dev/tty2: Permission denied # aptitude[]: *** err # aptitude[]: Oh, oh, it's an error! possibly I die! - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, /dev/ptmx rw, diff --git a/apparmor.d/groups/apt/command-not-found b/apparmor.d/groups/apt/command-not-found index 619a550e8..4dc754e65 100644 --- a/apparmor.d/groups/apt/command-not-found +++ b/apparmor.d/groups/apt/command-not-found @@ -29,7 +29,7 @@ profile command-not-found @{exec_path} { owner @{PROC}/@{pid}/fd/ r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, # Silencer deny /usr/lib/ r, diff --git a/apparmor.d/groups/apt/deborphan b/apparmor.d/groups/apt/deborphan index bdd1f7609..da5a57080 100644 --- a/apparmor.d/groups/apt/deborphan +++ b/apparmor.d/groups/apt/deborphan @@ -17,7 +17,7 @@ profile deborphan @{exec_path} { /var/lib/dpkg/status r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, owner @{HOME}/.synaptic/selections.{update,proceed} w, include if exists diff --git a/apparmor.d/groups/apt/dpkg b/apparmor.d/groups/apt/dpkg index 6212485cd..ff926399b 100644 --- a/apparmor.d/groups/apt/dpkg +++ b/apparmor.d/groups/apt/dpkg @@ -110,7 +110,7 @@ profile dpkg @{exec_path} { owner @{PROC}/@{pid}/fd/ r, @{PROC}/sys/kernel/random/boot_id r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile diff { include diff --git a/apparmor.d/groups/apt/dpkg-query b/apparmor.d/groups/apt/dpkg-query index ec5fcaf1e..47f2e05bf 100644 --- a/apparmor.d/groups/apt/dpkg-query +++ b/apparmor.d/groups/apt/dpkg-query @@ -23,7 +23,7 @@ profile dpkg-query @{exec_path} { # file_inherit /tmp/#@{int} rw, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/apt/synaptic b/apparmor.d/groups/apt/synaptic index e0439c64d..44468d0be 100644 --- a/apparmor.d/groups/apt/synaptic +++ b/apparmor.d/groups/apt/synaptic @@ -129,7 +129,7 @@ profile synaptic @{exec_path} { /tmp/ r, owner /tmp/apt-dpkg-install-*/ rw, - owner /tmp/apt-dpkg-install-*/[0-9]*-*.deb w, + owner /tmp/apt-dpkg-install-*/@{int}-*.deb w, /var/cache/apt/ r, /var/cache/apt/** rwk, @@ -156,7 +156,7 @@ profile synaptic @{exec_path} { @{user_build_dirs}/** rwkl -> @{user_build_dirs}/**, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile dbus { diff --git a/apparmor.d/groups/apt/update-apt-xapian-index b/apparmor.d/groups/apt/update-apt-xapian-index index 8e2e01fab..286912f8e 100644 --- a/apparmor.d/groups/apt/update-apt-xapian-index +++ b/apparmor.d/groups/apt/update-apt-xapian-index @@ -37,7 +37,7 @@ profile update-apt-xapian-index @{exec_path} { /etc/machine-id r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/browsers/chrome-crashpad-handler b/apparmor.d/groups/browsers/chrome-crashpad-handler index 865c3c5cd..0c0365971 100644 --- a/apparmor.d/groups/browsers/chrome-crashpad-handler +++ b/apparmor.d/groups/browsers/chrome-crashpad-handler @@ -29,8 +29,8 @@ profile chrome-crashpad-handler @{exec_path} { owner @{PROC}/@{pids}/stat r, owner @{PROC}/@{pids}/task/ r, - @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/scaling_cur_freq r, - @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/scaling_max_freq r, + @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_cur_freq r, + @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_max_freq r, include if exists } diff --git a/apparmor.d/groups/browsers/chromium-crashpad-handler b/apparmor.d/groups/browsers/chromium-crashpad-handler index 90ad1aa36..dc47a5328 100644 --- a/apparmor.d/groups/browsers/chromium-crashpad-handler +++ b/apparmor.d/groups/browsers/chromium-crashpad-handler @@ -28,8 +28,8 @@ profile chromium-crashpad-handler @{exec_path} { owner @{PROC}/@{pids}/stat r, owner @{PROC}/@{pids}/task/ r, - @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/scaling_cur_freq r, - @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/scaling_max_freq r, + @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_cur_freq r, + @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_max_freq r, include if exists } diff --git a/apparmor.d/groups/browsers/chromium-wrapper b/apparmor.d/groups/browsers/chromium-wrapper index 5660b4501..04cd07e46 100644 --- a/apparmor.d/groups/browsers/chromium-wrapper +++ b/apparmor.d/groups/browsers/chromium-wrapper @@ -42,7 +42,7 @@ profile chromium-wrapper @{exec_path} { owner /tmp/tmp.*/ rw, owner /tmp/tmp.*/** rwk, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, /dev/dri/card[0-9] rw, # Silencer diff --git a/apparmor.d/groups/browsers/firefox b/apparmor.d/groups/browsers/firefox index 454390d58..1aee6b815 100644 --- a/apparmor.d/groups/browsers/firefox +++ b/apparmor.d/groups/browsers/firefox @@ -185,8 +185,8 @@ profile firefox @{exec_path} flags=(attach_disconnected) { owner @{HOME}/ r, owner @{user_cache_dirs}/ rw, - owner @{user_cache_dirs}/gstreamer-[0-9]*/ rw, - owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw, + owner @{user_cache_dirs}/gstreamer-@{int}/ rw, + owner @{user_cache_dirs}/gstreamer-@{int}/registry.*.bin{,.tmp*} rw, owner @{user_config_dirs}/ r, owner @{user_config_dirs}/gtk-{3,4}.0/assets/*.svg r, @@ -237,7 +237,7 @@ profile firefox @{exec_path} flags=(attach_disconnected) { @{sys}/class/**/ r, @{sys}/devices/**/uevent r, @{sys}/devices/pci[0-9]*/**/ r, - @{sys}/devices/pci[0-9]*/**/drm/card[0-9]*/ r, + @{sys}/devices/pci[0-9]*/**/drm/card@{int}/ r, @{sys}/devices/pci[0-9]*/**/drm/renderD[0-9]*/ r, @{sys}/devices/pci[0-9]*/**/irq r, @{sys}/devices/system/cpu/cpu[0-9]/cache/index[0-9]/size r, @@ -269,15 +269,15 @@ profile firefox @{exec_path} flags=(attach_disconnected) { owner @{PROC}/@{pids}/environ r, /dev/ r, - /dev/hidraw[0-9]* rw, + /dev/hidraw@{int} rw, /dev/shm/ r, /dev/tty rw, - /dev/video[0-9]* rw, - owner /dev/dri/card[0-9]* rw, # File Inherit + /dev/video@{int} rw, + owner /dev/dri/card@{int} rw, # File Inherit owner /dev/shm/org.chromium.* rw, - owner /dev/shm/org.mozilla.ipc.@{pid}.[0-9]* rw, - owner /dev/shm/wayland.mozilla.ipc.[0-9]* rw, - owner /dev/tty[0-9]* rw, # File Inherit + owner /dev/shm/org.mozilla.ipc.@{pid}.@{int} rw, + owner /dev/shm/wayland.mozilla.ipc.@{int} rw, + owner /dev/tty@{int} rw, # File Inherit # X-tiny /tmp/.X0-lock r, diff --git a/apparmor.d/groups/browsers/firefox-crashreporter b/apparmor.d/groups/browsers/firefox-crashreporter index 651be4340..e74136146 100644 --- a/apparmor.d/groups/browsers/firefox-crashreporter +++ b/apparmor.d/groups/browsers/firefox-crashreporter @@ -54,9 +54,9 @@ profile firefox-crashreporter @{exec_path} flags=(attach_disconnected) { owner /tmp/@{hex}.{dmp,extra} rw, owner /tmp/firefox/.parentlock w, - owner /dev/shm/org.mozilla.ipc.[0-9]*.[0-9]* r, + owner /dev/shm/org.mozilla.ipc.@{int}.@{int} r, - /dev/dri/card[0-9]* rw, + /dev/dri/card@{int} rw, /dev/dri/renderD128 rw, # Silencer diff --git a/apparmor.d/groups/browsers/firefox-kmozillahelper b/apparmor.d/groups/browsers/firefox-kmozillahelper index c1e256950..79fd9dc5d 100644 --- a/apparmor.d/groups/browsers/firefox-kmozillahelper +++ b/apparmor.d/groups/browsers/firefox-kmozillahelper @@ -22,7 +22,7 @@ profile firefox-kmozillahelper @{exec_path} { @{exec_path} mr, /usr/share/hwdata/*.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/kservices5/{,**} r, /usr/share/mime/ r, diff --git a/apparmor.d/groups/browsers/firefox-minidump-analyzer b/apparmor.d/groups/browsers/firefox-minidump-analyzer index 1b00c9743..dc725f3fc 100644 --- a/apparmor.d/groups/browsers/firefox-minidump-analyzer +++ b/apparmor.d/groups/browsers/firefox-minidump-analyzer @@ -37,7 +37,7 @@ profile firefox-minidump-analyzer @{exec_path} { owner /tmp/@{hex}.{dmp,extra} rw, owner /tmp/firefox/.parentlock w, - owner /dev/shm/org.mozilla.ipc.[0-9]*.[0-9]* r, + owner /dev/shm/org.mozilla.ipc.@{int}.@{int} r, owner @{PROC}/@{pid}/task/@{tid}/stat r, owner @{PROC}/@{pid}/stat r, diff --git a/apparmor.d/groups/browsers/firefox-pingsender b/apparmor.d/groups/browsers/firefox-pingsender index db4d04306..398e2d12d 100644 --- a/apparmor.d/groups/browsers/firefox-pingsender +++ b/apparmor.d/groups/browsers/firefox-pingsender @@ -27,7 +27,7 @@ profile firefox-pingsender @{exec_path} { owner @{PROC}/@{pid}/stat r, owner @{PROC}/@{pid}/task/@{tid}/stat r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/bus/dbus-daemon b/apparmor.d/groups/bus/dbus-daemon index 0c217a2a1..45dd3204d 100644 --- a/apparmor.d/groups/bus/dbus-daemon +++ b/apparmor.d/groups/bus/dbus-daemon @@ -96,9 +96,9 @@ profile dbus-daemon @{exec_path} flags=(attach_disconnected) { @{PROC}/cmdline r, @{PROC}/sys/kernel/osrelease r, - /dev/dri/card[0-9]* rw, - /dev/input/event[0-9]* rw, - /dev/tty[0-9]* rw, + /dev/dri/card@{int} rw, + /dev/input/event@{int} rw, + /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/bus/dbus-run-session b/apparmor.d/groups/bus/dbus-run-session index 779850e7a..3b9f943b9 100644 --- a/apparmor.d/groups/bus/dbus-run-session +++ b/apparmor.d/groups/bus/dbus-run-session @@ -34,7 +34,7 @@ profile dbus-run-session @{exec_path} { # file_inherit /dev/tty rw, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/bus/ibus-daemon b/apparmor.d/groups/bus/ibus-daemon index 6d4ca9fbb..a8af280fa 100644 --- a/apparmor.d/groups/bus/ibus-daemon +++ b/apparmor.d/groups/bus/ibus-daemon @@ -62,7 +62,7 @@ profile ibus-daemon @{exec_path} flags=(attach_disconnected) { owner @{PROC}/@{pids}/fd/ r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/bus/ibus-dconf b/apparmor.d/groups/bus/ibus-dconf index cdce8cd65..42b0dd648 100644 --- a/apparmor.d/groups/bus/ibus-dconf +++ b/apparmor.d/groups/bus/ibus-dconf @@ -43,7 +43,7 @@ profile ibus-dconf @{exec_path} flags=(attach_disconnected) { owner @{user_config_dirs}/ibus/bus/ r, owner @{user_config_dirs}/ibus/bus/@{md5}-unix-{,wayland-}@{int} r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/bus/ibus-engine-simple b/apparmor.d/groups/bus/ibus-engine-simple index 37fbad064..c91249e9c 100644 --- a/apparmor.d/groups/bus/ibus-engine-simple +++ b/apparmor.d/groups/bus/ibus-engine-simple @@ -23,7 +23,7 @@ profile ibus-engine-simple @{exec_path} flags=(attach_disconnected) { /var/lib/gdm{3,}/.config/ibus/bus/ r, /var/lib/gdm{3,}/.config/ibus/bus/@{md5}-unix-{,wayland-}@{int} r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/bus/ibus-extension-gtk3 b/apparmor.d/groups/bus/ibus-extension-gtk3 index 385b765f4..40a4deb17 100644 --- a/apparmor.d/groups/bus/ibus-extension-gtk3 +++ b/apparmor.d/groups/bus/ibus-extension-gtk3 @@ -80,7 +80,7 @@ profile ibus-extension-gtk3 @{exec_path} flags=(attach_disconnected) { /var/lib/gdm{3,}/greeter-dconf-defaults r, # file inherit - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/bus/ibus-portal b/apparmor.d/groups/bus/ibus-portal index 1fc823877..6a42ef8b2 100644 --- a/apparmor.d/groups/bus/ibus-portal +++ b/apparmor.d/groups/bus/ibus-portal @@ -39,7 +39,7 @@ profile ibus-portal @{exec_path} flags=(attach_disconnected) { /var/lib/gdm{3,}/.config/ibus/bus/ r, /var/lib/gdm{3,}/.config/ibus/bus/@{md5}-unix-{,wayland-}@{int} r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/bus/ibus-x11 b/apparmor.d/groups/bus/ibus-x11 index b913490ba..3399abae7 100644 --- a/apparmor.d/groups/bus/ibus-x11 +++ b/apparmor.d/groups/bus/ibus-x11 @@ -53,7 +53,7 @@ profile ibus-x11 @{exec_path} flags=(attach_disconnected) { owner @{run}/user/@{uid}/.mutter-Xwaylandauth.@{rand6} r, owner @{run}/user/@{uid}/gdm/Xauthority r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/children/child-pager b/apparmor.d/groups/children/child-pager index c2536ea22..0489a612b 100644 --- a/apparmor.d/groups/children/child-pager +++ b/apparmor.d/groups/children/child-pager @@ -32,7 +32,7 @@ profile child-pager { owner @{HOME}/ r, owner @{HOME}/.lesshs* rw, - owner @{HOME}/.terminfo/[0-9]*/* r, + owner @{HOME}/.terminfo/@{int}/* r, owner @{user_cache_dirs}/lesshs* rw, owner @{user_state_dirs}/ r, owner @{user_state_dirs}/lesshs* rw, diff --git a/apparmor.d/groups/freedesktop/at-spi-bus-launcher b/apparmor.d/groups/freedesktop/at-spi-bus-launcher index 3513a4213..a0d9d6adf 100644 --- a/apparmor.d/groups/freedesktop/at-spi-bus-launcher +++ b/apparmor.d/groups/freedesktop/at-spi-bus-launcher @@ -54,7 +54,7 @@ profile at-spi-bus-launcher @{exec_path} flags=(attach_disconnected) { owner @{PROC}/@{pid}/fd/ r, @{PROC}/1/cgroup r, - owner /dev/tty[0-9]* rw, # file_inherit + owner /dev/tty@{int} rw, # file_inherit include if exists } diff --git a/apparmor.d/groups/freedesktop/at-spi2-registryd b/apparmor.d/groups/freedesktop/at-spi2-registryd index 9df761011..80c92b3da 100644 --- a/apparmor.d/groups/freedesktop/at-spi2-registryd +++ b/apparmor.d/groups/freedesktop/at-spi2-registryd @@ -95,7 +95,7 @@ profile at-spi2-registryd @{exec_path} flags=(attach_disconnected) { owner @{run}/user/@{uid}/gdm/Xauthority r, owner @{run}/user/@{uid}/xauth_@{rand6} r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/freedesktop/cpupower b/apparmor.d/groups/freedesktop/cpupower index e0c85aa4f..a70c890b2 100644 --- a/apparmor.d/groups/freedesktop/cpupower +++ b/apparmor.d/groups/freedesktop/cpupower @@ -10,7 +10,7 @@ include profile cpupower @{exec_path} { include - # Needed to read the /dev/cpu/[0-9]*/msr device, and hence remove the following error: + # Needed to read the /dev/cpu/@{int}/msr device, and hence remove the following error: # Could not read perf-bias value[-1] capability sys_rawio, @@ -25,19 +25,19 @@ profile cpupower @{exec_path} { @{sys}/devices/system/cpu/{cpufreq,cpuidle}/ r, @{sys}/devices/system/cpu/{cpufreq,cpuidle}/** r, - @{sys}/devices/system/cpu/cpu[0-9]*/{cpufreq,cpuidle}/ r, - @{sys}/devices/system/cpu/cpu[0-9]*/{cpufreq,cpuidle}/** r, + @{sys}/devices/system/cpu/cpu@{int}/{cpufreq,cpuidle}/ r, + @{sys}/devices/system/cpu/cpu@{int}/{cpufreq,cpuidle}/** r, - @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/scaling_{min,max}_freq rw, - @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/scaling_governor rw, - @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/scaling_setspeed rw, - @{sys}/devices/system/cpu/cpu[0-9]*/cpuidle/state[0-9]/disable rw, + @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_{min,max}_freq rw, + @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_governor rw, + @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_setspeed rw, + @{sys}/devices/system/cpu/cpu@{int}/cpuidle/state[0-9]/disable rw, - @{sys}/devices/system/cpu/cpu[0-9]*/topology/{physical_package_id,core_id} r, + @{sys}/devices/system/cpu/cpu@{int}/topology/{physical_package_id,core_id} r, - @{sys}/devices/system/cpu/cpu[0-9]*/online r, + @{sys}/devices/system/cpu/cpu@{int}/online r, - /dev/cpu/[0-9]*/msr r, + /dev/cpu/@{int}/msr r, profile kmod { diff --git a/apparmor.d/groups/freedesktop/dconf-editor b/apparmor.d/groups/freedesktop/dconf-editor index cf4bd8871..fd090fb0f 100644 --- a/apparmor.d/groups/freedesktop/dconf-editor +++ b/apparmor.d/groups/freedesktop/dconf-editor @@ -27,7 +27,7 @@ profile dconf-editor @{exec_path} { owner @{user_config_dirs}/glib-2.0/settings/.goutputstream-@{rand6} rw, owner @{HOME}/.Xauthority r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/freedesktop/dconf-service b/apparmor.d/groups/freedesktop/dconf-service index 10cbc0fb7..37b26d370 100644 --- a/apparmor.d/groups/freedesktop/dconf-service +++ b/apparmor.d/groups/freedesktop/dconf-service @@ -52,7 +52,7 @@ profile dconf-service @{exec_path} flags=(attach_disconnected) { @{PROC}/cmdline r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/freedesktop/fc-cache b/apparmor.d/groups/freedesktop/fc-cache index e741b8729..34019696f 100644 --- a/apparmor.d/groups/freedesktop/fc-cache +++ b/apparmor.d/groups/freedesktop/fc-cache @@ -7,7 +7,7 @@ abi , include -@{exec_path} = /{snap/snapd/[0-9]*/,}{usr/,}bin/fc-cache{,-32,-v*} +@{exec_path} = /{snap/snapd/@{int}/,}{usr/,}bin/fc-cache{,-32,-v*} profile fc-cache @{exec_path} { include include diff --git a/apparmor.d/groups/freedesktop/pipewire b/apparmor.d/groups/freedesktop/pipewire index 0878438da..94e325f92 100644 --- a/apparmor.d/groups/freedesktop/pipewire +++ b/apparmor.d/groups/freedesktop/pipewire @@ -82,7 +82,7 @@ profile pipewire @{exec_path} flags=(attach_disconnected) { owner @{PROC}/@{pid}/task/@{tid}/comm rw, - /dev/media[0-9]* rw, + /dev/media@{int} rw, include if exists } diff --git a/apparmor.d/groups/freedesktop/pipewire-media-session b/apparmor.d/groups/freedesktop/pipewire-media-session index f838d687d..8af8079f6 100644 --- a/apparmor.d/groups/freedesktop/pipewire-media-session +++ b/apparmor.d/groups/freedesktop/pipewire-media-session @@ -70,11 +70,11 @@ profile pipewire-media-session @{exec_path} { @{sys}/devices/pci[0-9]*/**/sound/**/pcm_class r, @{sys}/devices/pci[0-9]*/**/video4linux/video[0-9]*/uevent r, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, + @{sys}/devices/system/node/node@{int}/meminfo r, owner @{PROC}/@{pid}/task/@{tid}/comm rw, - /dev/video[0-9]* rw, + /dev/video@{int} rw, /dev/snd/ r, include if exists diff --git a/apparmor.d/groups/freedesktop/plymouthd b/apparmor.d/groups/freedesktop/plymouthd index a9f36e132..355c34ce0 100644 --- a/apparmor.d/groups/freedesktop/plymouthd +++ b/apparmor.d/groups/freedesktop/plymouthd @@ -59,7 +59,7 @@ profile plymouthd @{exec_path} { owner @{PROC}/@{pid}/stat r, /dev/ptmx rw, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, /dev/ttyS[0-9]* rw, include if exists diff --git a/apparmor.d/groups/freedesktop/polkit-agent-helper b/apparmor.d/groups/freedesktop/polkit-agent-helper index ddb4f3b5b..ecd210262 100644 --- a/apparmor.d/groups/freedesktop/polkit-agent-helper +++ b/apparmor.d/groups/freedesktop/polkit-agent-helper @@ -49,7 +49,7 @@ profile polkit-agent-helper @{exec_path} { owner @{PROC}/@{pid}/cgroup r, owner @{PROC}/@{pid}/loginuid r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/freedesktop/polkit-kde-authentication-agent b/apparmor.d/groups/freedesktop/polkit-kde-authentication-agent index fa533ceac..e642b30d3 100644 --- a/apparmor.d/groups/freedesktop/polkit-kde-authentication-agent +++ b/apparmor.d/groups/freedesktop/polkit-kde-authentication-agent @@ -32,7 +32,7 @@ profile polkit-kde-authentication-agent @{exec_path} { @{lib}/polkit-[0-9]/polkit-agent-helper-[0-9] rPx, /usr/share/hwdata/pnp.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/qt5ct/** r, /etc/machine-id r, diff --git a/apparmor.d/groups/freedesktop/polkit-mate-authentication-agent b/apparmor.d/groups/freedesktop/polkit-mate-authentication-agent index cb1a4a7ac..0d1a41b4c 100644 --- a/apparmor.d/groups/freedesktop/polkit-mate-authentication-agent +++ b/apparmor.d/groups/freedesktop/polkit-mate-authentication-agent @@ -33,7 +33,7 @@ profile polkit-mate-authentication-agent @{exec_path} { owner @{HOME}/.Xauthority r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, @{PROC}/1/cgroup r, owner @{PROC}/@{pid}/cgroup r, diff --git a/apparmor.d/groups/freedesktop/pulseaudio b/apparmor.d/groups/freedesktop/pulseaudio index a26382220..3ff764f75 100644 --- a/apparmor.d/groups/freedesktop/pulseaudio +++ b/apparmor.d/groups/freedesktop/pulseaudio @@ -190,11 +190,11 @@ profile pulseaudio @{exec_path} { owner @{PROC}/@{pids}/stat r, owner @{PROC}/@{pids}/cmdline r, - /dev/media[0-9]* r, - /dev/video[0-9]* rw, + /dev/media@{int} r, + /dev/video@{int} rw, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, owner @{HOME}/.xsession-errors w, include if exists diff --git a/apparmor.d/groups/freedesktop/update-mime-database b/apparmor.d/groups/freedesktop/update-mime-database index fbda9c4e7..9a8bba138 100644 --- a/apparmor.d/groups/freedesktop/update-mime-database +++ b/apparmor.d/groups/freedesktop/update-mime-database @@ -19,8 +19,8 @@ profile update-mime-database @{exec_path} { /usr/share/mime/{,**} rw, - /dev/tty[0-9]* rw, - owner /dev/pts/[0-9]* rw, + /dev/tty@{int} rw, + owner /dev/pts/@{int} rw, # Inherit silencer deny network inet6 stream, diff --git a/apparmor.d/groups/freedesktop/xdg-dbus-proxy b/apparmor.d/groups/freedesktop/xdg-dbus-proxy index 3ddbc9d49..20054be40 100644 --- a/apparmor.d/groups/freedesktop/xdg-dbus-proxy +++ b/apparmor.d/groups/freedesktop/xdg-dbus-proxy @@ -44,7 +44,7 @@ profile xdg-dbus-proxy @{exec_path} flags=(attach_disconnected) { member=GetSettings peer=(label=NetworkManager), - owner @{run}/firejail/dbus/[0-9]*/[0-9]*-{system,user} rw, + owner @{run}/firejail/dbus/@{int}/@{int}-{system,user} rw, owner @{run}/user/@{uid}/.dbus-proxy/{system,session,a11y}-bus-proxy-[0-9A-Z]* rw, owner @{run}/user/@{uid}/webkitgtk/a11y-proxy-[0-9A-Z]* rw, owner @{run}/user/@{uid}/webkitgtk/bus-proxy-[0-9A-Z]* rw, @@ -52,7 +52,7 @@ profile xdg-dbus-proxy @{exec_path} flags=(attach_disconnected) { @{sys}/devices/virtual/thermal/thermal_zone[0-9]/hwmon[0-9]/temp* r, - /dev/dri/card[0-9]* rw, + /dev/dri/card@{int} rw, deny owner @{user_share_dirs}/gvfs-metadata/{,*} r, diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome index 74fa0bc09..ad2be3548 100644 --- a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome +++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome @@ -129,7 +129,7 @@ profile xdg-desktop-portal-gnome @{exec_path} { /usr/share/X11/xkb/{,**} r, - /var/cache/gio-[0-9]*.[0-9]*/gnome-mimeapps.list r, + /var/cache/gio-@{int}.@{int}/gnome-mimeapps.list r, /var/lib/snapd/desktop/icons/{,**} r, owner @{HOME}/*/{,**} rw, diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk index b46784793..5610c933d 100644 --- a/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk +++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk @@ -157,7 +157,7 @@ profile xdg-desktop-portal-gtk @{exec_path} { / r, - owner /var/lib/xkb/server-[0-9]*.xkm rw, + owner /var/lib/xkb/server-@{int}.xkm rw, owner @{HOME}/ r, owner @{HOME}/.* r, diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde b/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde index d61f95d78..c8f39891f 100644 --- a/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde +++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal-kde @@ -26,7 +26,7 @@ profile xdg-desktop-portal-kde @{exec_path} { @{exec_path} mr, /usr/share/hwdata/pnp.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/mime/{,**} r, /usr/share/qt5/qtlogging.ini r, diff --git a/apparmor.d/groups/freedesktop/xdg-document-portal b/apparmor.d/groups/freedesktop/xdg-document-portal index 10d57f825..4d107542b 100644 --- a/apparmor.d/groups/freedesktop/xdg-document-portal +++ b/apparmor.d/groups/freedesktop/xdg-document-portal @@ -68,7 +68,7 @@ profile xdg-document-portal @{exec_path} flags=(attach_disconnected) { /dev/fuse rw, # file inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile flatpak { include diff --git a/apparmor.d/groups/freedesktop/xdg-email b/apparmor.d/groups/freedesktop/xdg-email index 1ad830028..d30b4fe5e 100644 --- a/apparmor.d/groups/freedesktop/xdg-email +++ b/apparmor.d/groups/freedesktop/xdg-email @@ -23,7 +23,7 @@ profile xdg-email @{exec_path} flags=(complain) { @{bin}/which rix, @{bin}/xdg-mime rPx, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/freedesktop/xdg-mime b/apparmor.d/groups/freedesktop/xdg-mime index 4765171ce..ab009685a 100644 --- a/apparmor.d/groups/freedesktop/xdg-mime +++ b/apparmor.d/groups/freedesktop/xdg-mime @@ -39,10 +39,10 @@ profile xdg-mime @{exec_path} flags=(attach_disconnected) { owner @{run}/user/@{uid}/ r, - @{sys}/devices/platform/**/hwmon/hwmon[0-9]*/temp* r, - @{sys}/devices/platform/**/hwmon/hwmon[0-9]*/fan* r, + @{sys}/devices/platform/**/hwmon/hwmon@{int}/temp* r, + @{sys}/devices/platform/**/hwmon/hwmon@{int}/fan* r, - /dev/dri/card[0-9]* rw, + /dev/dri/card@{int} rw, /dev/tty rw, # When xdg-mime is run as root, it wants to exec dbus-launch, and hence it creates the two diff --git a/apparmor.d/groups/freedesktop/xdg-permission-store b/apparmor.d/groups/freedesktop/xdg-permission-store index f04f1baba..00b0778d2 100644 --- a/apparmor.d/groups/freedesktop/xdg-permission-store +++ b/apparmor.d/groups/freedesktop/xdg-permission-store @@ -54,7 +54,7 @@ profile xdg-permission-store @{exec_path} flags=(attach_disconnected) { owner @{user_share_dirs}/flatpak/db/background rw, owner @{user_share_dirs}/flatpak/db/notifications rw, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/freedesktop/xdg-screensaver b/apparmor.d/groups/freedesktop/xdg-screensaver index 963697868..be2e2276d 100644 --- a/apparmor.d/groups/freedesktop/xdg-screensaver +++ b/apparmor.d/groups/freedesktop/xdg-screensaver @@ -35,7 +35,7 @@ profile xdg-screensaver @{exec_path} { owner @{HOME}/ r, owner @{HOME}/.Xauthority r, - owner /tmp/xauth-[0-9]*-_[0-9] r, + owner /tmp/xauth-@{int}-_[0-9] r, owner @{run}/user/@{uid}/ r, diff --git a/apparmor.d/groups/freedesktop/xhost b/apparmor.d/groups/freedesktop/xhost index c963abfbf..76c3802ca 100644 --- a/apparmor.d/groups/freedesktop/xhost +++ b/apparmor.d/groups/freedesktop/xhost @@ -21,7 +21,7 @@ profile xhost @{exec_path} { /tmp/.X11-unix/* rw, # file_inherit - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, owner @{HOME}/.xsession-errors w, # Silencer diff --git a/apparmor.d/groups/freedesktop/xkbcomp b/apparmor.d/groups/freedesktop/xkbcomp index 50ec0cae9..fc6ca30ef 100644 --- a/apparmor.d/groups/freedesktop/xkbcomp +++ b/apparmor.d/groups/freedesktop/xkbcomp @@ -20,25 +20,25 @@ profile xkbcomp @{exec_path} flags=(attach_disconnected) { /usr/share/X11/xkb/** r, - /var/lib/xkb/server-[0-9]*.xkm w, - /var/lib/xkb/compiled/server-[0-9]*.xkm rw, + /var/lib/xkb/server-@{int}.xkm w, + /var/lib/xkb/compiled/server-@{int}.xkm rw, owner @{HOME}/.Xauthority r, owner @{HOME}/*.{xkb,xkm} rw, - owner @{user_share_dirs}/xorg/Xorg.[0-9].log w, + owner @{user_share_dirs}/xorg/Xorg.@{int}.log w, - /var/lib/gdm{3,}/.local/share/xorg/Xorg.[0-9].log w, - owner /var/log/lightdm/x-[0-9]*.log w, + /var/lib/gdm{3,}/.local/share/xorg/Xorg.@{int}.log w, + owner /var/log/lightdm/x-@{int}.log w, - owner /tmp/server-[0-9]*.xkm rwk, + owner /tmp/server-@{int}.xkm rwk, - /dev/dri/card[0-9]* rw, + /dev/dri/card@{int} rw, /dev/tty rw, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, - deny /dev/input/event[0-9]* rw, - deny /var/log/Xorg.[0-9]*.log w, + deny /dev/input/event@{int} rw, + deny /var/log/Xorg.@{int}.log w, include if exists } diff --git a/apparmor.d/groups/freedesktop/xorg b/apparmor.d/groups/freedesktop/xorg index 6cbcd6530..0a11954c9 100644 --- a/apparmor.d/groups/freedesktop/xorg +++ b/apparmor.d/groups/freedesktop/xorg @@ -66,8 +66,8 @@ profile xorg @{exec_path} flags=(attach_disconnected) { @{lib}/xorg/modules/ r, @{lib}/xorg/modules/** mr, - /var/lib/xkb/server-[0-9]*.xkm rw, - /var/lib/xkb/compiled/server-[0-9]*.xkm rw, + /var/lib/xkb/server-@{int}.xkm rw, + /var/lib/xkb/compiled/server-@{int}.xkm rw, /usr/share/egl/{,**} rw, /usr/share/libinput*/ r, @@ -140,11 +140,11 @@ profile xorg @{exec_path} flags=(attach_disconnected) { @{PROC}/mtrr rw, /dev/fb[0-9] rw, - /dev/input/event[0-9]* rw, + /dev/input/event@{int} rw, /dev/shm/#@{int} rw, /dev/shm/shmfd-* rw, /dev/tty rw, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, /dev/vga_arbiter rw, # Graphic card modules include if exists diff --git a/apparmor.d/groups/freedesktop/xprop b/apparmor.d/groups/freedesktop/xprop index dd172f457..4e57b13d5 100644 --- a/apparmor.d/groups/freedesktop/xprop +++ b/apparmor.d/groups/freedesktop/xprop @@ -25,7 +25,7 @@ profile xprop @{exec_path} { owner @{run}/user/@{uid}/xauth_@{rand6} rl, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, owner @{HOME}/.xsession-errors w, include if exists diff --git a/apparmor.d/groups/freedesktop/xrandr b/apparmor.d/groups/freedesktop/xrandr index 83e75b95a..b57f58d3c 100644 --- a/apparmor.d/groups/freedesktop/xrandr +++ b/apparmor.d/groups/freedesktop/xrandr @@ -17,7 +17,7 @@ profile xrandr @{exec_path} { /usr/share/X11/XErrorDB r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/freedesktop/xrdb b/apparmor.d/groups/freedesktop/xrdb index 1182d3c7e..a471fb2ae 100644 --- a/apparmor.d/groups/freedesktop/xrdb +++ b/apparmor.d/groups/freedesktop/xrdb @@ -17,7 +17,7 @@ profile xrdb @{exec_path} { @{bin}/{,*-}cpp-[0-9]* rix, @{bin}/{,ba,da}sh rix, @{bin}/cpp rix, - @{lib}/gcc/*/[0-9]*/cc1 rix, + @{lib}/gcc/*/@{int}/cc1 rix, @{lib}/llvm-[0-9]*/bin/clang rix, /usr/include/stdc-predef.h r, @@ -40,10 +40,10 @@ profile xrdb @{exec_path} { owner /tmp/xauth-[0-9]*-_[0-9] r, @{run}/sddm/\{@{uuid}\} r, - @{run}/sddm/xauth_?????? r, + @{run}/sddm/xauth_@{rand6} r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, owner @{HOME}/.xsession-errors w, /dev/tty rw, diff --git a/apparmor.d/groups/freedesktop/xset b/apparmor.d/groups/freedesktop/xset index 5f2e0ba77..642fd9441 100644 --- a/apparmor.d/groups/freedesktop/xset +++ b/apparmor.d/groups/freedesktop/xset @@ -16,12 +16,12 @@ profile xset @{exec_path} { owner @{HOME}/.Xauthority r, @{run}/sddm/\{@{uuid}\} r, - @{run}/sddm/xauth_?????? r, + @{run}/sddm/xauth_@{rand6} r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, owner @{HOME}/.xsession-errors w, - deny /dev/dri/card[0-9]* rw, + deny /dev/dri/card@{int} rw, include if exists } diff --git a/apparmor.d/groups/freedesktop/xwayland b/apparmor.d/groups/freedesktop/xwayland index 6d3598711..82df72452 100644 --- a/apparmor.d/groups/freedesktop/xwayland +++ b/apparmor.d/groups/freedesktop/xwayland @@ -36,7 +36,7 @@ profile xwayland @{exec_path} flags=(attach_disconnected) { owner /var/lib/gdm{3,}/.cache/mesa_shader_cache/index rw, - owner /tmp/server-[0-9]*.xkm rwk, + owner /tmp/server-@{int}.xkm rwk, owner @{run}/user/@{uid}/.mutter-Xwaylandauth.@{rand6} rw, owner @{run}/user/@{uid}/xwayland-shared-@{rand6} rw, @@ -45,7 +45,7 @@ profile xwayland @{exec_path} flags=(attach_disconnected) { @{PROC}/@{pids}/cmdline r, owner @{PROC}/@{pids}/comm r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, /dev/tty rw, include if exists diff --git a/apparmor.d/groups/gnome/evolution-addressbook-factory b/apparmor.d/groups/gnome/evolution-addressbook-factory index cc1265300..3361a2491 100644 --- a/apparmor.d/groups/gnome/evolution-addressbook-factory +++ b/apparmor.d/groups/gnome/evolution-addressbook-factory @@ -40,7 +40,7 @@ profile evolution-addressbook-factory @{exec_path} { @{exec_path}-subprocess rix, /usr/share/glib-2.0/schemas/gschemas.compiled r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, owner @{user_share_dirs}/evolution/{,**} rwk, owner @{user_cache_dirs}/evolution/addressbook/{,**} rwk, diff --git a/apparmor.d/groups/gnome/gdm b/apparmor.d/groups/gnome/gdm index 1c969bcc5..8163a06e2 100644 --- a/apparmor.d/groups/gnome/gdm +++ b/apparmor.d/groups/gnome/gdm @@ -92,7 +92,7 @@ profile gdm @{exec_path} flags=(attach_disconnected) { @{run}/gdm{3,}/custom.conf r, @{run}/gdm{3,}/gdm.pid rw, @{run}/gdm{3,}/greeter/ rw, - @{run}/systemd/seats/seat[0-9]* r, + @{run}/systemd/seats/seat@{int} r, @{run}/systemd/sessions/* r, @{run}/systemd/sessions/*.ref r, @{run}/systemd/users/@{uid} r, diff --git a/apparmor.d/groups/gnome/gdm-session-worker b/apparmor.d/groups/gnome/gdm-session-worker index c447fdd86..f6eaf8ab5 100644 --- a/apparmor.d/groups/gnome/gdm-session-worker +++ b/apparmor.d/groups/gnome/gdm-session-worker @@ -104,7 +104,7 @@ profile gdm-session-worker @{exec_path} flags=(attach_disconnected) { @{PROC}/keys r, /dev/tty rw, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/gnome/gdm-wayland-session b/apparmor.d/groups/gnome/gdm-wayland-session index 6526ab43d..8510c600e 100644 --- a/apparmor.d/groups/gnome/gdm-wayland-session +++ b/apparmor.d/groups/gnome/gdm-wayland-session @@ -98,7 +98,7 @@ profile gdm-wayland-session @{exec_path} { owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/loginuid r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/gnome/gdm-x-session b/apparmor.d/groups/gnome/gdm-x-session index 50ba509bd..db6a8d349 100644 --- a/apparmor.d/groups/gnome/gdm-x-session +++ b/apparmor.d/groups/gnome/gdm-x-session @@ -55,7 +55,7 @@ profile gdm-x-session @{exec_path} flags=(attach_disconnected) { owner @{PROC}/@{pid}/fd/ r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/gnome/gdm-xsession b/apparmor.d/groups/gnome/gdm-xsession index 412df8905..543ed3b22 100644 --- a/apparmor.d/groups/gnome/gdm-xsession +++ b/apparmor.d/groups/gnome/gdm-xsession @@ -57,7 +57,7 @@ profile gdm-xsession @{exec_path} { owner /tmp/gdm{3,}-config-err-@{rand6} rw, # file_inherit - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, profile dbus { include @@ -78,7 +78,7 @@ profile gdm-xsession @{exec_path} { # file_inherit /dev/tty rw, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, owner @{HOME}/.xsession-errors w, include if exists diff --git a/apparmor.d/groups/gnome/gio-launch-desktop b/apparmor.d/groups/gnome/gio-launch-desktop index ec79117ca..e8831dd2d 100644 --- a/apparmor.d/groups/gnome/gio-launch-desktop +++ b/apparmor.d/groups/gnome/gio-launch-desktop @@ -23,7 +23,7 @@ profile gio-launch-desktop @{exec_path} flags=(attach_disconnected) { @{lib}/gio-launch-desktop rix, # System files - /var/cache/gio-[0-9]*.[0-9]*/gnome-mimeapps.list r, + /var/cache/gio-@{int}.@{int}/gnome-mimeapps.list r, # User files owner @{PROC}/@{pid}/fd/ r, @@ -37,7 +37,7 @@ profile gio-launch-desktop @{exec_path} flags=(attach_disconnected) { owner @{HOME}/{,**} rw, owner /tmp/wl-copy-buffer-*/{,**} rw, - /dev/dri/card[0-9]* rw, + /dev/dri/card@{int} rw, @{run}/mount/utab r, diff --git a/apparmor.d/groups/gnome/gjs-console b/apparmor.d/groups/gnome/gjs-console index 2958a0640..a88e294af 100644 --- a/apparmor.d/groups/gnome/gjs-console +++ b/apparmor.d/groups/gnome/gjs-console @@ -84,7 +84,7 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) { /usr/share/egl/{,**} r, /usr/share/gdm/greeter-dconf-defaults r, /usr/share/gnome-shell/{,**} r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/X11/xkb/** r, /var/lib/gdm{3,}/.cache/fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} r, @@ -110,7 +110,7 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) { /dev/ r, /dev/tty rw, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/gnome/gnome-characters b/apparmor.d/groups/gnome/gnome-characters index 8d75441f9..7487e2cbf 100644 --- a/apparmor.d/groups/gnome/gnome-characters +++ b/apparmor.d/groups/gnome/gnome-characters @@ -23,7 +23,7 @@ profile gnome-characters @{exec_path} { @{bin}/gjs-console rix, /usr/share/glib-2.0/schemas/gschemas.compiled r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/libdrm/*.ids r, /usr/share/org.gnome.Characters/org.gnome.Characters.*.gresource r, /usr/share/themes/{,**} r, diff --git a/apparmor.d/groups/gnome/gnome-control-center b/apparmor.d/groups/gnome/gnome-control-center index a9480a498..b16a8145d 100644 --- a/apparmor.d/groups/gnome/gnome-control-center +++ b/apparmor.d/groups/gnome/gnome-control-center @@ -88,7 +88,7 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) { /usr/share/language-tools/language2locale rix, /usr/share/language-tools/language-options rPUx, - /snap/*/[0-9]*/**.png r, + /snap/*/@{int}/**.png r, /usr/share/backgrounds/{,**} r, /usr/share/cups/data/testprint r, /usr/share/desktop-base/**.{xml,png,svg} r, @@ -202,8 +202,8 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) { @{PROC}/zoneinfo r, /dev/ r, - /dev/media[0-9]* r, - /dev/video[0-9]* rw, + /dev/media@{int} r, + /dev/video@{int} rw, deny owner @{user_share_dirs}/gvfs-metadata/{,*} r, diff --git a/apparmor.d/groups/gnome/gnome-control-center-search-provider b/apparmor.d/groups/gnome/gnome-control-center-search-provider index 55cdd3155..c67d8b229 100644 --- a/apparmor.d/groups/gnome/gnome-control-center-search-provider +++ b/apparmor.d/groups/gnome/gnome-control-center-search-provider @@ -24,7 +24,7 @@ profile gnome-control-center-search-provider @{exec_path} { /usr/share/X11/xkb/{,**} r, - /var/cache/gio-[0-9]*.[0-9]*/gnome-mimeapps.list r, + /var/cache/gio-@{int}.@{int}/gnome-mimeapps.list r, owner @{run}/user/@{uid}/gdm/Xauthority r, diff --git a/apparmor.d/groups/gnome/gnome-extensions-app b/apparmor.d/groups/gnome/gnome-extensions-app index 2585e832e..8467bac8e 100644 --- a/apparmor.d/groups/gnome/gnome-extensions-app +++ b/apparmor.d/groups/gnome/gnome-extensions-app @@ -26,7 +26,7 @@ profile gnome-extensions-app @{exec_path} { @{bin}/gjs-console rix, /usr/share/gnome-shell/org.gnome.Extensions* r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/terminfo/x/xterm-256color r, /usr/share/X11/xkb/{,**} r, diff --git a/apparmor.d/groups/gnome/gnome-remote-desktop-daemon b/apparmor.d/groups/gnome/gnome-remote-desktop-daemon index 46cff0c0b..93f1fcd9b 100644 --- a/apparmor.d/groups/gnome/gnome-remote-desktop-daemon +++ b/apparmor.d/groups/gnome/gnome-remote-desktop-daemon @@ -26,7 +26,7 @@ profile gnome-remote-desktop-daemon @{exec_path} { owner @{run}/user/@{uid}/wayland-@{int} rw, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, + @{sys}/devices/system/node/node@{int}/meminfo r, include if exists } diff --git a/apparmor.d/groups/gnome/gnome-session-binary b/apparmor.d/groups/gnome/gnome-session-binary index aa14e53ed..260497572 100644 --- a/apparmor.d/groups/gnome/gnome-session-binary +++ b/apparmor.d/groups/gnome/gnome-session-binary @@ -209,7 +209,7 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) { /var/lib/gdm{3,}/.local/share/session_migration-* r, /var/lib/gdm{3,}/greeter-dconf-defaults r, - /var/cache/gio-[0-9]*.[0-9]*/gnome-mimeapps.list r, + /var/cache/gio-@{int}.@{int}/gnome-mimeapps.list r, /var/lib/flatpak/exports/share/applications/{,**} r, /var/lib/flatpak/exports/share/mime/mime.cache r, /var/lib/snapd/desktop/applications/{,mimeinfo.cache} r, @@ -243,7 +243,7 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) { owner @{PROC}/@{pid}/loginuid r, /dev/tty rw, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists include if exists diff --git a/apparmor.d/groups/gnome/gnome-shell b/apparmor.d/groups/gnome/gnome-shell index ee432e943..0e74c2a44 100644 --- a/apparmor.d/groups/gnome/gnome-shell +++ b/apparmor.d/groups/gnome/gnome-shell @@ -516,8 +516,8 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) { /var/lib/gdm{3,}/.cache/ w, /var/lib/gdm{3,}/.cache/event-sound-cache.tdb.@{md5}.x86_64-pc-linux-gnu rwk, /var/lib/gdm{3,}/.cache/fontconfig/{,*} rwl, - /var/lib/gdm{3,}/.cache/gstreamer-[0-9]*/ rw, - /var/lib/gdm{3,}/.cache/gstreamer-[0-9]*/registry.*.bin{,.tmp@{rand6}} rw, + /var/lib/gdm{3,}/.cache/gstreamer-@{int}/ rw, + /var/lib/gdm{3,}/.cache/gstreamer-@{int}/registry.*.bin{,.tmp@{rand6}} rw, /var/lib/gdm{3,}/.cache/libgweather/ r, /var/lib/gdm{3,}/.cache/mesa_shader_cache/ rw, /var/lib/gdm{3,}/.cache/mesa_shader_cache/@{h}@{h}/ rw, @@ -584,14 +584,14 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) { owner @{run}/user/@{uid}/wayland-@{int} rwk, owner /dev/shm/.org.chromium.Chromium.* rw, - owner /dev/shm/wayland.mozilla.ipc.[0-9]* rw, + owner /dev/shm/wayland.mozilla.ipc.@{int} rw, owner /tmp/.X[0-9]-lock rw, owner /tmp/[0-9A-Z]*.shell-extension.zip rw, owner /tmp/gdkpixbuf-xpm-tmp.[0-9A-Z]* rw, @{run}/systemd/users/@{uid} r, - @{run}/systemd/seats/seat[0-9]* r, + @{run}/systemd/seats/seat@{int} r, @{run}/systemd/sessions/ r, @{run}/systemd/sessions/* r, @{run}/systemd/inhibit/[0-9]*.ref rw, @@ -620,8 +620,8 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) { @{sys}/class/input/ r, @{sys}/class/net/ r, @{sys}/class/power_supply/ r, - @{sys}/devices/**/hwmon[0-9]*/{,name,temp*,fan*} r, - @{sys}/devices/**/hwmon[0-9]*/**/{,name,temp*,fan*} r, + @{sys}/devices/**/hwmon@{int}/{,name,temp*,fan*} r, + @{sys}/devices/**/hwmon@{int}/**/{,name,temp*,fan*} r, @{sys}/devices/**/hwmon/{,name,temp*,fan*} r, @{sys}/devices/**/hwmon/**/{,name,temp*,fan*} r, @{sys}/devices/**/power_supply/{,**} r, @@ -630,7 +630,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) { @{sys}/devices/pci[0-9]*/**/input[0-9]*/{properties,name} r, @{sys}/devices/pci[0-9]*/**/net/*/statistics/{rx_bytes,tx_bytes} r, @{sys}/devices/platform/**/input[0-9]*/{properties,name} r, - @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/scaling_cur_freq r, + @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_cur_freq r, @{sys}/devices/virtual/net/*/statistics/{rx_bytes,tx_bytes} r, @{PROC}/ r, @@ -650,9 +650,9 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) { owner @{PROC}/@{pid}/mounts r, owner @{PROC}/@{pid}/task/@{pid}/cmdline r, - /dev/input/event[0-9]* rw, - /dev/media[0-9]* rw, - /dev/tty[0-9]* rw, + /dev/input/event@{int} rw, + /dev/media@{int} rw, + /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/gnome/gnome-software b/apparmor.d/groups/gnome/gnome-software index b15d1bd6f..faa955aa8 100644 --- a/apparmor.d/groups/gnome/gnome-software +++ b/apparmor.d/groups/gnome/gnome-software @@ -59,7 +59,7 @@ profile gnome-software @{exec_path} { /var/cache/app-info/icons/**.png r, /var/cache/app-info/xmls/{,**} r, - /var/cache/gio-[0-9]*.[0-9]*/gnome-mimeapps.list r, + /var/cache/gio-@{int}.@{int}/gnome-mimeapps.list r, /var/lib/flatpak/app/{,**} r, /var/lib/flatpak/appstream/{,**} r, diff --git a/apparmor.d/groups/gnome/gnome-terminal-server b/apparmor.d/groups/gnome/gnome-terminal-server index c4141bd65..2fb872439 100644 --- a/apparmor.d/groups/gnome/gnome-terminal-server +++ b/apparmor.d/groups/gnome/gnome-terminal-server @@ -37,7 +37,7 @@ profile gnome-terminal-server @{exec_path} { @{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop rPx -> child-open, @{lib}/gio-launch-desktop rPx -> child-open, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/X11/xkb/{,**} r, /var/lib/flatpak/exports/share/icons/{,**} r, diff --git a/apparmor.d/groups/gnome/gsd-a11y-settings b/apparmor.d/groups/gnome/gsd-a11y-settings index 7c610f08b..8a1440c60 100644 --- a/apparmor.d/groups/gnome/gsd-a11y-settings +++ b/apparmor.d/groups/gnome/gsd-a11y-settings @@ -61,7 +61,7 @@ profile gsd-a11y-settings @{exec_path} flags=(attach_disconnected) { /var/lib/gdm{3,}/.config/dconf/user r, /var/lib/gdm{3,}/greeter-dconf-defaults r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/gnome/gsd-color b/apparmor.d/groups/gnome/gsd-color index e9fc3d9b6..2405ffe79 100644 --- a/apparmor.d/groups/gnome/gsd-color +++ b/apparmor.d/groups/gnome/gsd-color @@ -136,7 +136,7 @@ profile gsd-color @{exec_path} flags=(attach_disconnected) { owner @{run}/user/@{uid}/gdm/Xauthority r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/gnome/gsd-datetime b/apparmor.d/groups/gnome/gsd-datetime index bd544c678..acd19d131 100644 --- a/apparmor.d/groups/gnome/gsd-datetime +++ b/apparmor.d/groups/gnome/gsd-datetime @@ -66,7 +66,7 @@ profile gsd-datetime @{exec_path} flags=(attach_disconnected) { owner @{PROC}/@{pid}/stat r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/gnome/gsd-housekeeping b/apparmor.d/groups/gnome/gsd-housekeeping index 14c2e8731..443db04f8 100644 --- a/apparmor.d/groups/gnome/gsd-housekeeping +++ b/apparmor.d/groups/gnome/gsd-housekeeping @@ -81,7 +81,7 @@ profile gsd-housekeeping @{exec_path} flags=(attach_disconnected) { @{run}/mount/utab r, owner @{run}/user/@{uid}/gvfsd/socket-@{rand8} rw, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/gnome/gsd-keyboard b/apparmor.d/groups/gnome/gsd-keyboard index f1ccb143f..01c39f99f 100644 --- a/apparmor.d/groups/gnome/gsd-keyboard +++ b/apparmor.d/groups/gnome/gsd-keyboard @@ -110,7 +110,7 @@ profile gsd-keyboard @{exec_path} flags=(attach_disconnected) { owner @{run}/user/@{uid}/gdm/Xauthority r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/gnome/gsd-media-keys b/apparmor.d/groups/gnome/gsd-media-keys index bfad13513..4c03b968f 100644 --- a/apparmor.d/groups/gnome/gsd-media-keys +++ b/apparmor.d/groups/gnome/gsd-media-keys @@ -185,7 +185,7 @@ profile gsd-media-keys @{exec_path} flags=(attach_disconnected) { @{run}/systemd/inhibit/[0-9]*.ref rw, owner @{run}/user/@{uid}/gdm/Xauthority r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, @{run}/udev/data/+sound:card[0-9]* r, # For sound @{run}/udev/data/c13:[0-9]* r, # for /dev/input/* diff --git a/apparmor.d/groups/gnome/gsd-power b/apparmor.d/groups/gnome/gsd-power index 1b17092c7..8713ff7c0 100644 --- a/apparmor.d/groups/gnome/gsd-power +++ b/apparmor.d/groups/gnome/gsd-power @@ -199,9 +199,9 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) { @{sys}/devices/pci[0-9]*/**/backlight/**/brightness rw, @{sys}/devices/pci[0-9]*/**/backlight/**/{max_brightness,actual_brightness} r, @{sys}/devices/pci[0-9]*/**/backlight/**/{uevent,type} r, - @{sys}/devices/pci[0-9]*/**/drm/card[0-9]*/**/brightness rw, - @{sys}/devices/pci[0-9]*/**/drm/card[0-9]*/**/{max_brightness,actual_brightness} r, - @{sys}/devices/pci[0-9]*/**/drm/card[0-9]*/**/{uevent,type,enabled} r, + @{sys}/devices/pci[0-9]*/**/drm/card@{int}/**/brightness rw, + @{sys}/devices/pci[0-9]*/**/drm/card@{int}/**/{max_brightness,actual_brightness} r, + @{sys}/devices/pci[0-9]*/**/drm/card@{int}/**/{uevent,type,enabled} r, @{sys}/devices/platform/**/leds/*backlight*/uevent r, @{sys}/devices/platform/**/leds/*backlight*/max_brightness r, @@ -211,7 +211,7 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) { @{PROC}/sys/kernel/osrelease r, owner @{PROC}/@{pid}/cgroup r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/gnome/gsd-print-notifications b/apparmor.d/groups/gnome/gsd-print-notifications index c31e1eef1..32dd8d212 100644 --- a/apparmor.d/groups/gnome/gsd-print-notifications +++ b/apparmor.d/groups/gnome/gsd-print-notifications @@ -87,7 +87,7 @@ profile gsd-print-notifications @{exec_path} flags=(attach_disconnected) { owner @{PROC}/@{pid}/cgroup r, owner @{PROC}/@{pid}/fd/ r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/gnome/gsd-printer b/apparmor.d/groups/gnome/gsd-printer index b0fd5854b..64b56cdd8 100644 --- a/apparmor.d/groups/gnome/gsd-printer +++ b/apparmor.d/groups/gnome/gsd-printer @@ -56,7 +56,7 @@ profile gsd-printer @{exec_path} flags=(attach_disconnected) { owner @{PROC}/@{pid}/cgroup r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/gnome/gsd-rfkill b/apparmor.d/groups/gnome/gsd-rfkill index a44277366..f178d95cd 100644 --- a/apparmor.d/groups/gnome/gsd-rfkill +++ b/apparmor.d/groups/gnome/gsd-rfkill @@ -90,7 +90,7 @@ profile gsd-rfkill @{exec_path} flags=(attach_disconnected) { @{run}/udev/data/c10:[0-9]* r, # for non-serial mice, misc features - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, /dev/rfkill rw, diff --git a/apparmor.d/groups/gnome/gsd-screensaver-proxy b/apparmor.d/groups/gnome/gsd-screensaver-proxy index 60638f8e5..c94dc4675 100644 --- a/apparmor.d/groups/gnome/gsd-screensaver-proxy +++ b/apparmor.d/groups/gnome/gsd-screensaver-proxy @@ -56,7 +56,7 @@ profile gsd-screensaver-proxy @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/gnome/gsd-sharing b/apparmor.d/groups/gnome/gsd-sharing index 9e370f5f0..68daa16dd 100644 --- a/apparmor.d/groups/gnome/gsd-sharing +++ b/apparmor.d/groups/gnome/gsd-sharing @@ -112,7 +112,7 @@ profile gsd-sharing @{exec_path} flags=(attach_disconnected) { /var/lib/gdm{3,}/.config/dconf/user r, /var/lib/gdm{3,}/greeter-dconf-defaults r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/gnome/gsd-smartcard b/apparmor.d/groups/gnome/gsd-smartcard index 86aae0621..868626568 100644 --- a/apparmor.d/groups/gnome/gsd-smartcard +++ b/apparmor.d/groups/gnome/gsd-smartcard @@ -76,7 +76,7 @@ profile gsd-smartcard @{exec_path} flags=(attach_disconnected) { /var/tmp/ r, /tmp/ r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/gnome/gsd-sound b/apparmor.d/groups/gnome/gsd-sound index e20a34bca..69280869f 100644 --- a/apparmor.d/groups/gnome/gsd-sound +++ b/apparmor.d/groups/gnome/gsd-sound @@ -72,7 +72,7 @@ profile gsd-sound @{exec_path} flags=(attach_disconnected) { owner @{user_share_dirs}/sounds/ rw, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/gnome/gsd-wacom b/apparmor.d/groups/gnome/gsd-wacom index b79265496..8049df0b7 100644 --- a/apparmor.d/groups/gnome/gsd-wacom +++ b/apparmor.d/groups/gnome/gsd-wacom @@ -112,7 +112,7 @@ profile gsd-wacom @{exec_path} flags=(attach_disconnected) { /var/lib/gdm{3,}/.config/dconf/user r, /var/lib/gdm{3,}/greeter-dconf-defaults r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/gnome/gsd-xsettings b/apparmor.d/groups/gnome/gsd-xsettings index 64288cf3c..76db087c0 100644 --- a/apparmor.d/groups/gnome/gsd-xsettings +++ b/apparmor.d/groups/gnome/gsd-xsettings @@ -149,7 +149,7 @@ profile gsd-xsettings @{exec_path} { owner @{PROC}/@{pid}/fd/ r, /dev/tty rw, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, profile run-parts { include diff --git a/apparmor.d/groups/gnome/nautilus b/apparmor.d/groups/gnome/nautilus index 99fdee5ba..5eab496a6 100644 --- a/apparmor.d/groups/gnome/nautilus +++ b/apparmor.d/groups/gnome/nautilus @@ -50,7 +50,7 @@ profile nautilus @{exec_path} flags=(attach_disconnected) { @{lib}/gio-launch-desktop rPx -> child-open, /usr/share/*ubuntu/applications/{,**} r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/libdrm/*.ids r, /usr/share/nautilus/{,**} r, /usr/share/poppler/{,**} r, @@ -85,12 +85,12 @@ profile nautilus @{exec_path} flags=(attach_disconnected) { @{run}/mount/utab r, - @{sys}/devices/**/hwmon[0-9]*/{,name,temp*,fan*} r, - @{sys}/devices/**/hwmon[0-9]*/**/{,name,temp*,fan*} r, + @{sys}/devices/**/hwmon@{int}/{,name,temp*,fan*} r, + @{sys}/devices/**/hwmon@{int}/**/{,name,temp*,fan*} r, @{sys}/devices/**/hwmon/{,name,temp*,fan*} r, @{sys}/devices/**/hwmon/**/{,name,temp*,fan*} r, @{sys}/devices/pci[0-9]*/**/revision r, - @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/scaling_cur_freq r, + @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_cur_freq r, @{PROC}/@{pids}/net/wireless r, @{PROC}/sys/dev/i915/perf_stream_paranoid r, @@ -98,7 +98,7 @@ profile nautilus @{exec_path} flags=(attach_disconnected) { owner @{PROC}/@{pid}/mountinfo r, /dev/tty rw, - /dev/dri/card[0-9]* rw, + /dev/dri/card@{int} rw, include if exists } diff --git a/apparmor.d/groups/gnome/tracker-extract b/apparmor.d/groups/gnome/tracker-extract index d79baf9f2..f30b1e3fb 100644 --- a/apparmor.d/groups/gnome/tracker-extract +++ b/apparmor.d/groups/gnome/tracker-extract @@ -119,13 +119,13 @@ profile tracker-extract @{exec_path} flags=(attach_disconnected) { owner @{PROC}/@{pid}/mountinfo r, owner @{PROC}/@{pid}/task/@{tid}/comm rw, - /dev/dri/card[0-9]* rw, + /dev/dri/card@{int} rw, /dev/dri/renderD128 rw, - /dev/media[0-9]* r, - /dev/video[0-9]* rw, + /dev/media@{int} r, + /dev/video@{int} rw, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/gnome/tracker-miner b/apparmor.d/groups/gnome/tracker-miner index ece36469d..7b216d017 100644 --- a/apparmor.d/groups/gnome/tracker-miner +++ b/apparmor.d/groups/gnome/tracker-miner @@ -110,7 +110,7 @@ profile tracker-miner @{exec_path} flags=(attach_disconnected) { owner @{PROC}/@{pid}/mounts r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/gpg/gpg-agent b/apparmor.d/groups/gpg/gpg-agent index b53735e8e..1cd3091c8 100644 --- a/apparmor.d/groups/gpg/gpg-agent +++ b/apparmor.d/groups/gpg/gpg-agent @@ -87,7 +87,7 @@ profile gpg-agent @{exec_path} { deny @{bin}/.gnupg/ w, # file inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/grub/grub-mkrelpath b/apparmor.d/groups/grub/grub-mkrelpath index a8f477fb2..f6b9682f7 100644 --- a/apparmor.d/groups/grub/grub-mkrelpath +++ b/apparmor.d/groups/grub/grub-mkrelpath @@ -23,8 +23,8 @@ profile grub-mkrelpath @{exec_path} { /boot/grub/themes/{,**} r, - /tmp/grub-btrfs.*/@snapshots/[0-9]*/snapshot/boot/ r, - /tmp/grub-btrfs.*/@/.snapshots/[0-9]*/snapshot/boot/ r, + /tmp/grub-btrfs.*/@snapshots/@{int}/snapshot/boot/ r, + /tmp/grub-btrfs.*/@/.snapshots/@{int}/snapshot/boot/ r, /tmp/grub-btrfs.*/@_backup_[0-9]*/boot/ r, /tmp/grub-btrfs.*/ r, diff --git a/apparmor.d/groups/grub/grub-probe b/apparmor.d/groups/grub/grub-probe index df234d1f6..6e160f1ff 100644 --- a/apparmor.d/groups/grub/grub-probe +++ b/apparmor.d/groups/grub/grub-probe @@ -34,7 +34,7 @@ profile grub-probe @{exec_path} { /dev/*vg*/ r, /dev/bsg/ r, /dev/cpu/ r, - /dev/cpu/[0-9]*/ r, + /dev/cpu/@{int}/ r, /dev/dri/ r, /dev/dri/by-path/ r, /dev/hugepages/ r, diff --git a/apparmor.d/groups/grub/update-grub b/apparmor.d/groups/grub/update-grub index 9d03e2620..c3db281be 100644 --- a/apparmor.d/groups/grub/update-grub +++ b/apparmor.d/groups/grub/update-grub @@ -15,7 +15,7 @@ profile update-grub @{exec_path} { @{bin}/{,ba,da}sh rix, @{bin}/grub-mkconfig rPx, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor b/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor index 6305a5b4b..5f22ae844 100644 --- a/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor @@ -88,12 +88,12 @@ profile gvfs-udisks2-volume-monitor @{exec_path} flags=(attach_disconnected) { @{PROC}/locks r, owner @{PROC}/@{pid}/cgroup r, owner @{PROC}/@{pid}/fd/ r, - owner @{PROC}/@{pid}/fdinfo/[0-9]* r, + owner @{PROC}/@{pid}/fdinfo/@{int} r, owner @{PROC}/@{pid}/mountinfo r, owner @{PROC}/@{pid}/mounts r, - /dev/dri/card[0-9]* r, - /dev/input/event[0-9]* r, + /dev/dri/card@{int} r, + /dev/input/event@{int} r, include if exists } diff --git a/apparmor.d/groups/kde/baloo b/apparmor.d/groups/kde/baloo index 284a26bf4..b5ee52cb9 100644 --- a/apparmor.d/groups/kde/baloo +++ b/apparmor.d/groups/kde/baloo @@ -25,7 +25,7 @@ profile baloo @{exec_path} { @{lib}/baloo_file_extractor rix, /usr/share/hwdata/pnp.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/poppler/{,**} r, /etc/fstab r, diff --git a/apparmor.d/groups/kde/drkonqi b/apparmor.d/groups/kde/drkonqi index 6cb02196a..d5cd6e196 100644 --- a/apparmor.d/groups/kde/drkonqi +++ b/apparmor.d/groups/kde/drkonqi @@ -20,7 +20,7 @@ profile drkonqi @{exec_path} { @{exec_path} mr, /usr/share/drkonqi/{,**} r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, @{run}/user/@{uid}/xauth_@{rand6} rl, diff --git a/apparmor.d/groups/kde/gmenudbusmenuproxy b/apparmor.d/groups/kde/gmenudbusmenuproxy index 659642fb2..ba0df0b6e 100644 --- a/apparmor.d/groups/kde/gmenudbusmenuproxy +++ b/apparmor.d/groups/kde/gmenudbusmenuproxy @@ -18,7 +18,7 @@ profile gmenudbusmenuproxy @{exec_path} { @{exec_path} mr, /usr/share/hwdata/*.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /etc/machine-id r, diff --git a/apparmor.d/groups/kde/kaccess b/apparmor.d/groups/kde/kaccess index 2a48abeca..88546bc43 100644 --- a/apparmor.d/groups/kde/kaccess +++ b/apparmor.d/groups/kde/kaccess @@ -21,7 +21,7 @@ profile kaccess @{exec_path} { /usr/share/hwdata/pnp.ids r, /usr/share/icons/{,**} r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/mime/{,**} r, /etc/xdg/kdeglobals r, diff --git a/apparmor.d/groups/kde/kactivitymanagerd b/apparmor.d/groups/kde/kactivitymanagerd index bf037b1bb..4a598e85c 100644 --- a/apparmor.d/groups/kde/kactivitymanagerd +++ b/apparmor.d/groups/kde/kactivitymanagerd @@ -17,7 +17,7 @@ profile kactivitymanagerd @{exec_path} { @{exec_path} mr, /usr/share/hwdata/*.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /etc/xdg/kdeglobals r, /etc/machine-id r, diff --git a/apparmor.d/groups/kde/kalendarac b/apparmor.d/groups/kde/kalendarac index 4801e75bf..247b745f7 100644 --- a/apparmor.d/groups/kde/kalendarac +++ b/apparmor.d/groups/kde/kalendarac @@ -25,7 +25,7 @@ profile kalendarac @{exec_path} { /usr/share/akonadi/firstrun/{,*} r, /usr/share/akonadi/plugins/serializer/{,*.desktop} r, /usr/share/hwdata/*.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /etc/machine-id r, /etc/xdg/kdeglobals r, diff --git a/apparmor.d/groups/kde/kauth-backlighthelper b/apparmor.d/groups/kde/kauth-backlighthelper index 1ee4df22e..79aac9c4f 100644 --- a/apparmor.d/groups/kde/kauth-backlighthelper +++ b/apparmor.d/groups/kde/kauth-backlighthelper @@ -16,7 +16,7 @@ profile kauth-backlighthelper @{exec_path} { @{exec_path} mr, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, @{sys}/class/backlight/ r, @{sys}/class/leds/ r, diff --git a/apparmor.d/groups/kde/kauth-chargethresholdhelper b/apparmor.d/groups/kde/kauth-chargethresholdhelper index 3f90323bc..8e44d44f0 100644 --- a/apparmor.d/groups/kde/kauth-chargethresholdhelper +++ b/apparmor.d/groups/kde/kauth-chargethresholdhelper @@ -13,7 +13,7 @@ profile kauth-chargethresholdhelper @{exec_path} { @{exec_path} mr, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, @{sys}/class/power_supply/ r, diff --git a/apparmor.d/groups/kde/kauth-discretegpuhelper b/apparmor.d/groups/kde/kauth-discretegpuhelper index 5999f9957..34922e6f3 100644 --- a/apparmor.d/groups/kde/kauth-discretegpuhelper +++ b/apparmor.d/groups/kde/kauth-discretegpuhelper @@ -13,7 +13,7 @@ profile kauth-discretegpuhelper @{exec_path} { @{exec_path} mr, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, include if exists } \ No newline at end of file diff --git a/apparmor.d/groups/kde/kauth-fontinst b/apparmor.d/groups/kde/kauth-fontinst index bc0fb1d0f..82840b4f6 100644 --- a/apparmor.d/groups/kde/kauth-fontinst +++ b/apparmor.d/groups/kde/kauth-fontinst @@ -13,7 +13,7 @@ profile kauth-fontinst @{exec_path} { @{exec_path} mr, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, include if exists } \ No newline at end of file diff --git a/apparmor.d/groups/kde/kauth-kded-smart-helper b/apparmor.d/groups/kde/kauth-kded-smart-helper index 360c2b7d6..8ac550b2c 100644 --- a/apparmor.d/groups/kde/kauth-kded-smart-helper +++ b/apparmor.d/groups/kde/kauth-kded-smart-helper @@ -15,7 +15,7 @@ profile kauth-kded-smart-helper @{exec_path} { @{bin}/smartctl rPx, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, include if exists } \ No newline at end of file diff --git a/apparmor.d/groups/kde/kcminit b/apparmor.d/groups/kde/kcminit index 0a49483ed..4a44ec249 100644 --- a/apparmor.d/groups/kde/kcminit +++ b/apparmor.d/groups/kde/kcminit @@ -18,7 +18,7 @@ profile kcminit @{exec_path} { @{bin}/xrdb rPx, @{bin}/xsetroot rPx, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/hwdata/pnp.ids r, /etc/machine-id r, diff --git a/apparmor.d/groups/kde/kconf_update b/apparmor.d/groups/kde/kconf_update index 70d8a94fa..7ffde8d10 100644 --- a/apparmor.d/groups/kde/kconf_update +++ b/apparmor.d/groups/kde/kconf_update @@ -29,7 +29,7 @@ profile kconf_update @{exec_path} { /usr/share/kconf_update/konsole_add_hamburgermenu_to_toolbar.sh rix, /usr/share/kconf_update/{,**} r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /etc/machine-id r, /etc/xdg/kdeglobals r, @@ -49,13 +49,13 @@ profile kconf_update @{exec_path} { owner @{user_config_dirs}/kmixrc r, owner @{user_config_dirs}/kscreenlockerrc r, owner @{user_config_dirs}/ksmserverrc r, - owner @{user_config_dirs}/kwinrc.?????? rwl -> @{user_config_dirs}/#[0-9]*, + owner @{user_config_dirs}/kwinrc.@{rand6} rwl -> @{user_config_dirs}/#@{int}, owner @{user_config_dirs}/kwinrc.lock rwk, owner @{user_config_dirs}/kwinrulesrc rw, - owner @{user_config_dirs}/kwinrulesrc.?????? rwl -> @{user_config_dirs}/#[0-9]*, + owner @{user_config_dirs}/kwinrulesrc.@{rand6} rwl -> @{user_config_dirs}/#@{int}, owner @{user_config_dirs}/kwinrulesrc.lock rwk, owner @{user_config_dirs}/kxkbrc rw, - owner @{user_config_dirs}/kxkbrc.?????? rwl -> @{user_config_dirs}/#[0-9]*, + owner @{user_config_dirs}/kxkbrc.@{rand6} rwl -> @{user_config_dirs}/#@{int}, owner @{user_config_dirs}/kxkbrc.lock rwk, owner @{user_config_dirs}/plasmashellrc r, diff --git a/apparmor.d/groups/kde/kde-powerdevil b/apparmor.d/groups/kde/kde-powerdevil index d3533f5d2..d8c5e2446 100644 --- a/apparmor.d/groups/kde/kde-powerdevil +++ b/apparmor.d/groups/kde/kde-powerdevil @@ -21,7 +21,7 @@ profile kde-powerdevil @{exec_path} flags=(attach_disconnected mediate_deleted) @{lib}/drkonqi rPx, /usr/share/hwdata/*.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /etc/fstab r, /etc/xdg/kdeglobals r, @@ -32,11 +32,11 @@ profile kde-powerdevil @{exec_path} flags=(attach_disconnected mediate_deleted) owner @{user_config_dirs}/#@{int} rw, owner @{user_config_dirs}/kdedefaults/kdeglobals r, owner @{user_config_dirs}/kdeglobals r, - owner @{user_config_dirs}/powerdevilrc rwl -> @{user_config_dirs}/#[0-9]*, + owner @{user_config_dirs}/powerdevilrc rwl -> @{user_config_dirs}/#@{int}, owner @{user_config_dirs}/powerdevilrc rwl, owner @{user_config_dirs}/powerdevilrc.lock rwk, owner @{user_config_dirs}/powermanagementprofilesrc r, - owner @{user_config_dirs}/powermanagementprofilesrc rwl -> @{user_config_dirs}/#[0-9]*, + owner @{user_config_dirs}/powermanagementprofilesrc rwl -> @{user_config_dirs}/#@{int}, owner @{user_config_dirs}/powermanagementprofilesrc.lock rwk, @{run}/systemd/inhibit/*.ref rw, @@ -49,7 +49,7 @@ profile kde-powerdevil @{exec_path} flags=(attach_disconnected mediate_deleted) @{sys}/class/ r, @{sys}/class/drm/ r, @{sys}/bus/ r, - @{sys}/devices/pci[0-9]*/[0-9]*/drm/card[0-9]*/*/status r, + @{sys}/devices/pci[0-9]*/@{int}/drm/card@{int}/*/status r, /dev/tty rw, /dev/rfkill r, diff --git a/apparmor.d/groups/kde/kded5 b/apparmor.d/groups/kde/kded5 index 10f43628c..fd7782864 100644 --- a/apparmor.d/groups/kde/kded5 +++ b/apparmor.d/groups/kde/kded5 @@ -48,7 +48,7 @@ profile kded5 @{exec_path} { @{lib}/utempter/utempter rPx, /usr/share/hwdata/*.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/kconf_update/ r, /usr/share/kded5/{,**} r, /usr/share/kf5/kcookiejar/* r, @@ -101,7 +101,7 @@ profile kded5 @{exec_path} { owner @{user_share_dirs}/icc/{,edid-*} r, owner @{user_share_dirs}/kcookiejar/#*[0-9] rw, owner @{user_share_dirs}/kcookiejar/cookies rw, - owner @{user_share_dirs}/kcookiejar/cookies.?????? rwlk, + owner @{user_share_dirs}/kcookiejar/cookies.@{rand6} rwlk, owner @{user_share_dirs}/kded5/{,**} rw, owner @{user_share_dirs}/kscreen/{,**} rwl, owner @{user_share_dirs}/ktp/cache.db rwk, @@ -116,7 +116,7 @@ profile kded5 @{exec_path} { @{PROC}/@{pids}/cmdline/ r, @{PROC}/@{pids}/fd/ r, - @{PROC}/@{pids}/fd/info/[0-9]* r, + @{PROC}/@{pids}/fd/info/@{int} r, @{PROC}/sys/fs/inotify/max_user_{instances,watches} r, @{PROC}/sys/kernel/core_pattern r, @{PROC}/sys/kernel/random/boot_id r, @@ -135,7 +135,7 @@ profile kded5 @{exec_path} { @{bin}/pgrep mr, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, + @{sys}/devices/system/node/node@{int}/meminfo r, @{PROC}/ r, @{PROC}/@{pids}/cgroup r, diff --git a/apparmor.d/groups/kde/kglobalaccel5 b/apparmor.d/groups/kde/kglobalaccel5 index 323d252da..1c3cd27c6 100644 --- a/apparmor.d/groups/kde/kglobalaccel5 +++ b/apparmor.d/groups/kde/kglobalaccel5 @@ -16,7 +16,7 @@ profile kglobalaccel5 @{exec_path} { @{exec_path} mr, /usr/share/hwdata/*.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/kglobalaccel/{,**} r, /usr/share/mime/{,**} r, diff --git a/apparmor.d/groups/kde/kio_http_cache_cleaner b/apparmor.d/groups/kde/kio_http_cache_cleaner index 20e24fa86..588ff09a0 100644 --- a/apparmor.d/groups/kde/kio_http_cache_cleaner +++ b/apparmor.d/groups/kde/kio_http_cache_cleaner @@ -12,7 +12,7 @@ profile kio_http_cache_cleaner @{exec_path} { @{exec_path} mr, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/qt{5,}/translations/*.qm r, owner @{user_cache_dirs}/kio_http/* rw, diff --git a/apparmor.d/groups/kde/kioslave5 b/apparmor.d/groups/kde/kioslave5 index 557b4c2dc..3642bb247 100644 --- a/apparmor.d/groups/kde/kioslave5 +++ b/apparmor.d/groups/kde/kioslave5 @@ -36,7 +36,7 @@ profile kioslave5 @{exec_path} { @{lib}/kf5/kio_http_cache_cleaner rPx, /usr/share/hwdata/*.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/kservices5/{,**} r, /usr/share/kservicetypes5/*.desktop r, diff --git a/apparmor.d/groups/kde/kreadconfig b/apparmor.d/groups/kde/kreadconfig index 2122dad64..37b0c6624 100644 --- a/apparmor.d/groups/kde/kreadconfig +++ b/apparmor.d/groups/kde/kreadconfig @@ -14,7 +14,7 @@ profile kreadconfig @{exec_path} { @{exec_path} mr, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /etc/xdg/kdeglobals r, /etc/xdg/kioslaverc r, diff --git a/apparmor.d/groups/kde/kscreen_backend_launcher b/apparmor.d/groups/kde/kscreen_backend_launcher index 6619ee913..55ed9eeb9 100644 --- a/apparmor.d/groups/kde/kscreen_backend_launcher +++ b/apparmor.d/groups/kde/kscreen_backend_launcher @@ -15,7 +15,7 @@ profile kscreen_backend_launcher @{exec_path} { @{exec_path} mr, /usr/share/hwdata/*.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /dev/tty r, diff --git a/apparmor.d/groups/kde/kscreenlocker-greet b/apparmor.d/groups/kde/kscreenlocker-greet index 219073942..5422d98fe 100644 --- a/apparmor.d/groups/kde/kscreenlocker-greet +++ b/apparmor.d/groups/kde/kscreenlocker-greet @@ -37,7 +37,7 @@ profile kscreenlocker-greet @{exec_path} { @{lib}/@{multiarch}/libexec/kcheckpass rPx, /usr/share/hwdata/pnp.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/plasma/** r, /usr/share/qt/translations/*.qm r, /usr/share/qt5ct/** r, @@ -93,7 +93,7 @@ profile kscreenlocker-greet @{exec_path} { @{run}/faillock/[a-zA-z0-9]* rwk, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, + @{sys}/devices/system/node/node@{int}/meminfo r, @{PROC}/@{pid}/cmdline r, @{PROC}/@{pid}/loginuid r, diff --git a/apparmor.d/groups/kde/ksmserver b/apparmor.d/groups/kde/ksmserver index dc3e45174..0e0b88096 100644 --- a/apparmor.d/groups/kde/ksmserver +++ b/apparmor.d/groups/kde/ksmserver @@ -32,7 +32,7 @@ profile ksmserver @{exec_path} flags=(attach_disconnected,mediate_deleted) { /usr/share/color-schemes/{,**} r, /usr/share/hwdata/pnp.ids r, /usr/share/icons/{,**} r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/knotifications5/*.notifyrc r, /usr/share/kservices5/{,**} r, /usr/share/mime/{,**} r, diff --git a/apparmor.d/groups/kde/kwalletd5 b/apparmor.d/groups/kde/kwalletd5 index f91fec795..aa156671b 100644 --- a/apparmor.d/groups/kde/kwalletd5 +++ b/apparmor.d/groups/kde/kwalletd5 @@ -33,7 +33,7 @@ profile kwalletd5 @{exec_path} { /usr/share/color-schemes/{,**} r, /usr/share/hwdata/pnp.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/qt/translations/*.qm r, /usr/share/qt5/qtlogging.ini r, /usr/share/qt5ct/** r, diff --git a/apparmor.d/groups/kde/kwin_x11 b/apparmor.d/groups/kde/kwin_x11 index f5664c40f..34c2a4fcb 100644 --- a/apparmor.d/groups/kde/kwin_x11 +++ b/apparmor.d/groups/kde/kwin_x11 @@ -32,7 +32,7 @@ profile kwin_x11 @{exec_path} { @{lib}/drkonqi rPx, /usr/share/hwdata/pnp.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/kwin/{,**} r, /usr/share/plasma/desktoptheme/{,**} r, /usr/share/X11/xkb/{,**} r, @@ -75,7 +75,7 @@ profile kwin_x11 @{exec_path} { owner @{run}/user/@{uid}/xauth_@{rand6} rl, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, + @{sys}/devices/system/node/node@{int}/meminfo r, @{PROC}/sys/kernel/core_pattern r, diff --git a/apparmor.d/groups/kde/plasma-discover b/apparmor.d/groups/kde/plasma-discover index 725ca1777..df373319e 100644 --- a/apparmor.d/groups/kde/plasma-discover +++ b/apparmor.d/groups/kde/plasma-discover @@ -80,8 +80,8 @@ profile plasma-discover @{exec_path} { owner @{user_share_dirs}/knewstuff3/ r, owner @{user_share_dirs}/knewstuff3/ w, - owner @{run}/user/@{uid}/#[0-9]* rw, - owner @{run}/user/@{uid}/discover??????.* rwl -> @{run}/user/@{uid}/#[0-9]*, + owner @{run}/user/@{uid}/#@{int} rw, + owner @{run}/user/@{uid}/discover@{rand6}.* rwl -> @{run}/user/@{uid}/#@{int}, @{PROC}/sys/kernel/core_pattern r, @{PROC}/sys/kernel/random/boot_id r, diff --git a/apparmor.d/groups/kde/plasmashell b/apparmor.d/groups/kde/plasmashell index 09ba4eb41..5537ca65f 100644 --- a/apparmor.d/groups/kde/plasmashell +++ b/apparmor.d/groups/kde/plasmashell @@ -53,7 +53,7 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) { /usr/share/akonadi/plugins/serializer/{,*.desktop} r, /usr/share/desktop-directories/kf5-*.directory r, /usr/share/hwdata/*.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/knotifications5/*.notifyrc r, /usr/share/konsole/ r, /usr/share/krunner/{,**} r, @@ -111,7 +111,7 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) { owner @{user_config_dirs}/eventviewsrc r, owner @{user_config_dirs}/kactivitymanagerd-statsrc r, owner @{user_config_dirs}/{KDE,kde.org}/ rw, - owner @{user_config_dirs}/{KDE,kde.org}/** rwkl -> @{user_config_dirs}/{KDE,kde.org}/#[0-9]*, + owner @{user_config_dirs}/{KDE,kde.org}/** rwkl -> @{user_config_dirs}/{KDE,kde.org}/#@{int}, owner @{user_config_dirs}/kdedefaults/kdeglobals r, owner @{user_config_dirs}/kdedefaults/kwinrc r, owner @{user_config_dirs}/kdedefaults/plasmarc r, @@ -156,7 +156,7 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) { @{sys}/class/ r, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, + @{sys}/devices/system/node/node@{int}/meminfo r, @{PROC}/ r, @{PROC}/sys/kernel/core_pattern r, diff --git a/apparmor.d/groups/kde/sddm b/apparmor.d/groups/kde/sddm index 7429b2fb9..6904bdaec 100644 --- a/apparmor.d/groups/kde/sddm +++ b/apparmor.d/groups/kde/sddm @@ -79,7 +79,7 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) { /usr/share/sddm/scripts/Xstop rix, /usr/share/desktop-base/softwaves-theme/login/*.svg r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/plasma/desktoptheme/** r, /usr/share/sddm/faces/.*.icon r, /usr/share/sddm/themes/** r, @@ -146,7 +146,7 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) { owner @{PROC}/@{pid}/uid_map r, owner @{PROC}/1/limits r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, /dev/tty rw, profile xauth { diff --git a/apparmor.d/groups/kde/sddm-greeter b/apparmor.d/groups/kde/sddm-greeter index f0422f50e..f6e3169f7 100644 --- a/apparmor.d/groups/kde/sddm-greeter +++ b/apparmor.d/groups/kde/sddm-greeter @@ -29,7 +29,7 @@ profile sddm-greeter @{exec_path} { /usr/share/desktop-base/softwaves-theme/login/*.svg r, /usr/share/hwdata/pnp.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/plasma/desktoptheme/** r, /usr/share/qt5ct/** r, /usr/share/sddm/{,**} r, diff --git a/apparmor.d/groups/kde/startplasma b/apparmor.d/groups/kde/startplasma index cbdf2d682..0b86cf239 100644 --- a/apparmor.d/groups/kde/startplasma +++ b/apparmor.d/groups/kde/startplasma @@ -22,7 +22,7 @@ profile startplasma @{exec_path} { /usr/share/color-schemes/{,**} r, /usr/share/desktop-directories/{,**} r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, /usr/share/knotifications5/{,**} r, /usr/share/kservices5/{,**} r, /usr/share/kservicetypes5/{,**} r, diff --git a/apparmor.d/groups/kde/xdm-xsession b/apparmor.d/groups/kde/xdm-xsession index 37d04784f..3c3c4d94c 100644 --- a/apparmor.d/groups/kde/xdm-xsession +++ b/apparmor.d/groups/kde/xdm-xsession @@ -91,7 +91,7 @@ profile xdm-xsession @{exec_path} { owner @{PROC}/@{pid}/fd/ r, /dev/tty rw, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile dbus { include diff --git a/apparmor.d/groups/kde/xembedsniproxy b/apparmor.d/groups/kde/xembedsniproxy index 3254991b4..69395c6ec 100644 --- a/apparmor.d/groups/kde/xembedsniproxy +++ b/apparmor.d/groups/kde/xembedsniproxy @@ -16,7 +16,7 @@ profile xembedsniproxy @{exec_path} { @{exec_path} mr, /usr/share/hwdata/*.ids r, - /usr/share/icu/[0-9]*.[0-9]*/*.dat r, + /usr/share/icu/@{int}.@{int}/*.dat r, owner /tmp/xauth_@{rand6} r, diff --git a/apparmor.d/groups/pacman/pacman b/apparmor.d/groups/pacman/pacman index c29ec7b7c..df7209e40 100644 --- a/apparmor.d/groups/pacman/pacman +++ b/apparmor.d/groups/pacman/pacman @@ -157,8 +157,8 @@ profile pacman @{exec_path} { @{run}/utmp rk, - /dev/tty[0-9]* rw, - owner /dev/pts/[0-9]* rw, + /dev/tty@{int} rw, + owner /dev/pts/@{int} rw, # Silencer, deny /tmp/ r, @@ -184,8 +184,8 @@ profile pacman @{exec_path} { deny @{user_share_dirs}/sddm/* rw, - /dev/tty[0-9]* rw, - owner /dev/pts/[0-9]* rw, + /dev/tty@{int} rw, + owner /dev/pts/@{int} rw, deny network inet stream, deny network inet6 stream, diff --git a/apparmor.d/groups/pacman/pacman-conf b/apparmor.d/groups/pacman/pacman-conf index 66525583c..942797901 100644 --- a/apparmor.d/groups/pacman/pacman-conf +++ b/apparmor.d/groups/pacman/pacman-conf @@ -17,7 +17,7 @@ profile pacman-conf @{exec_path} flags=(attach_disconnected) { /etc/pacman.d/mirrorlist r, /etc/pacman.d/*-mirrorlist r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, # Inherit Silencer deny network inet6 stream, diff --git a/apparmor.d/groups/pacman/pacman-hook-depmod b/apparmor.d/groups/pacman/pacman-hook-depmod index 88dd23e9f..81ab5f62a 100644 --- a/apparmor.d/groups/pacman/pacman-hook-depmod +++ b/apparmor.d/groups/pacman/pacman-hook-depmod @@ -24,8 +24,8 @@ profile pacman-hook-depmod @{exec_path} { /usr/lib/modules/*/{,**} rw, /dev/tty rw, - /dev/tty[0-9]* rw, - owner /dev/pts/[0-9]* rw, + /dev/tty@{int} rw, + owner /dev/pts/@{int} rw, # Inherit Silencer deny network inet6 stream, diff --git a/apparmor.d/groups/pacman/pacman-hook-gtk b/apparmor.d/groups/pacman/pacman-hook-gtk index 9d7eeeec0..78d4663e3 100644 --- a/apparmor.d/groups/pacman/pacman-hook-gtk +++ b/apparmor.d/groups/pacman/pacman-hook-gtk @@ -24,8 +24,8 @@ profile pacman-hook-gtk @{exec_path} { /usr/share/icons/{,**} rw, /dev/tty rw, - /dev/tty[0-9]* rw, - owner /dev/pts/[0-9]* rw, + /dev/tty@{int} rw, + owner /dev/pts/@{int} rw, # Inherit Silencer deny network inet6 stream, diff --git a/apparmor.d/groups/pacman/pacman-hook-perl b/apparmor.d/groups/pacman/pacman-hook-perl index 22030588d..a1663cc24 100644 --- a/apparmor.d/groups/pacman/pacman-hook-perl +++ b/apparmor.d/groups/pacman/pacman-hook-perl @@ -24,8 +24,8 @@ profile pacman-hook-perl @{exec_path} { @{lib}/perl[0-9]*/{,**} r, /dev/tty rw, - /dev/tty[0-9]* rw, - owner /dev/pts/[0-9]* rw, + /dev/tty@{int} rw, + owner /dev/pts/@{int} rw, # Inherit silencer deny network inet6 stream, diff --git a/apparmor.d/groups/pacman/pacman-hook-systemd b/apparmor.d/groups/pacman/pacman-hook-systemd index 3b56bdf05..62be61289 100644 --- a/apparmor.d/groups/pacman/pacman-hook-systemd +++ b/apparmor.d/groups/pacman/pacman-hook-systemd @@ -31,8 +31,8 @@ profile pacman-hook-systemd @{exec_path} { /usr/ rw, /dev/tty rw, - /dev/tty[0-9]* rw, - owner /dev/pts/[0-9]* rw, + /dev/tty@{int} rw, + owner /dev/pts/@{int} rw, # Inherit silencer deny network inet6 stream, diff --git a/apparmor.d/groups/pacman/reflector b/apparmor.d/groups/pacman/reflector index 5e658e31d..8f6f2da23 100644 --- a/apparmor.d/groups/pacman/reflector +++ b/apparmor.d/groups/pacman/reflector @@ -37,8 +37,8 @@ profile reflector @{exec_path} flags=(attach_disconnected) { @{PROC}/cmdline r, @{PROC}/sys/kernel/osrelease r, - /dev/tty[0-9]* rw, - owner /dev/pts/[0-9]* rw, + /dev/tty@{int} rw, + owner /dev/pts/@{int} rw, include if exists } diff --git a/apparmor.d/groups/ssh/ssh-agent b/apparmor.d/groups/ssh/ssh-agent index 8fc043eea..dc48cebb1 100644 --- a/apparmor.d/groups/ssh/ssh-agent +++ b/apparmor.d/groups/ssh/ssh-agent @@ -39,7 +39,7 @@ profile ssh-agent @{exec_path} { @{run}/user/@{uid}/keyring/.ssh rw, @{run}/user/@{uid}/ssh-agent.[0-9A-Z]* w, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/ssh/ssh-keygen b/apparmor.d/groups/ssh/ssh-keygen index b314d158a..5320885cc 100644 --- a/apparmor.d/groups/ssh/ssh-keygen +++ b/apparmor.d/groups/ssh/ssh-keygen @@ -22,7 +22,7 @@ profile ssh-keygen @{exec_path} { owner @{HOME}/@{XDG_SSH_DIR}/ w, owner @{HOME}/@{XDG_SSH_DIR}/*_*{,.pub} rw, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, /dev/ttyS[0-9]* rw, include if exists diff --git a/apparmor.d/groups/ssh/sshd b/apparmor.d/groups/ssh/sshd index 29d7fc61b..e9809d1c7 100644 --- a/apparmor.d/groups/ssh/sshd +++ b/apparmor.d/groups/ssh/sshd @@ -98,7 +98,7 @@ profile sshd @{exec_path} flags=(attach_disconnected) { @{run}/systemd/sessions/*.ref rw, owner @{run}/sshd{,.init}.pid wl, - @{sys}/fs/cgroup/*/user/*/[0-9]*/ rw, + @{sys}/fs/cgroup/*/user/*/@{int}/ rw, @{sys}/fs/cgroup/systemd/user.slice/user-@{uid}.slice/session-*.scope/ rw, @{PROC}/@{pids}/fd/ r, @@ -113,7 +113,7 @@ profile sshd @{exec_path} flags=(attach_disconnected) { owner @{PROC}/@{pid}/uid_map r, /dev/ptmx rw, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, /dev/ttyS[0-9]* rw, include if exists diff --git a/apparmor.d/groups/systemd/coredumpctl b/apparmor.d/groups/systemd/coredumpctl index 0b3f37637..409e170e3 100644 --- a/apparmor.d/groups/systemd/coredumpctl +++ b/apparmor.d/groups/systemd/coredumpctl @@ -27,7 +27,7 @@ profile coredumpctl @{exec_path} flags=(complain) { /var/lib/dbus/machine-id r, /etc/machine-id r, - /var/lib/systemd/coredump/core.*.[0-9]*.@{hex}.[0-9]*.[0-9]*.zst r, + /var/lib/systemd/coredump/core.*.@{int}.@{hex}.@{int}.@{int}.zst r, /{run,var}/log/journal/ r, /{run,var}/log/journal/@{md5}/ r, diff --git a/apparmor.d/groups/systemd/networkctl b/apparmor.d/groups/systemd/networkctl index 0e5e3629b..afdd1ded9 100644 --- a/apparmor.d/groups/systemd/networkctl +++ b/apparmor.d/groups/systemd/networkctl @@ -47,7 +47,7 @@ profile networkctl @{exec_path} flags=(attach_disconnected) { /{run,var}/log/journal/@{md5}/system.journal* r, /{run,var}/log/journal/@{md5}/system@@{hex}.journal* r, - @{run}/systemd/netif/links/[0-9]* r, + @{run}/systemd/netif/links/@{int} r, @{run}/systemd/netif/state r, @{run}/systemd/notify w, diff --git a/apparmor.d/groups/systemd/systemd-backlight b/apparmor.d/groups/systemd/systemd-backlight index 22cbf0615..572b5d5c1 100644 --- a/apparmor.d/groups/systemd/systemd-backlight +++ b/apparmor.d/groups/systemd/systemd-backlight @@ -27,15 +27,15 @@ profile systemd-backlight @{exec_path} { @{sys}/class/ r, @{sys}/class/backlight/ r, - @{sys}/devices/pci[0-9]*/*:[0-9]*.[0-9]*/**/ r, + @{sys}/devices/pci[0-9]*/*:@{int}.@{int}/**/ r, @{sys}/devices/pci[0-9]*/**/ r, @{sys}/devices/pci[0-9]*/**/backlight/**/{max_brightness,actual_brightness} r, @{sys}/devices/pci[0-9]*/**/backlight/**/{uevent,type} r, @{sys}/devices/pci[0-9]*/**/backlight/**/brightness rw, @{sys}/devices/pci[0-9]*/**/class r, - @{sys}/devices/pci[0-9]*/**/drm/card[0-9]*/**/{max_brightness,actual_brightness} r, - @{sys}/devices/pci[0-9]*/**/drm/card[0-9]*/**/{uevent,type} r, - @{sys}/devices/pci[0-9]*/**/drm/card[0-9]*/**/brightness rw, + @{sys}/devices/pci[0-9]*/**/drm/card@{int}/**/{max_brightness,actual_brightness} r, + @{sys}/devices/pci[0-9]*/**/drm/card@{int}/**/{uevent,type} r, + @{sys}/devices/pci[0-9]*/**/drm/card@{int}/**/brightness rw, @{sys}/devices/pci[0-9]*/**/uevent r, @{sys}/devices/platform/**/leds/*backlight*/brightness rw, diff --git a/apparmor.d/groups/systemd/systemd-coredump b/apparmor.d/groups/systemd/systemd-coredump index c35c2a559..46c5ec72f 100644 --- a/apparmor.d/groups/systemd/systemd-coredump +++ b/apparmor.d/groups/systemd/systemd-coredump @@ -41,7 +41,7 @@ profile systemd-coredump @{exec_path} flags=(attach_disconnected,mediate_deleted @{PROC}/@{pids}/comm r, @{PROC}/@{pids}/environ r, @{PROC}/@{pids}/fd/ r, - @{PROC}/@{pids}/fdinfo/[0-9]* r, + @{PROC}/@{pids}/fdinfo/@{int} r, @{PROC}/@{pids}/limits r, @{PROC}/@{pids}/mountinfo r, @{PROC}/@{pids}/ns/ r, diff --git a/apparmor.d/groups/systemd/systemd-environment-d-generator b/apparmor.d/groups/systemd/systemd-environment-d-generator index 8ca836205..fdea976a9 100644 --- a/apparmor.d/groups/systemd/systemd-environment-d-generator +++ b/apparmor.d/groups/systemd/systemd-environment-d-generator @@ -22,7 +22,7 @@ profile systemd-environment-d-generator @{exec_path} { @{etc_ro}/environment r, @{etc_ro}/environment.d/{,**} r, - /snap/snapd/[0-9]*/usr/lib/environment.d/{,*.conf} r, + /snap/snapd/@{int}/usr/lib/environment.d/{,*.conf} r, owner @{user_config_dirs}/environment.d/{,*.conf} r, diff --git a/apparmor.d/groups/systemd/systemd-hwdb b/apparmor.d/groups/systemd/systemd-hwdb index 56fc2be70..0bb79f72a 100644 --- a/apparmor.d/groups/systemd/systemd-hwdb +++ b/apparmor.d/groups/systemd/systemd-hwdb @@ -15,7 +15,7 @@ profile systemd-hwdb @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, - @{lib}/udev/.#hwdb.bin[0-9a-zA-Z]* wl -> @{lib}/udev/#[0-9]*, + @{lib}/udev/.#hwdb.bin[0-9a-zA-Z]* wl -> @{lib}/udev/#@{int}, @{lib}/udev/hwdb.bin w, /etc/udev/.#hwdb.bind* rw, diff --git a/apparmor.d/groups/systemd/systemd-logind b/apparmor.d/groups/systemd/systemd-logind index d303709db..638d46234 100644 --- a/apparmor.d/groups/systemd/systemd-logind +++ b/apparmor.d/groups/systemd/systemd-logind @@ -108,7 +108,7 @@ profile systemd-logind @{exec_path} flags=(attach_disconnected,complain) { @{run}/systemd/notify rw, @{run}/systemd/seats/ rw, @{run}/systemd/seats/.#seat* rw, - @{run}/systemd/seats/seat[0-9]* rw, + @{run}/systemd/seats/seat@{int} rw, @{run}/systemd/sessions/{,*} rw, @{run}/systemd/sessions/*.ref rw, @{run}/systemd/shutdown/.#scheduled* rw, @@ -142,10 +142,10 @@ profile systemd-logind @{exec_path} flags=(attach_disconnected,complain) { @{PROC}/swaps r, @{PROC}/sysvipc/{shm,sem,msg} r, - /dev/dri/card[0-9]* rw, - /dev/input/event[0-9]* rw, # Input devices (keyboard, mouse, etc) + /dev/dri/card@{int} rw, + /dev/input/event@{int} rw, # Input devices (keyboard, mouse, etc) /dev/mqueue/ r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, owner /dev/shm/{,**/} rw, include if exists diff --git a/apparmor.d/groups/systemd/systemd-networkd-wait-online b/apparmor.d/groups/systemd/systemd-networkd-wait-online index cc73c1d25..2985cd809 100644 --- a/apparmor.d/groups/systemd/systemd-networkd-wait-online +++ b/apparmor.d/groups/systemd/systemd-networkd-wait-online @@ -17,7 +17,7 @@ profile systemd-networkd-wait-online @{exec_path} flags=(complain) { @{exec_path} mr, - @{run}/systemd/netif/links/[0-9]* r, + @{run}/systemd/netif/links/@{int} r, include if exists } diff --git a/apparmor.d/groups/systemd/systemd-sleep-nvidia b/apparmor.d/groups/systemd/systemd-sleep-nvidia index 77cd1d2ea..30fe1e2d0 100644 --- a/apparmor.d/groups/systemd/systemd-sleep-nvidia +++ b/apparmor.d/groups/systemd/systemd-sleep-nvidia @@ -27,7 +27,7 @@ profile systemd-sleep-nvidia @{exec_path} { @{PROC}/driver/nvidia/suspend w, /dev/tty rw, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } \ No newline at end of file diff --git a/apparmor.d/groups/systemd/systemd-sysusers b/apparmor.d/groups/systemd/systemd-sysusers index 32962c00c..65cf67288 100644 --- a/apparmor.d/groups/systemd/systemd-sysusers +++ b/apparmor.d/groups/systemd/systemd-sysusers @@ -40,8 +40,8 @@ profile systemd-sysusers @{exec_path} flags=(attach_disconnected) { /etc/.#{group,gshadow}[0-9a-zA-Z]* rw, /etc/.pwd.lock rwk, - /dev/tty[0-9]* rw, - owner /dev/pts/[0-9]* rw, + /dev/tty@{int} rw, + owner /dev/pts/@{int} rw, # Inherit Silencer diff --git a/apparmor.d/groups/systemd/systemd-tty-ask-password-agent b/apparmor.d/groups/systemd/systemd-tty-ask-password-agent index 94440c8e2..b353dbeaf 100644 --- a/apparmor.d/groups/systemd/systemd-tty-ask-password-agent +++ b/apparmor.d/groups/systemd/systemd-tty-ask-password-agent @@ -24,7 +24,7 @@ profile systemd-tty-ask-password-agent @{exec_path} { @{PROC}/@{pids}/stat r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/systemd/systemd-udevd b/apparmor.d/groups/systemd/systemd-udevd index 66b25bab8..c9fe9d1ba 100644 --- a/apparmor.d/groups/systemd/systemd-udevd +++ b/apparmor.d/groups/systemd/systemd-udevd @@ -94,7 +94,7 @@ profile systemd-udevd @{exec_path} flags=(attach_disconnected,complain) { @{run}/systemd/network/ r, @{run}/systemd/network/*.link rw, @{run}/systemd/notify rw, - @{run}/systemd/seats/seat[0-9]* r, + @{run}/systemd/seats/seat@{int} r, @{sys}/** rw, diff --git a/apparmor.d/groups/systemd/systemd-vconsole-setup b/apparmor.d/groups/systemd/systemd-vconsole-setup index c8aec27ac..7820b5608 100644 --- a/apparmor.d/groups/systemd/systemd-vconsole-setup +++ b/apparmor.d/groups/systemd/systemd-vconsole-setup @@ -34,7 +34,7 @@ profile systemd-vconsole-setup @{exec_path} { @{sys}/module/vt/parameters/default_utf8 w, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } \ No newline at end of file diff --git a/apparmor.d/groups/ubuntu/release-upgrade-motd b/apparmor.d/groups/ubuntu/release-upgrade-motd index b8dba571b..2ec568847 100644 --- a/apparmor.d/groups/ubuntu/release-upgrade-motd +++ b/apparmor.d/groups/ubuntu/release-upgrade-motd @@ -22,7 +22,7 @@ profile release-upgrade-motd @{exec_path} { /var/lib/ubuntu-release-upgrader/release-upgrade-available rw, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/groups/ubuntu/subiquity-console-conf b/apparmor.d/groups/ubuntu/subiquity-console-conf index 54a056db0..11fdc78f3 100644 --- a/apparmor.d/groups/ubuntu/subiquity-console-conf +++ b/apparmor.d/groups/ubuntu/subiquity-console-conf @@ -37,7 +37,7 @@ profile subiquity-console-conf @{exec_path} { @{bin}/journalctl rCx -> journalctl, @{bin}/ssh-keygen rPx, @{bin}/sshd rPx, - /{snap/snapd/[0-9]*/,}{usr/,}bin/snap rPx, # TODO: rCx, + /{snap/snapd/@{int}/,}{usr/,}bin/snap rPx, # TODO: rCx, /usr/lib/snapd/snap-recovery-chooser rPUx, /usr/share/netplan/netplan.script rPUx, # TODO: rPx, @@ -92,7 +92,7 @@ profile subiquity-console-conf @{exec_path} { owner @{PROC}/@{pid}/fd/ r, /dev/tty rw, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, /dev/ttyS[0-9]* rw, profile journalctl { diff --git a/apparmor.d/groups/ubuntu/update-motd-fsck-at-reboot b/apparmor.d/groups/ubuntu/update-motd-fsck-at-reboot index 5a866d280..8a210d3f7 100644 --- a/apparmor.d/groups/ubuntu/update-motd-fsck-at-reboot +++ b/apparmor.d/groups/ubuntu/update-motd-fsck-at-reboot @@ -27,7 +27,7 @@ profile update-motd-fsck-at-reboot @{exec_path} { @{PROC}/uptime r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, profile mount { include @@ -43,7 +43,7 @@ profile update-motd-fsck-at-reboot @{exec_path} { @{PROC}/@{pid}/mountinfo r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, } diff --git a/apparmor.d/groups/virt/cockpit-bridge b/apparmor.d/groups/virt/cockpit-bridge index fc6dbaf53..c28a667b8 100644 --- a/apparmor.d/groups/virt/cockpit-bridge +++ b/apparmor.d/groups/virt/cockpit-bridge @@ -55,8 +55,8 @@ profile cockpit-bridge @{exec_path} { @{run}/user/@{uid}/ssh-agent.[0-9A-Z]* rw, @{run}/utmp r, - @{sys}/devices/**/hwmon[0-9]*/ r, - @{sys}/devices/**/hwmon[0-9]*/{name,temp*} r, + @{sys}/devices/**/hwmon@{int}/ r, + @{sys}/devices/**/hwmon@{int}/{name,temp*} r, @{sys}/fs/cgroup/*.slice/**/memory* r, @{PROC}/ r, diff --git a/apparmor.d/groups/virt/cockpit-pcp b/apparmor.d/groups/virt/cockpit-pcp index 1b11bd6d5..d7d3d6541 100644 --- a/apparmor.d/groups/virt/cockpit-pcp +++ b/apparmor.d/groups/virt/cockpit-pcp @@ -30,8 +30,8 @@ profile cockpit-pcp @{exec_path} { @{sys}/fs/cgroup/{,**/} r, @{sys}/fs/cgroup/**/{memory,cpu}* r, - @{sys}/devices/platform/**/hwmon/hwmon[0-9]*/temp* r, - @{sys}/devices/platform/**/hwmon/hwmon[0-9]*/fan* r, + @{sys}/devices/platform/**/hwmon/hwmon@{int}/temp* r, + @{sys}/devices/platform/**/hwmon/hwmon@{int}/fan* r, @{PROC}/diskstats r, @{PROC}/swaps r, diff --git a/apparmor.d/groups/virt/containerd b/apparmor.d/groups/virt/containerd index 9f5073c44..e83afcbf2 100644 --- a/apparmor.d/groups/virt/containerd +++ b/apparmor.d/groups/virt/containerd @@ -77,7 +77,7 @@ profile containerd @{exec_path} flags=(attach_disconnected) { /var/lib/kubelet/seccomp/{,**} r, /var/lib/security-profiles-operator/{,**} r, - /var/log/pods/**/[0-9]*.log{,*} w, + /var/log/pods/**/@{int}.log{,*} w, @{run}/calico/ w, @{run}/containerd/{,**} rwk, @@ -106,7 +106,7 @@ profile containerd @{exec_path} flags=(attach_disconnected) { /dev/bus/ r, /dev/char/ r, /dev/cpu/ r, - /dev/cpu/[0-9]*/ r, + /dev/cpu/@{int}/ r, /dev/dma_heap/ r, /dev/dri/ r, /dev/dri/by-path/ r, diff --git a/apparmor.d/groups/virt/containerd-shim-runc-v2 b/apparmor.d/groups/virt/containerd-shim-runc-v2 index a38a903db..c9f3ce12d 100644 --- a/apparmor.d/groups/virt/containerd-shim-runc-v2 +++ b/apparmor.d/groups/virt/containerd-shim-runc-v2 @@ -36,7 +36,7 @@ profile containerd-shim-runc-v2 @{exec_path} flags=(attach_disconnected) { /tmp/pty[0-9]*/pty.sock rw, @{run}/containerd/{,containerd.sock.ttrpc} rw, - @{run}/containerd/io.containerd.grpc.v1.cri/containers/@{hex}/io/[0-9]*/@{hex}-{stdin,stdout,stderr} rw, + @{run}/containerd/io.containerd.grpc.v1.cri/containers/@{hex}/io/@{int}/@{hex}-{stdin,stdout,stderr} rw, @{run}/containerd/io.containerd.runtime.v2.task/{moby,k8s.io}/@{hex}/{,*} rw, @{run}/containerd/s/{,@{hex}} rw, diff --git a/apparmor.d/groups/virt/k3s b/apparmor.d/groups/virt/k3s index e3e892b40..5abc3e61b 100644 --- a/apparmor.d/groups/virt/k3s +++ b/apparmor.d/groups/virt/k3s @@ -85,7 +85,7 @@ profile k3s @{exec_path} flags=(attach_disconnected) { /var/log/kubernetes/audit/** rw, /var/log/pods/{,**} r, /var/log/pods/{,**/} rw, - /var/log/pods/**/[0-9]*.log{,*} rw, + /var/log/pods/**/@{int}.log{,*} rw, owner @{HOME}/.kube/** rw, @@ -136,14 +136,14 @@ profile k3s @{exec_path} flags=(attach_disconnected) { @{sys}/devices/pci[0-9]*/**/net/*/{address,mtu,speed} r, @{sys}/devices/system/edac/mc/ r, - @{sys}/devices/system/cpu/cpu[0-9]*/cache/{,**} r, - @{sys}/devices/system/cpu/cpu[0-9]*/topology/{,**} r, - @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/cpuinfo_max_freq r, + @{sys}/devices/system/cpu/cpu@{int}/cache/{,**} r, + @{sys}/devices/system/cpu/cpu@{int}/topology/{,**} r, + @{sys}/devices/system/cpu/cpufreq/policy@{int}/cpuinfo_max_freq r, @{sys}/devices/system/cpu/present{,/} r, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/ r, - @{sys}/devices/system/node/node[0-9]*/{cpumap,distance,meminfo} r, - @{sys}/devices/system/node/node[0-9]*/hugepages/{,**} r, + @{sys}/devices/system/node/node@{int}/ r, + @{sys}/devices/system/node/node@{int}/{cpumap,distance,meminfo} r, + @{sys}/devices/system/node/node@{int}/hugepages/{,**} r, @{sys}/devices/virtual/block/*/** r, @{sys}/devices/virtual/dmi/id/* r, @@ -169,7 +169,7 @@ profile k3s @{exec_path} flags=(attach_disconnected) { @{sys}/module/apparmor/parameters/enabled r, /dev/kmsg r, - /dev/pts/[0-9]* rw, + /dev/pts/@{int} rw, include if exists } diff --git a/apparmor.d/groups/virt/libvirtd b/apparmor.d/groups/virt/libvirtd index 0fff7b9b4..f98304245 100644 --- a/apparmor.d/groups/virt/libvirtd +++ b/apparmor.d/groups/virt/libvirtd @@ -207,20 +207,20 @@ profile libvirtd @{exec_path} flags=(attach_disconnected) { @{sys}/devices/pci[0-9]*/**/resource r, @{sys}/devices/pci[0-9]*/**/sriov_totalvfs r, - @{sys}/devices/system/cpu/cpu[0-9]*/cache/{,**} r, - @{sys}/devices/system/cpu/cpu[0-9]*/topology/{,**} r, + @{sys}/devices/system/cpu/cpu@{int}/cache/{,**} r, + @{sys}/devices/system/cpu/cpu@{int}/topology/{,**} r, @{sys}/devices/system/cpu/present r, @{sys}/devices/system/cpu/present/ r, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/ r, - @{sys}/devices/system/node/node[0-9]*/{cpumap,distance,meminfo} r, - @{sys}/devices/system/node/node[0-9]*/hugepages/{,**} r, + @{sys}/devices/system/node/node@{int}/ r, + @{sys}/devices/system/node/node@{int}/{cpumap,distance,meminfo} r, + @{sys}/devices/system/node/node@{int}/hugepages/{,**} r, @{sys}/devices/virtual/dmi/id/* r, @{sys}/devices/virtual/net/{,**} rw, @{sys}/kernel/debug/kvm/{,**} r, @{sys}/kernel/iommu_groups/ r, - @{sys}/kernel/iommu_groups/[0-9]*/devices/ r, + @{sys}/kernel/iommu_groups/@{int}/devices/ r, @{sys}/kernel/mm/hugepages/{,**} r, @{sys}/kernel/security/apparmor/profiles r, @@ -258,7 +258,7 @@ profile libvirtd @{exec_path} flags=(attach_disconnected) { /dev/mapper/control rw, /dev/net/tun rw, /dev/shm/libvirt/{,**} rw, - /dev/vfio/[0-9]* rwk, + /dev/vfio/@{int} rwk, /dev/vhost-net rw, /dev/ptmx rw, diff --git a/apparmor.d/groups/virt/virtinterfaced b/apparmor.d/groups/virt/virtinterfaced index 1753d2c57..8cfef1ff1 100644 --- a/apparmor.d/groups/virt/virtinterfaced +++ b/apparmor.d/groups/virt/virtinterfaced @@ -35,7 +35,7 @@ profile virtinterfaced @{exec_path} flags=(attach_disconnected) { @{sys}/class/net/ r, @{sys}/devices/pci[0-9]*/**/net/{,**} r, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, + @{sys}/devices/system/node/node@{int}/meminfo r, @{sys}/devices/virtual/net/{,**} r, owner @{PROC}/@{pids}/stat r, diff --git a/apparmor.d/groups/virt/virtlogd b/apparmor.d/groups/virt/virtlogd index 4ffb2639b..0fbad3b8b 100644 --- a/apparmor.d/groups/virt/virtlogd +++ b/apparmor.d/groups/virt/virtlogd @@ -34,7 +34,7 @@ profile virtlogd @{exec_path} flags=(attach_disconnected) { @{run}/virtlogd.pid rwk, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, + @{sys}/devices/system/node/node@{int}/meminfo r, @{PROC}/1/environ r, @{PROC}/cmdline r, diff --git a/apparmor.d/groups/virt/virtnetworkd b/apparmor.d/groups/virt/virtnetworkd index be00b8d6a..f0fa601ac 100644 --- a/apparmor.d/groups/virt/virtnetworkd +++ b/apparmor.d/groups/virt/virtnetworkd @@ -27,7 +27,7 @@ profile virtnetworkd @{exec_path} flags=(attach_disconnected) { owner @{run}/user/@{uid}/libvirt/virtnetworkd* rwk, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, + @{sys}/devices/system/node/node@{int}/meminfo r, owner @{PROC}/@{pid}/stat r, owner @{PROC}/@{pids}/fd/ r, diff --git a/apparmor.d/groups/virt/virtnodedevd b/apparmor.d/groups/virt/virtnodedevd index 444450ca9..4ab1f8480 100644 --- a/apparmor.d/groups/virt/virtnodedevd +++ b/apparmor.d/groups/virt/virtnodedevd @@ -52,7 +52,7 @@ profile virtnodedevd @{exec_path} flags=(attach_disconnected) { @{run}/udev/data/c29:[0-9]* r, # For /dev/fb[0-9]* @{run}/udev/data/c90:[0-9]* r, # For RAM, ROM, Flash @{run}/udev/data/c116:[0-9]* r, # For ALSA - @{run}/udev/data/c226:[0-9]* r, # For /dev/dri/card[0-9]* + @{run}/udev/data/c226:[0-9]* r, # For /dev/dri/card@{int} @{run}/udev/data/c23[4-9]:[0-9]* r, # For dynamic assignment range 234 to 254 @{run}/udev/data/c24[0-9]:[0-9]* r, @{run}/udev/data/c25[0-4]:[0-9]* r, @@ -70,11 +70,11 @@ profile virtnodedevd @{exec_path} flags=(attach_disconnected) { @{sys}/devices/pci[0-9]*/**/numa_node r, @{sys}/devices/pci[0-9]*/**/sriov_totalvfs r, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, + @{sys}/devices/system/node/node@{int}/meminfo r, @{sys}/devices/virtual/dmi/id/{product_name,sys_vendor,board_vendor,bios_vendor,bios_date,bios_version,product_version} r, @{sys}/devices/virtual/net/{,**} r, @{sys}/kernel/iommu_groups/ r, - @{sys}/kernel/iommu_groups/[0-9]*/devices/ r, + @{sys}/kernel/iommu_groups/@{int}/devices/ r, owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/stat r, diff --git a/apparmor.d/groups/virt/virtsecretd b/apparmor.d/groups/virt/virtsecretd index 36a96a259..ab02f3801 100644 --- a/apparmor.d/groups/virt/virtsecretd +++ b/apparmor.d/groups/virt/virtsecretd @@ -30,7 +30,7 @@ profile virtsecretd @{exec_path} flags=(attach_disconnected) { @{run}/utmp rk, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, + @{sys}/devices/system/node/node@{int}/meminfo r, owner @{PROC}/@{pids}/stat r, diff --git a/apparmor.d/groups/virt/virtstoraged b/apparmor.d/groups/virt/virtstoraged index 427dca0e1..366f01e5d 100644 --- a/apparmor.d/groups/virt/virtstoraged +++ b/apparmor.d/groups/virt/virtstoraged @@ -38,7 +38,7 @@ profile virtstoraged @{exec_path} flags=(attach_disconnected) { @{run}/utmp rwk, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, + @{sys}/devices/system/node/node@{int}/meminfo r, owner @{PROC}/@{pids}/stat r, owner @{PROC}/@{pids}/fd/ r, diff --git a/apparmor.d/profiles-a-f/aa-log b/apparmor.d/profiles-a-f/aa-log index 9a2323acb..9247dc9fb 100644 --- a/apparmor.d/profiles-a-f/aa-log +++ b/apparmor.d/profiles-a-f/aa-log @@ -33,7 +33,7 @@ profile aa-log @{exec_path} { @{PROC}/sys/kernel/random/boot_id r, @{PROC}/sys/kernel/cap_last_cap r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-a-f/aa-notify b/apparmor.d/profiles-a-f/aa-notify index 0eeb04e57..014b5ecf5 100644 --- a/apparmor.d/profiles-a-f/aa-notify +++ b/apparmor.d/profiles-a-f/aa-notify @@ -34,7 +34,7 @@ profile aa-notify @{exec_path} { /var/log/audit/audit.log r, owner @{HOME}/.inputrc r, - owner @{HOME}/.terminfo/[0-9]*/dumb r, + owner @{HOME}/.terminfo/@{int}/dumb r, owner /tmp/[a-z0-9]* rw, owner /tmp/apparmor-bugreport-*.txt rw, diff --git a/apparmor.d/profiles-a-f/aa-status b/apparmor.d/profiles-a-f/aa-status index 3972c9715..3374f1a37 100644 --- a/apparmor.d/profiles-a-f/aa-status +++ b/apparmor.d/profiles-a-f/aa-status @@ -26,7 +26,7 @@ profile aa-status @{exec_path} { @{PROC}/@{pids}/attr/current r, owner @{PROC}/@{pid}/mounts r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-a-f/acpi-powerbtn b/apparmor.d/profiles-a-f/acpi-powerbtn index dae4595fa..0b1e112b1 100644 --- a/apparmor.d/profiles-a-f/acpi-powerbtn +++ b/apparmor.d/profiles-a-f/acpi-powerbtn @@ -43,7 +43,7 @@ profile acpi-powerbtn flags=(attach_disconnected) { @{bin}/fgconsole r, /dev/tty rw, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, } include if exists diff --git a/apparmor.d/profiles-a-f/agetty b/apparmor.d/profiles-a-f/agetty index 441f77f03..8310841c8 100644 --- a/apparmor.d/profiles-a-f/agetty +++ b/apparmor.d/profiles-a-f/agetty @@ -38,9 +38,9 @@ profile agetty @{exec_path} { @{run}/resolvconf/resolv.conf r, owner @{run}/agetty.reload rw, - /dev/tty[0-9]* rw, - owner /dev/ttyGS[0-9]* rw, - owner /dev/ttyS[0-9]* rw, + /dev/tty@{int} rw, + owner /dev/ttyGS@{int} rw, + owner /dev/ttyS@{int} rw, include if exists } diff --git a/apparmor.d/profiles-a-f/amixer b/apparmor.d/profiles-a-f/amixer index 6dacb53fe..d2f894333 100644 --- a/apparmor.d/profiles-a-f/amixer +++ b/apparmor.d/profiles-a-f/amixer @@ -26,7 +26,7 @@ profile amixer @{exec_path} { owner @{PROC}/@{pid}/task/@{tid}/comm rw, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-a-f/anki b/apparmor.d/profiles-a-f/anki index ebb3c954b..58b9a683e 100644 --- a/apparmor.d/profiles-a-f/anki +++ b/apparmor.d/profiles-a-f/anki @@ -137,7 +137,7 @@ profile anki @{exec_path} { /etc/machine-id r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, owner @{HOME}/.xsession-errors w, # Allowed apps to open @@ -170,10 +170,10 @@ profile anki @{exec_path} { /etc/machine-id r, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, + @{sys}/devices/system/node/node@{int}/meminfo r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, owner @{HOME}/.xsession-errors w, } diff --git a/apparmor.d/profiles-a-f/apparmor_parser b/apparmor.d/profiles-a-f/apparmor_parser index d751a4f69..763954e49 100644 --- a/apparmor.d/profiles-a-f/apparmor_parser +++ b/apparmor.d/profiles-a-f/apparmor_parser @@ -23,8 +23,8 @@ profile apparmor_parser @{exec_path} flags=(attach_disconnected) { /usr/share/apparmor-features/{,**} r, /usr/share/apparmor/{,**} r, - owner /snap/core[0-9]*/[0-9]*/etc/apparmor.d/{,**} r, - owner /snap/core[0-9]*/[0-9]*/etc/apparmor/* r, + owner /snap/core[0-9]*/@{int}/etc/apparmor.d/{,**} r, + owner /snap/core[0-9]*/@{int}/etc/apparmor/* r, owner /var/cache/apparmor/{,**} rw, owner /var/lib/docker/tmp/docker-default[0-9]* r, owner /var/lib/snapd/apparmor/{,**} r, diff --git a/apparmor.d/profiles-a-f/arandr b/apparmor.d/profiles-a-f/arandr index 2c7df4626..26c112435 100644 --- a/apparmor.d/profiles-a-f/arandr +++ b/apparmor.d/profiles-a-f/arandr @@ -32,7 +32,7 @@ profile arandr @{exec_path} { /etc/fstab r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-a-f/arduino-builder b/apparmor.d/profiles-a-f/arduino-builder index 27988615c..4d37a1727 100644 --- a/apparmor.d/profiles-a-f/arduino-builder +++ b/apparmor.d/profiles-a-f/arduino-builder @@ -18,11 +18,11 @@ profile arduino-builder @{exec_path} { @{bin}/avr-gcc-ar rix, @{bin}/avr-size rix, @{bin}/avrdude rix, - @{lib}/gcc/avr/[0-9]*/cc1plus rix, - @{lib}/gcc/avr/[0-9]*/cc1 rix, - @{lib}/gcc/avr/[0-9]*/collect2 rix, - @{lib}/gcc/avr/[0-9]*/lto-wrapper rix, - @{lib}/gcc/avr/[0-9]*/lto1 rix, + @{lib}/gcc/avr/@{int}/cc1plus rix, + @{lib}/gcc/avr/@{int}/cc1 rix, + @{lib}/gcc/avr/@{int}/collect2 rix, + @{lib}/gcc/avr/@{int}/lto-wrapper rix, + @{lib}/gcc/avr/@{int}/lto1 rix, @{lib}/llvm-[0-9]*/bin/clang rix, @{lib}/avr/bin/as rix, @{lib}/avr/bin/ar rix, diff --git a/apparmor.d/profiles-a-f/birdtray b/apparmor.d/profiles-a-f/birdtray index d24940283..ce5f8a960 100644 --- a/apparmor.d/profiles-a-f/birdtray +++ b/apparmor.d/profiles-a-f/birdtray @@ -69,7 +69,7 @@ profile birdtray @{exec_path} { /etc/machine-id r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile open { diff --git a/apparmor.d/profiles-a-f/blueman b/apparmor.d/profiles-a-f/blueman index 4b15033d8..350705cd8 100644 --- a/apparmor.d/profiles-a-f/blueman +++ b/apparmor.d/profiles-a-f/blueman @@ -64,7 +64,7 @@ profile blueman @{exec_path} flags=(attach_disconnected) { owner @{PROC}/@{pid}/mounts r, @{PROC}/@{pids}/cmdline r, - /dev/dri/card[0-9]* rw, + /dev/dri/card@{int} rw, /dev/rfkill r, /dev/shm/ r, /dev/tty rw, diff --git a/apparmor.d/profiles-a-f/bluetoothd b/apparmor.d/profiles-a-f/bluetoothd index 0ec3deaa9..020ba32e1 100644 --- a/apparmor.d/profiles-a-f/bluetoothd +++ b/apparmor.d/profiles-a-f/bluetoothd @@ -42,7 +42,7 @@ profile bluetoothd @{exec_path} { /dev/uhid rw, /dev/uinput rw, /dev/rfkill rw, - /dev/hidraw[0-9]* rw, + /dev/hidraw@{int} rw, include if exists } diff --git a/apparmor.d/profiles-a-f/btop b/apparmor.d/profiles-a-f/btop index a71ec4a65..cab332e02 100644 --- a/apparmor.d/profiles-a-f/btop +++ b/apparmor.d/profiles-a-f/btop @@ -24,15 +24,15 @@ profile btop @{exec_path} { @{sys}/class/power_supply/ r, @{sys}/class/hwmon/ r, - @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/scaling_{cur,min,max}_freq r, + @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_{cur,min,max}_freq r, @{sys}/devices/virtual/thermal/thermal_zone[0-9]*/ r, - @{sys}/devices/virtual/thermal/thermal_zone[0-9]*/hwmon[0-9]*/{,*} r, - @{sys}/devices/platform/coretemp.[0-9]*/hwmon/hwmon[0-9]*/{,*} r, - @{sys}/devices/virtual/block/dm-[0-9]*/stat r, - @{sys}/devices/pci[0-9]*/**/host[0-9]*/*/*/block/*/*/stat r, + @{sys}/devices/virtual/thermal/thermal_zone@{int}/hwmon@{int}/{,*} r, + @{sys}/devices/platform/coretemp.@{int}/hwmon/hwmon@{int}/{,*} r, + @{sys}/devices/virtual/block/dm-@{int}/stat r, + @{sys}/devices/pci[0-9]*/**/host@{int}/*/*/block/*/*/stat r, @{sys}/devices/{pci[0-9]*,virtual}/{,**/}net/*/statistics/{rx,tx}_bytes r, @{sys}/devices/{pci[0-9]*,virtual}/{,**/}net/*/address r, - @{sys}/devices/pci[0-9]*/*/*/usb[0-9]*/**/power_supply/hidpp_battery_[0-9]*/{,hwmon[0-9]*/} r, + @{sys}/devices/pci[0-9]*/*/*/usb@{int}/**/power_supply/hidpp_battery_[@{int}/{,hwmon@{int}/} r, @{PROC} r, @{PROC}/loadavg r, diff --git a/apparmor.d/profiles-a-f/btrfs b/apparmor.d/profiles-a-f/btrfs index bb7c5382c..8f43838b9 100644 --- a/apparmor.d/profiles-a-f/btrfs +++ b/apparmor.d/profiles-a-f/btrfs @@ -42,14 +42,14 @@ profile btrfs @{exec_path} { @{run}/blkid/blkid.tab{,-@{rand6}} rw, @{run}/blkid/blkid.tab.old rwl -> @{run}/blkid/blkid.tab, - @{sys}/fs/btrfs/@{uuid}/devinfo/[0-9]*/fsid r, + @{sys}/fs/btrfs/@{uuid}/devinfo/@{int}/fsid r, @{PROC}/partitions r, owner @{PROC}/@{pid}/mounts r, /dev/btrfs-control rw, - /dev/tty[0-9]* rw, - owner /dev/pts/[0-9]* rw, + /dev/tty@{int} rw, + owner /dev/pts/@{int} rw, include if exists diff --git a/apparmor.d/profiles-a-f/code-extension-git-askpass b/apparmor.d/profiles-a-f/code-extension-git-askpass index e70fd9da5..7812baa2a 100644 --- a/apparmor.d/profiles-a-f/code-extension-git-askpass +++ b/apparmor.d/profiles-a-f/code-extension-git-askpass @@ -19,7 +19,7 @@ profile code-extension-git-askpass @{exec_path} { @{bin}/cat rix, @{bin}/mktemp rix, @{bin}/rm rix, - @{lib}/electron[0-9]*/electron rix, + @{lib}/electron@{int}/electron rix, /usr/share/terminfo/x/xterm-256color r, diff --git a/apparmor.d/profiles-a-f/code-extension-git-editor b/apparmor.d/profiles-a-f/code-extension-git-editor index 591df2318..63fd2c8c4 100644 --- a/apparmor.d/profiles-a-f/code-extension-git-editor +++ b/apparmor.d/profiles-a-f/code-extension-git-editor @@ -13,7 +13,7 @@ profile code-extension-git-editor @{exec_path} { @{exec_path} mr, @{bin}/{,ba,da}sh rix, - @{lib}/electron[0-9]*/electron rix, + @{lib}/electron@{int}/electron rix, /dev/tty rw, diff --git a/apparmor.d/profiles-a-f/compton b/apparmor.d/profiles-a-f/compton index baf8a38ba..bbc9dc66f 100644 --- a/apparmor.d/profiles-a-f/compton +++ b/apparmor.d/profiles-a-f/compton @@ -19,7 +19,7 @@ profile compton @{exec_path} { owner @{HOME}/.Xauthority r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, owner @{HOME}/.xsession-errors w, include if exists diff --git a/apparmor.d/profiles-a-f/conky b/apparmor.d/profiles-a-f/conky index 9ea58f414..542cecffd 100644 --- a/apparmor.d/profiles-a-f/conky +++ b/apparmor.d/profiles-a-f/conky @@ -87,7 +87,7 @@ profile conky @{exec_path} { @{sys}/devices/system/cpu/present r, # Get the current frequency of the CPU - @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/scaling_cur_freq r, + @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_cur_freq r, # Get load average values for 1, 5 and 15 minutes @{PROC}/loadavg r, @@ -128,8 +128,8 @@ profile conky @{exec_path} { # Temperatures and Fans @{bin}/sensors rPUx, - @{sys}/devices/**/hwmon[0-9]*/temp[0-9]*_input r, - @{sys}/devices/**/hwmon/hwmon[0-9]*/temp[0-9]*_input r, + @{sys}/devices/**/hwmon@{int}/temp[0-9]*_input r, + @{sys}/devices/**/hwmon/hwmon@{int}/temp[0-9]*_input r, @{sys}/class/hwmon/ r, @{PROC}/acpi/ibm/fan r, @@ -146,7 +146,7 @@ profile conky @{exec_path} { /usr/share/X11/XErrorDB r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, owner @{HOME}/.xsession-errors w, @@ -187,7 +187,7 @@ profile conky @{exec_path} { /usr/share/publicsuffix/public_suffix_list.* r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, deny @{PROC}/@{pids}/net/dev r, deny @{PROC}/@{pids}/net/tcp r, deny @{PROC}/@{pids}/net/tcp6 r, diff --git a/apparmor.d/profiles-a-f/cpuid b/apparmor.d/profiles-a-f/cpuid index 98c184f61..99ae5634c 100644 --- a/apparmor.d/profiles-a-f/cpuid +++ b/apparmor.d/profiles-a-f/cpuid @@ -14,7 +14,7 @@ profile cpuid @{exec_path} { @{exec_path} mr, - /dev/cpu/[0-9]*/cpuid r, + /dev/cpu/@{int}/cpuid r, owner /tmp/cpuid* rw, diff --git a/apparmor.d/profiles-a-f/dkms b/apparmor.d/profiles-a-f/dkms index a248af89c..a494dc5d0 100644 --- a/apparmor.d/profiles-a-f/dkms +++ b/apparmor.d/profiles-a-f/dkms @@ -55,7 +55,7 @@ profile dkms @{exec_path} flags=(attach_disconnected) { @{bin}/{,g,m}awk rix, @{bin}/update-secureboot-policy rPUx, - @{lib}/gcc/@{multiarch}/[0-9]*/* rix, + @{lib}/gcc/@{multiarch}/@{int}/* rix, @{lib}/linux-kbuild-*/scripts/** rix, @{lib}/linux-kbuild-*/tools/objtool/objtool rix, @{lib}/llvm-[0-9]*/bin/clang rix, diff --git a/apparmor.d/profiles-a-f/downloadhelper b/apparmor.d/profiles-a-f/downloadhelper index 11785c16f..f6cdd450c 100644 --- a/apparmor.d/profiles-a-f/downloadhelper +++ b/apparmor.d/profiles-a-f/downloadhelper @@ -37,7 +37,7 @@ profile downloadhelper @{exec_path} { owner /tmp/vdh-*.tmp rw, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, + @{sys}/devices/system/node/node@{int}/meminfo r, deny @{PROC}/version r, deny @{user_share_dirs}/gvfs-metadata/* r, diff --git a/apparmor.d/profiles-a-f/dring b/apparmor.d/profiles-a-f/dring index 86504f4bc..9a1e20cc8 100644 --- a/apparmor.d/profiles-a-f/dring +++ b/apparmor.d/profiles-a-f/dring @@ -27,7 +27,7 @@ profile dring @{exec_path} { @{sys}/class/ r, @{sys}/bus/ r, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, + @{sys}/devices/system/node/node@{int}/meminfo r, /var/lib/dbus/machine-id r, /etc/machine-id r, diff --git a/apparmor.d/profiles-a-f/dumpe2fs b/apparmor.d/profiles-a-f/dumpe2fs index ab4b42d1f..b0da3ebee 100644 --- a/apparmor.d/profiles-a-f/dumpe2fs +++ b/apparmor.d/profiles-a-f/dumpe2fs @@ -21,7 +21,7 @@ profile dumpe2fs @{exec_path} { owner @{run}/blkid/blkid.tab{,-@{rand6}} rw, owner @{run}/blkid/blkid.tab.old rwl -> @{run}/blkid/blkid.tab, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-a-f/dunstify b/apparmor.d/profiles-a-f/dunstify index 612facd9b..4617a00f1 100644 --- a/apparmor.d/profiles-a-f/dunstify +++ b/apparmor.d/profiles-a-f/dunstify @@ -13,7 +13,7 @@ profile dunstify @{exec_path} { @{exec_path} mr, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-a-f/engrampa b/apparmor.d/profiles-a-f/engrampa index 43d3c185c..edf0d8e90 100644 --- a/apparmor.d/profiles-a-f/engrampa +++ b/apparmor.d/profiles-a-f/engrampa @@ -133,7 +133,7 @@ profile engrampa @{exec_path} { owner @{PROC}/@{pid}/fd/ r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, deny owner @{user_share_dirs}/gvfs-metadata/{,*} r, diff --git a/apparmor.d/profiles-a-f/exo-helper b/apparmor.d/profiles-a-f/exo-helper index fcf7d7953..5b51aae98 100644 --- a/apparmor.d/profiles-a-f/exo-helper +++ b/apparmor.d/profiles-a-f/exo-helper @@ -48,7 +48,7 @@ profile exo-helper @{exec_path} { /etc/fstab r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-a-f/f3read b/apparmor.d/profiles-a-f/f3read index be331ee1b..d0221a999 100644 --- a/apparmor.d/profiles-a-f/f3read +++ b/apparmor.d/profiles-a-f/f3read @@ -18,9 +18,9 @@ profile f3read @{exec_path} { @{MOUNTS}/*/ r, # To be able to read h2w files - owner @{MOUNTDIRS}/[0-9]*.h2w r, - owner @{MOUNTS}/[0-9]*.h2w r, - owner @{MOUNTS}/*/[0-9]*.h2w r, + owner @{MOUNTDIRS}/@{int}.h2w r, + owner @{MOUNTS}/@{int}.h2w r, + owner @{MOUNTS}/*/@{int}.h2w r, include if exists } diff --git a/apparmor.d/profiles-a-f/f3write b/apparmor.d/profiles-a-f/f3write index aed9ce34d..938b0a4e8 100644 --- a/apparmor.d/profiles-a-f/f3write +++ b/apparmor.d/profiles-a-f/f3write @@ -22,9 +22,9 @@ profile f3write @{exec_path} { @{MOUNTS}/*/ r, # To be able to write h2w files - owner @{MOUNTDIRS}/[0-9]*.h2w w, - owner @{MOUNTS}/[0-9]*.h2w w, - owner @{MOUNTS}/*/[0-9]*.h2w w, + owner @{MOUNTDIRS}/@{int}.h2w w, + owner @{MOUNTS}/@{int}.h2w w, + owner @{MOUNTS}/*/@{int}.h2w w, include if exists } diff --git a/apparmor.d/profiles-a-f/flatpak-portal b/apparmor.d/profiles-a-f/flatpak-portal index c2b07033b..e17b75de3 100644 --- a/apparmor.d/profiles-a-f/flatpak-portal +++ b/apparmor.d/profiles-a-f/flatpak-portal @@ -32,9 +32,9 @@ profile flatpak-portal @{exec_path} flags=(attach_disconnected) { owner @{user_config_dirs}/user-dirs.dirs r, owner @{user_share_dirs}/mime/mime.cache r, - owner @{run}/user/@{uid}/.flatpak/[0-9]*/bwrapinfo.json r, - owner @{run}/user/@{uid}/.flatpak/[0-9]*/info r, - owner @{run}/user/@{uid}/.flatpak/[0-9]*/pid r, + owner @{run}/user/@{uid}/.flatpak/@{int}/bwrapinfo.json r, + owner @{run}/user/@{uid}/.flatpak/@{int}/info r, + owner @{run}/user/@{uid}/.flatpak/@{int}/pid r, include if exists } \ No newline at end of file diff --git a/apparmor.d/profiles-a-f/fwupd b/apparmor.d/profiles-a-f/fwupd index 302e13a34..a6b12dfff 100644 --- a/apparmor.d/profiles-a-f/fwupd +++ b/apparmor.d/profiles-a-f/fwupd @@ -104,8 +104,8 @@ profile fwupd @{exec_path} flags=(complain,attach_disconnected) { /boot/{,**} r, /boot/EFI/*/.goutputstream-@{rand6} rw, /boot/EFI/*/fw/fwupd-*.cap{,.*} rw, - /boot/EFI/*/fwupdx[0-9]*.efi rw, - @{lib}/fwupd/efi/fwupdx[0-9]*.efi r, + /boot/EFI/*/fwupdx@{int}.efi rw, + @{lib}/fwupd/efi/fwupdx@{int}.efi r, /etc/machine-id r, /var/lib/dbus/machine-id r, @@ -129,7 +129,7 @@ profile fwupd @{exec_path} flags=(complain,attach_disconnected) { @{sys}/power/mem_sleep r, @{run}/motd.d/ r, - @{run}/motd.d/[0-9]*-fwupd* rw, + @{run}/motd.d/@{int}-fwupd* rw, @{run}/motd.d/fwupd/{,**} rw, @{run}/mount/utab r, @{run}/systemd/inhibit/[0-9]*.ref rw, @@ -145,17 +145,17 @@ profile fwupd @{exec_path} flags=(complain,attach_disconnected) { @{PROC}/sys/kernel/tainted r, /dev/bus/usb/ r, - /dev/bus/usb/[0-9]*/[0-9]* rw, - /dev/cpu/[0-9]*/msr rw, - /dev/drm_dp_aux[0-9]* rw, - /dev/gpiochip[0-9]* r, - /dev/hidraw[0-9]* rw, - /dev/mei[0-9]* rw, + /dev/bus/usb/@{int}/@{int} rw, + /dev/cpu/@{int}/msr rw, + /dev/drm_dp_aux@{int} rw, + /dev/gpiochip@{int} r, + /dev/hidraw@{int} rw, + /dev/mei@{int} rw, /dev/mem r, - /dev/mtd[0-9]* rw, + /dev/mtd@{int} rw, /dev/sd[a-z]* r, - /dev/tpm[0-9]* rw, - /dev/tpmrm[0-9]* rw, + /dev/tpm@{int} rw, + /dev/tpmrm@{int} rw, /dev/wmi/* r, profile gpg flags=(complain) { diff --git a/apparmor.d/profiles-g-l/gajim b/apparmor.d/profiles-g-l/gajim index 777413384..73a1f73c2 100644 --- a/apparmor.d/profiles-g-l/gajim +++ b/apparmor.d/profiles-g-l/gajim @@ -105,7 +105,7 @@ profile gajim @{exec_path} { @{bin}/{,@{multiarch}-}gcc-[0-9]* rix, @{bin}/{,@{multiarch}-}g++-[0-9]* rix, @{bin}/{,@{multiarch}-}ld.bfd rix, - @{lib}/gcc/@{multiarch}/[0-9]*/collect2 rix, + @{lib}/gcc/@{multiarch}/@{int}/collect2 rix, owner /tmp/cc* rw, owner /tmp/tmp* rw, diff --git a/apparmor.d/profiles-g-l/games-wesnoth b/apparmor.d/profiles-g-l/games-wesnoth index d9af5f751..1573af6cd 100644 --- a/apparmor.d/profiles-g-l/games-wesnoth +++ b/apparmor.d/profiles-g-l/games-wesnoth @@ -19,7 +19,7 @@ profile games-wesnoth @{exec_path} { @{exec_path} mrix, - /usr/share/games/wesnoth/[0-9]*/{,**} r, + /usr/share/games/wesnoth/@{int}/{,**} r, owner @{user_config_dirs}/wesnoth-[0-9]*/{,**} rw, diff --git a/apparmor.d/profiles-g-l/gdk-pixbuf-query-loaders b/apparmor.d/profiles-g-l/gdk-pixbuf-query-loaders index 2a665a5c8..cf6f2b7ed 100644 --- a/apparmor.d/profiles-g-l/gdk-pixbuf-query-loaders +++ b/apparmor.d/profiles-g-l/gdk-pixbuf-query-loaders @@ -15,8 +15,8 @@ profile gdk-pixbuf-query-loaders @{exec_path} { @{exec_path} mr, - @{lib}/gdk-pixbuf-[0-9].[0-9]*/{,*}/loaders.cache.* rw, - @{lib}/gdk-pixbuf-[0-9].[0-9]*/*/loaders.cache rw, + @{lib}/gdk-pixbuf-[0-9].@{int}/{,*}/loaders.cache.* rw, + @{lib}/gdk-pixbuf-[0-9].@{int}/*/loaders.cache rw, include if exists } \ No newline at end of file diff --git a/apparmor.d/profiles-g-l/globaltime b/apparmor.d/profiles-g-l/globaltime index c2bfd687b..2b148a3e9 100644 --- a/apparmor.d/profiles-g-l/globaltime +++ b/apparmor.d/profiles-g-l/globaltime @@ -20,7 +20,7 @@ profile globaltime @{exec_path} { owner @{user_config_dirs}/globaltime/globaltimerc{,.*} rw, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-g-l/gpa b/apparmor.d/profiles-g-l/gpa index 2ef5bb0d1..654a4f8b1 100644 --- a/apparmor.d/profiles-g-l/gpa +++ b/apparmor.d/profiles-g-l/gpa @@ -48,7 +48,7 @@ profile gpa @{exec_path} { @{lib}/firefox/firefox rPUx, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-g-l/gparted b/apparmor.d/profiles-g-l/gparted index e7e7106ec..b75914d7e 100644 --- a/apparmor.d/profiles-g-l/gparted +++ b/apparmor.d/profiles-g-l/gparted @@ -55,7 +55,7 @@ profile gparted @{exec_path} { @{PROC}/@{pids}/stat r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile udevadm { diff --git a/apparmor.d/profiles-g-l/gpodder b/apparmor.d/profiles-g-l/gpodder index fa4c2e5ab..a798e6c87 100644 --- a/apparmor.d/profiles-g-l/gpodder +++ b/apparmor.d/profiles-g-l/gpodder @@ -64,7 +64,7 @@ profile gpodder @{exec_path} { @{lib}/firefox/firefox rPUx, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile open { diff --git a/apparmor.d/profiles-g-l/groups b/apparmor.d/profiles-g-l/groups index 6de8a0a29..ea6ef03be 100644 --- a/apparmor.d/profiles-g-l/groups +++ b/apparmor.d/profiles-g-l/groups @@ -16,7 +16,7 @@ profile groups @{exec_path} { /etc/group r, /etc/nsswitch.conf r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-g-l/gsettings b/apparmor.d/profiles-g-l/gsettings index fba7f30c4..8ad1f8147 100644 --- a/apparmor.d/profiles-g-l/gsettings +++ b/apparmor.d/profiles-g-l/gsettings @@ -22,7 +22,7 @@ profile gsettings @{exec_path} { /var/lib/gdm{3,}/.config/dconf/user r, /var/lib/gdm{3,}/greeter-dconf-defaults r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, owner @{run}/user/@{uid}/bus rw, diff --git a/apparmor.d/profiles-g-l/hardinfo b/apparmor.d/profiles-g-l/hardinfo index adc91951d..1470a3dbf 100644 --- a/apparmor.d/profiles-g-l/hardinfo +++ b/apparmor.d/profiles-g-l/hardinfo @@ -42,7 +42,7 @@ profile hardinfo @{exec_path} { @{bin}/python2.[0-9]* rix, @{bin}/python3.[0-9]* rix, @{bin}/route rix, - @{bin}/ruby[0-9].[0-9]* rix, + @{bin}/ruby[0-9].@{int} rix, @{bin}/strace rix, @{bin}/tr rix, @{bin}/valgrind{,.bin} rix, @@ -72,10 +72,10 @@ profile hardinfo @{exec_path} { @{sys}/devices/virtual/dmi/id/* r, @{sys}/devices/virtual/thermal/thermal_zone[0-9]/hwmon[0-9]/temp* r, @{sys}/devices/virtual/thermal/thermal_zone[0-9]/temp* r, - @{sys}/devices/platform/**/hwmon/hwmon[0-9]*/temp* r, - @{sys}/devices/platform/**/hwmon/hwmon[0-9]*/fan* r, + @{sys}/devices/platform/**/hwmon/hwmon@{int}/temp* r, + @{sys}/devices/platform/**/hwmon/hwmon@{int}/fan* r, @{sys}/devices/pci[0-9]*/**/eeprom r, - @{sys}/devices/pci[0-9]*/**/hwmon/hwmon[0-9]*/temp* r, + @{sys}/devices/pci[0-9]*/**/hwmon/hwmon@{int}/temp* r, @{sys}/devices/**/power_supply/** r, @{PROC}/@{pid}/net/wireless r, @@ -118,7 +118,7 @@ profile hardinfo @{exec_path} { deny /usr/share/gdb/python/** w, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile ccache { diff --git a/apparmor.d/profiles-g-l/hexchat b/apparmor.d/profiles-g-l/hexchat index 539bf83a6..18456e2f5 100644 --- a/apparmor.d/profiles-g-l/hexchat +++ b/apparmor.d/profiles-g-l/hexchat @@ -48,7 +48,7 @@ profile hexchat @{exec_path} { @{lib}/firefox/firefox rPUx, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-g-l/htop b/apparmor.d/profiles-g-l/htop index b624b7c69..8f1ef80ec 100644 --- a/apparmor.d/profiles-g-l/htop +++ b/apparmor.d/profiles-g-l/htop @@ -85,10 +85,10 @@ profile htop @{exec_path} { @{sys}/class/hwmon/ r, @{sys}/class/i2c-adapter/ r, @{sys}/class/power_supply/ r, - @{sys}/devices/**/hwmon[0-9]*/ r, - @{sys}/devices/**/hwmon[0-9]*/{name,temp*} r, - @{sys}/devices/**/hwmon[0-9]*/**/ r, - @{sys}/devices/**/hwmon[0-9]*/**/{name,temp*} r, + @{sys}/devices/**/hwmon@{int}/ r, + @{sys}/devices/**/hwmon@{int}/{name,temp*} r, + @{sys}/devices/**/hwmon@{int}/**/ r, + @{sys}/devices/**/hwmon@{int}/**/{name,temp*} r, @{sys}/devices/**/hwmon/ r, @{sys}/devices/**/hwmon/{name,temp*} r, @{sys}/devices/**/hwmon/**/ r, @@ -98,15 +98,15 @@ profile htop @{exec_path} { @{sys}/devices/i2c-[0-9]*/name r, @{sys}/devices/pci[0-9]*/**/i2c-[0-9]*/name r, @{sys}/devices/platform/*/i2c-[0-9]*/name r, - @{sys}/devices/system/cpu/cpu[0-9]*/online r, - @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/cpuinfo_{cur,min,max}_freq r, - @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/scaling_{cur,min,max}_freq r, + @{sys}/devices/system/cpu/cpu@{int}/online r, + @{sys}/devices/system/cpu/cpufreq/policy@{int}/cpuinfo_{cur,min,max}_freq r, + @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_{cur,min,max}_freq r, @{sys}/devices/virtual/block/zram[0-9]*/{disksize,mm_stat} r, @{sys}/devices/virtual/thermal/thermal_zone[0-9]*/temp r, @{sys}/kernel/mm/hugepages/ r, @{sys}/kernel/mm/hugepages/hugepages-*/nr_hugepages r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-g-l/hwinfo b/apparmor.d/profiles-g-l/hwinfo index 92f8a8916..1f75703ba 100644 --- a/apparmor.d/profiles-g-l/hwinfo +++ b/apparmor.d/profiles-g-l/hwinfo @@ -87,7 +87,7 @@ profile hwinfo @{exec_path} { /dev/ttyS0 r, /dev/ttyS1 r, owner /tmp/hwinfo*.txt rw, - @{sys}/devices/pci[0-9]*/**/drm/card[0-9]*/ r, + @{sys}/devices/pci[0-9]*/**/drm/card@{int}/ r, } diff --git a/apparmor.d/profiles-g-l/hypnotix b/apparmor.d/profiles-g-l/hypnotix index e22905fda..379096237 100644 --- a/apparmor.d/profiles-g-l/hypnotix +++ b/apparmor.d/profiles-g-l/hypnotix @@ -89,7 +89,7 @@ profile hypnotix @{exec_path} { owner @{HOME}/.Xauthority r, # file_inherit - /dev/dri/card[0-9]* rw, + /dev/dri/card@{int} rw, network inet stream, network inet6 stream, } diff --git a/apparmor.d/profiles-g-l/i3lock b/apparmor.d/profiles-g-l/i3lock index 1932029de..b45275602 100644 --- a/apparmor.d/profiles-g-l/i3lock +++ b/apparmor.d/profiles-g-l/i3lock @@ -33,7 +33,7 @@ profile i3lock @{exec_path} { owner /tmp/tmp.*.png r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-g-l/i3lock-fancy b/apparmor.d/profiles-g-l/i3lock-fancy index 81f544d60..c5af2e3c8 100644 --- a/apparmor.d/profiles-g-l/i3lock-fancy +++ b/apparmor.d/profiles-g-l/i3lock-fancy @@ -38,7 +38,7 @@ profile i3lock-fancy @{exec_path} { /usr/share/i3lock-fancy/{,*} r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile imagemagic { @@ -63,7 +63,7 @@ profile i3lock-fancy @{exec_path} { owner /tmp/tmp.*.png rw, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, } diff --git a/apparmor.d/profiles-g-l/im-launch b/apparmor.d/profiles-g-l/im-launch index 755ac411b..2fc5af4c6 100644 --- a/apparmor.d/profiles-g-l/im-launch +++ b/apparmor.d/profiles-g-l/im-launch @@ -30,7 +30,7 @@ profile im-launch @{exec_path} { owner @{HOME}/.xinputrc r, # file inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-g-l/inxi b/apparmor.d/profiles-g-l/inxi index e1cfaef80..bd74d198c 100644 --- a/apparmor.d/profiles-g-l/inxi +++ b/apparmor.d/profiles-g-l/inxi @@ -75,11 +75,11 @@ profile inxi @{exec_path} { /etc/apt/sources.list.d/{,*.list} r, /var/log/ r, - /var/log/Xorg.[0-9]*.log r, + /var/log/Xorg.@{int}.log r, /home/ r, @{user_share_dirs}/xorg/ r, - @{user_share_dirs}/xorg/Xorg.[0-9]*.log r, + @{user_share_dirs}/xorg/Xorg.@{int}.log r, # For shell pwd /root/ r, diff --git a/apparmor.d/profiles-g-l/ip b/apparmor.d/profiles-g-l/ip index e6faeaff5..9ef3a7ce6 100644 --- a/apparmor.d/profiles-g-l/ip +++ b/apparmor.d/profiles-g-l/ip @@ -43,7 +43,7 @@ profile ip @{exec_path} flags=(attach_disconnected) { owner @{PROC}/@{pid}/net/igmp{,6} r, owner @{PROC}/sys/net/ipv{4,6}/route/flush w, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-g-l/irqbalance b/apparmor.d/profiles-g-l/irqbalance index 1c8d6cfbf..17da1fc05 100644 --- a/apparmor.d/profiles-g-l/irqbalance +++ b/apparmor.d/profiles-g-l/irqbalance @@ -22,18 +22,18 @@ profile irqbalance @{exec_path} { @{sys}/devices/pci[0-9]*/**/{class,numa_node,local_cpus,irq} r, @{sys}/devices/pci[0-9]*/**/{vendor,device,subsystem_vendor,subsystem_device} r, @{sys}/devices/pci[0-9]*/**/msi_irqs/ r, - @{sys}/devices/system/cpu/cpu[0-9]*/ r, - @{sys}/devices/system/cpu/cpu[0-9]*/cache/index[0-9]*/shared_cpu_map r, - @{sys}/devices/system/cpu/cpu[0-9]*/topology/{,**} r, + @{sys}/devices/system/cpu/cpu@{int}/ r, + @{sys}/devices/system/cpu/cpu@{int}/cache/index[0-9]*/shared_cpu_map r, + @{sys}/devices/system/cpu/cpu@{int}/topology/{,**} r, @{sys}/devices/system/cpu/isolated r, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/ r, - @{sys}/devices/system/node/node[0-9]*/{cpumap,meminfo} r, + @{sys}/devices/system/node/node@{int}/ r, + @{sys}/devices/system/node/node@{int}/{cpumap,meminfo} r, @{sys}/devices/system/cpu/nohz_full r, @{PROC}/interrupts r, - @{PROC}/irq/[0-9]*/node r, - @{PROC}/irq/[0-9]*/smp_affinity rw, + @{PROC}/irq/@{int}/node r, + @{PROC}/irq/@{int}/smp_affinity rw, include if exists } \ No newline at end of file diff --git a/apparmor.d/profiles-g-l/iw b/apparmor.d/profiles-g-l/iw index ec0cac8cf..fd5a20540 100644 --- a/apparmor.d/profiles-g-l/iw +++ b/apparmor.d/profiles-g-l/iw @@ -23,7 +23,7 @@ profile iw @{exec_path} { @{sys}/devices/pci[0-9]*/**/ieee80211/phy[0-9]*/index r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-g-l/jdownloader b/apparmor.d/profiles-g-l/jdownloader index e81543821..59655ec14 100644 --- a/apparmor.d/profiles-g-l/jdownloader +++ b/apparmor.d/profiles-g-l/jdownloader @@ -54,9 +54,9 @@ profile jdownloader @{exec_path} { owner @{HOME}/.oracle_jre_usage/@{hex}.timestamp rw, owner @{HOME}/.java/.userPrefs/.user.lock.* rwk, owner @{HOME}/.java/.userPrefs/com/install4j/installations/prefs.xml rw, - owner @{HOME}/.java/fonts/[0-9]*/ rw, - owner @{HOME}/.java/fonts/[0-9]*/fcinfo*.tmp rw, - owner @{HOME}/.java/fonts/[0-9]*/fcinfo-*.properties rw, + owner @{HOME}/.java/fonts/@{int}/ rw, + owner @{HOME}/.java/fonts/@{int}/fcinfo*.tmp rw, + owner @{HOME}/.java/fonts/@{int}/fcinfo-*.properties rw, owner @{HOME}/.install4j rw, diff --git a/apparmor.d/profiles-g-l/jekyll b/apparmor.d/profiles-g-l/jekyll index 9daf41e38..47afa96e3 100644 --- a/apparmor.d/profiles-g-l/jekyll +++ b/apparmor.d/profiles-g-l/jekyll @@ -14,7 +14,7 @@ profile jekyll @{exec_path} { include @{exec_path} r, - @{bin}/ruby[0-9].[0-9]* rix, + @{bin}/ruby[0-9].@{int} rix, @{lib}/ruby/gems/*/specifications/ r, @{lib}/ruby/gems/*/specifications/** r, diff --git a/apparmor.d/profiles-g-l/jgmenu b/apparmor.d/profiles-g-l/jgmenu index e236e673b..46e573296 100644 --- a/apparmor.d/profiles-g-l/jgmenu +++ b/apparmor.d/profiles-g-l/jgmenu @@ -52,7 +52,7 @@ profile jgmenu @{exec_path} { /usr/share/**.desktop r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-g-l/keepassxc b/apparmor.d/profiles-g-l/keepassxc index 3d237cd9d..68a7257ef 100644 --- a/apparmor.d/profiles-g-l/keepassxc +++ b/apparmor.d/profiles-g-l/keepassxc @@ -100,7 +100,7 @@ profile keepassxc @{exec_path} { /dev/shm/#@{int} rw, /dev/tty rw, /dev/urandom rw, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, # Silencer deny @{user_share_dirs}/gvfs-metadata/* r, diff --git a/apparmor.d/profiles-g-l/keepassxc-proxy b/apparmor.d/profiles-g-l/keepassxc-proxy index 721e658cc..7161f2046 100644 --- a/apparmor.d/profiles-g-l/keepassxc-proxy +++ b/apparmor.d/profiles-g-l/keepassxc-proxy @@ -32,7 +32,7 @@ profile keepassxc-proxy @{exec_path} { deny owner @{run}/user/@{uid}/.[a-zA-Z]*/{,s} rw, deny owner @{run}/user/@{uid}/kpxc_server rw, deny /dev/shm/org.chromium.* rw, - deny owner /dev/shm/org.mozilla.ipc.[0-9]*.[0-9]* rw, + deny owner /dev/shm/org.mozilla.ipc.@{int}.@{int} rw, deny owner @{HOME}/.mozilla/** rw, deny owner @{user_cache_dirs}/mozilla/** rw, deny owner @{MOUNTS}/.mozilla/** rw, diff --git a/apparmor.d/profiles-g-l/kexec b/apparmor.d/profiles-g-l/kexec index fbdec078a..409f60c37 100644 --- a/apparmor.d/profiles-g-l/kexec +++ b/apparmor.d/profiles-g-l/kexec @@ -17,7 +17,7 @@ profile kexec @{exec_path} flags=(complain) { owner /boot/{initrd.img,vmlinuz}-* r, @{sys}/firmware/memmap/ r, - @{sys}/firmware/memmap/[0-9]*/{start,end,type} r, + @{sys}/firmware/memmap/@{int}/{start,end,type} r, @{sys}/kernel/boot_params/data r, @{PROC}/cmdline r, diff --git a/apparmor.d/profiles-g-l/kodi b/apparmor.d/profiles-g-l/kodi index 00c632064..b4c4b885c 100644 --- a/apparmor.d/profiles-g-l/kodi +++ b/apparmor.d/profiles-g-l/kodi @@ -65,8 +65,8 @@ profile kodi @{exec_path} { @{sys}/devices/pci[0-9]*/**/usb[0-9]/{bDeviceClass,idProduct,idVendor} r, @{sys}/devices/pci[0-9]*/**/usb[0-9]/**/{bDeviceClass,idProduct,idVendor} r, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, - @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/scaling_cur_freq r, + @{sys}/devices/system/node/node@{int}/meminfo r, + @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_cur_freq r, @{sys}/devices/virtual/thermal/thermal_zone[0-9]*/temp r, @{run}/udev/data/* r, @@ -84,7 +84,7 @@ profile kodi @{exec_path} { # file_inherit /usr/share/kodi/** r, /sys/devices/virtual/thermal/thermal_zone[0-9]*/temp r, - /sys/devices/system/cpu/cpufreq/policy[0-9]*/scaling_cur_freq r, + /sys/devices/system/cpu/cpufreq/policy@{int}/scaling_cur_freq r, /home/morfik/.kodi/temp/kodi.log w, } diff --git a/apparmor.d/profiles-g-l/kvm-ok b/apparmor.d/profiles-g-l/kvm-ok index a4490bb35..c05507f84 100644 --- a/apparmor.d/profiles-g-l/kvm-ok +++ b/apparmor.d/profiles-g-l/kvm-ok @@ -23,7 +23,7 @@ profile kvm-ok @{exec_path} { #/proc/cpuinfo r, #/dev/kvm r, - #/dev/cpu/[0-9]*/msr r, + #/dev/cpu/@{int}/msr r, # For shell pwd /root/ r, diff --git a/apparmor.d/profiles-g-l/labwc b/apparmor.d/profiles-g-l/labwc index 3e399fdfd..345e00355 100644 --- a/apparmor.d/profiles-g-l/labwc +++ b/apparmor.d/profiles-g-l/labwc @@ -37,7 +37,7 @@ profile labwc @{exec_path} flags=(attach_disconnected) { owner @{user_config_dirs}/labwc/ r, owner @{user_config_dirs}/labwc/* r, - owner /dev/shm/wayland.mozilla.ipc.[0-9]* rw, + owner /dev/shm/wayland.mozilla.ipc.@{int} rw, @{sys}/class/drm/ r, @{sys}/class/input/ r, @@ -56,7 +56,7 @@ profile labwc @{exec_path} flags=(attach_disconnected) { @{run}/udev/data/c226:[0-9]* r, # for /dev/dri/card* @{run}/systemd/sessions/* r, - @{run}/systemd/seats/seat[0-9]* r, + @{run}/systemd/seats/seat@{int} r, @{run}/user/@{uid}/wayland-@{int}.lock k, diff --git a/apparmor.d/profiles-g-l/landscape-sysinfo b/apparmor.d/profiles-g-l/landscape-sysinfo index 30d944c3e..428f19458 100644 --- a/apparmor.d/profiles-g-l/landscape-sysinfo +++ b/apparmor.d/profiles-g-l/landscape-sysinfo @@ -41,7 +41,7 @@ profile landscape-sysinfo @{exec_path} { owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/mounts r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } \ No newline at end of file diff --git a/apparmor.d/profiles-g-l/landscape-sysinfo.wrapper b/apparmor.d/profiles-g-l/landscape-sysinfo.wrapper index 346155931..71ec99503 100644 --- a/apparmor.d/profiles-g-l/landscape-sysinfo.wrapper +++ b/apparmor.d/profiles-g-l/landscape-sysinfo.wrapper @@ -28,7 +28,7 @@ profile landscape-sysinfo.wrapper @{exec_path} { @{PROC}/loadavg r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } \ No newline at end of file diff --git a/apparmor.d/profiles-g-l/light b/apparmor.d/profiles-g-l/light index e4a462f7a..cca9a850d 100644 --- a/apparmor.d/profiles-g-l/light +++ b/apparmor.d/profiles-g-l/light @@ -30,7 +30,7 @@ profile light @{exec_path} { @{sys}/devices/pci[0-9]*/**/backlight/*/brightness rw, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, owner @{HOME}/.xsession-errors w, include if exists diff --git a/apparmor.d/profiles-g-l/light-locker b/apparmor.d/profiles-g-l/light-locker index 16eac48d9..87d4a1bc2 100644 --- a/apparmor.d/profiles-g-l/light-locker +++ b/apparmor.d/profiles-g-l/light-locker @@ -33,7 +33,7 @@ profile light-locker @{exec_path} { @{sys}/devices/pci[0-9]*/**/subsystem_device r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-g-l/lightdm b/apparmor.d/profiles-g-l/lightdm index 12b0778af..c340c654a 100644 --- a/apparmor.d/profiles-g-l/lightdm +++ b/apparmor.d/profiles-g-l/lightdm @@ -106,7 +106,7 @@ profile lightdm @{exec_path} { @{etc_ro}/environment r, /etc/default/locale r, - /dev/tty[0-9]* r, + /dev/tty@{int} r, # Xsession logs owner @{HOME}/.xsession-errors{,.old} rw, diff --git a/apparmor.d/profiles-g-l/linssid b/apparmor.d/profiles-g-l/linssid index 3291d6c6e..9f2ef1b4e 100644 --- a/apparmor.d/profiles-g-l/linssid +++ b/apparmor.d/profiles-g-l/linssid @@ -73,7 +73,7 @@ profile linssid @{exec_path} { /root/ r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile iw { @@ -90,7 +90,7 @@ profile linssid @{exec_path} { owner @{HOME}/.linssid.prefs rw, owner @{HOME}/LinSSID.datalog rw, owner /tmp/linssid_* rw, - owner /dev/dri/card[0-9]* rw, + owner /dev/dri/card@{int} rw, } diff --git a/apparmor.d/profiles-g-l/login b/apparmor.d/profiles-g-l/login index bec1cf74a..d97105d8c 100644 --- a/apparmor.d/profiles-g-l/login +++ b/apparmor.d/profiles-g-l/login @@ -69,7 +69,7 @@ profile login @{exec_path} flags=(attach_disconnected) { owner @{PROC}/@{pid}/loginuid rw, owner @{PROC}/@{pid}/uid_map r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-g-l/lscpu b/apparmor.d/profiles-g-l/lscpu index 96dba234d..102025b33 100644 --- a/apparmor.d/profiles-g-l/lscpu +++ b/apparmor.d/profiles-g-l/lscpu @@ -23,11 +23,11 @@ profile lscpu @{exec_path} { @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/cpumap r, + @{sys}/devices/system/node/node@{int}/cpumap r, owner @{sys}/kernel/cpu_byteorder r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists diff --git a/apparmor.d/profiles-g-l/lspci b/apparmor.d/profiles-g-l/lspci index 2f28c61d3..f29be7921 100644 --- a/apparmor.d/profiles-g-l/lspci +++ b/apparmor.d/profiles-g-l/lspci @@ -32,7 +32,7 @@ profile lspci @{exec_path} flags=(attach_disconnected) { @{sys}/bus/pci/devices/ r, @{sys}/bus/pci/slots/ r, - @{sys}/bus/pci/slots/[0-9]*/address r, + @{sys}/bus/pci/slots/@{int}/address r, @{sys}/devices/pci[0-9]*/** r, @{PROC}/cmdline r, diff --git a/apparmor.d/profiles-g-l/lxappearance b/apparmor.d/profiles-g-l/lxappearance index fc0833779..96136866a 100644 --- a/apparmor.d/profiles-g-l/lxappearance +++ b/apparmor.d/profiles-g-l/lxappearance @@ -47,7 +47,7 @@ profile lxappearance @{exec_path} { /var/lib/dbus/machine-id r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile dbus { diff --git a/apparmor.d/profiles-m-r/megasync b/apparmor.d/profiles-m-r/megasync index e00f278b0..bb9184602 100644 --- a/apparmor.d/profiles-m-r/megasync +++ b/apparmor.d/profiles-m-r/megasync @@ -80,7 +80,7 @@ profile megasync @{exec_path} { @{bin}/spacefm rPx, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile open { diff --git a/apparmor.d/profiles-m-r/merkaartor b/apparmor.d/profiles-m-r/merkaartor index d9909288a..424a3a712 100644 --- a/apparmor.d/profiles-m-r/merkaartor +++ b/apparmor.d/profiles-m-r/merkaartor @@ -56,7 +56,7 @@ profile merkaartor @{exec_path} { owner /tmp/qtsingleapp-merkaa-*-lockfile rwk, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, + @{sys}/devices/system/node/node@{int}/meminfo r, include if exists } diff --git a/apparmor.d/profiles-m-r/minitube b/apparmor.d/profiles-m-r/minitube index 0e290fd3c..3cc906118 100644 --- a/apparmor.d/profiles-m-r/minitube +++ b/apparmor.d/profiles-m-r/minitube @@ -95,7 +95,7 @@ profile minitube @{exec_path} { @{lib}/firefox/firefox rPx, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile open { @@ -139,7 +139,7 @@ profile minitube @{exec_path} { owner @{HOME}/.Xauthority r, # file_inherit - /dev/dri/card[0-9]* rw, + /dev/dri/card@{int} rw, network inet stream, network inet6 stream, } diff --git a/apparmor.d/profiles-m-r/mkvmerge b/apparmor.d/profiles-m-r/mkvmerge index 11c50571c..29aa675dd 100644 --- a/apparmor.d/profiles-m-r/mkvmerge +++ b/apparmor.d/profiles-m-r/mkvmerge @@ -23,7 +23,7 @@ profile mkvmerge @{exec_path} { owner /tmp/MKVToolNix-GUI-MuxJob-*.json r, # file_inherit - /dev/dri/card[0-9]* rw, + /dev/dri/card@{int} rw, include if exists } diff --git a/apparmor.d/profiles-m-r/mkvtoolnix-gui b/apparmor.d/profiles-m-r/mkvtoolnix-gui index 51d71c50e..2ec08120d 100644 --- a/apparmor.d/profiles-m-r/mkvtoolnix-gui +++ b/apparmor.d/profiles-m-r/mkvtoolnix-gui @@ -65,7 +65,7 @@ profile mkvtoolnix-gui @{exec_path} { @{PROC}/@{pid}/mountinfo r, @{PROC}/@{pid}/mounts r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-m-r/mount-zfs b/apparmor.d/profiles-m-r/mount-zfs index 1c035b0a3..3bdc3f895 100644 --- a/apparmor.d/profiles-m-r/mount-zfs +++ b/apparmor.d/profiles-m-r/mount-zfs @@ -16,7 +16,7 @@ profile mount-zfs @{exec_path} flags=(complain) { @{exec_path} mr, - /dev/pts/[0-9]* rw, + /dev/pts/@{int} rw, @{MOUNTDIRS}/ r, @{MOUNTS}/ r, diff --git a/apparmor.d/profiles-m-r/mpv b/apparmor.d/profiles-m-r/mpv index cf14169ee..c737b6d99 100644 --- a/apparmor.d/profiles-m-r/mpv +++ b/apparmor.d/profiles-m-r/mpv @@ -60,7 +60,7 @@ profile mpv @{exec_path} { owner /tmp/mpsyt-input* rw, owner /tmp/mpsyt-mpv*.sock rw, owner /tmp/smplayer-mpv-* rw, - owner /tmp/smplayer_preview/[0-9]*.{jpg,png} w, + owner /tmp/smplayer_preview/@{int}.{jpg,png} w, owner /tmp/smplayer_screenshots/cap_*.{jpg,png} w, owner @{run}/user/@{uid}/gvfs/smb-share:server=*,share=**/ r, @@ -83,8 +83,8 @@ profile mpv @{exec_path} { @{sys}/devices/**/sound/**/capabilities/* r, @{sys}/devices/**/sound/**/uevent r, - /dev/input/event[0-9]* r, - owner /dev/tty[0-9]* rw, + /dev/input/event@{int} r, + owner /dev/tty@{int} rw, profile xdg-screensaver { include @@ -105,7 +105,7 @@ profile mpv @{exec_path} { owner @{HOME}/.Xauthority r, # file_inherit - /dev/dri/card[0-9]* rw, + /dev/dri/card@{int} rw, network inet stream, network inet6 stream, } diff --git a/apparmor.d/profiles-m-r/mumble b/apparmor.d/profiles-m-r/mumble index b417b073b..7f9fc1ade 100644 --- a/apparmor.d/profiles-m-r/mumble +++ b/apparmor.d/profiles-m-r/mumble @@ -74,7 +74,7 @@ profile mumble @{exec_path} { @{lib}/firefox/firefox rPUx, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile open { diff --git a/apparmor.d/profiles-m-r/needrestart-iucode-scan-versions b/apparmor.d/profiles-m-r/needrestart-iucode-scan-versions index 8d2041d78..5b8995ce3 100644 --- a/apparmor.d/profiles-m-r/needrestart-iucode-scan-versions +++ b/apparmor.d/profiles-m-r/needrestart-iucode-scan-versions @@ -27,11 +27,11 @@ profile needrestart-iucode-scan-versions @{exec_path} { /boot/intel-ucode.img r, /boot/early_ucode.cpio r, - @{sys}/devices/system/cpu/cpu[0-9]*/microcode/processor_flags r, + @{sys}/devices/system/cpu/cpu@{int}/microcode/processor_flags r, /dev/tty rw, - /dev/tty[0-9]* rw, - owner /dev/pts/[0-9]* rw, + /dev/tty@{int} rw, + owner /dev/pts/@{int} rw, include if exists } diff --git a/apparmor.d/profiles-m-r/numlockx b/apparmor.d/profiles-m-r/numlockx index 4f59005ba..6ad154ace 100644 --- a/apparmor.d/profiles-m-r/numlockx +++ b/apparmor.d/profiles-m-r/numlockx @@ -15,7 +15,7 @@ profile numlockx @{exec_path} { owner @{HOME}/.Xauthority r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, owner @{HOME}/.xsession-errors w, include if exists diff --git a/apparmor.d/profiles-m-r/nvtop b/apparmor.d/profiles-m-r/nvtop index 339d85480..1a3591163 100644 --- a/apparmor.d/profiles-m-r/nvtop +++ b/apparmor.d/profiles-m-r/nvtop @@ -37,16 +37,16 @@ profile nvtop @{exec_path} flags=(attach_disconnected) { @{sys}/bus/ r, @{sys}/class/ r, @{sys}/class/drm/ r, - @{sys}/devices/pci[0-9]*/**/drm/card[0-9]*/gt_cur_freq_mhz r, + @{sys}/devices/pci[0-9]*/**/drm/card@{int}/gt_cur_freq_mhz r, @{sys}/devices/pci[0-9]*/**/enable r, - @{sys}/devices/system/node/node[0-9]*/cpumap r, + @{sys}/devices/system/node/node@{int}/cpumap r, @{PROC}/ r, @{PROC}/@{pids}/ r, @{PROC}/@{pids}/cmdline r, @{PROC}/@{pids}/fd/ r, @{PROC}/@{pids}/fdinfo/ r, - @{PROC}/@{pids}/fdinfo/[0-9]* r, + @{PROC}/@{pids}/fdinfo/@{int} r, @{PROC}/@{pids}/stat r, @{PROC}/driver/nvidia/capabilities/mig/{config,monitor} r, diff --git a/apparmor.d/profiles-m-r/obconf b/apparmor.d/profiles-m-r/obconf index dfa88355c..3c52dd161 100644 --- a/apparmor.d/profiles-m-r/obconf +++ b/apparmor.d/profiles-m-r/obconf @@ -33,7 +33,7 @@ profile obconf @{exec_path} { /etc/fstab r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-m-r/openbox b/apparmor.d/profiles-m-r/openbox index a9ff58742..8f5163755 100644 --- a/apparmor.d/profiles-m-r/openbox +++ b/apparmor.d/profiles-m-r/openbox @@ -46,7 +46,7 @@ profile openbox @{exec_path} { owner @{PROC}/@{pid}/fd/ r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, owner @{HOME}/.xsession-errors w, @@ -79,7 +79,7 @@ profile openbox @{exec_path} { # file_inherit owner @{HOME}/.xsession-errors w, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-m-r/openbox-session b/apparmor.d/profiles-m-r/openbox-session index e7d302ed1..6cef5ec5b 100644 --- a/apparmor.d/profiles-m-r/openbox-session +++ b/apparmor.d/profiles-m-r/openbox-session @@ -21,7 +21,7 @@ profile openbox-session @{exec_path} { # file_inherit owner @{HOME}/.xsession-errors w, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-m-r/orage b/apparmor.d/profiles-m-r/orage index 19576ce6d..ae7746c9e 100644 --- a/apparmor.d/profiles-m-r/orage +++ b/apparmor.d/profiles-m-r/orage @@ -40,7 +40,7 @@ profile orage @{exec_path} { @{lib}/firefox/firefox rPUx, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile open { diff --git a/apparmor.d/profiles-m-r/packagekitd b/apparmor.d/profiles-m-r/packagekitd index 7e4ddb1cc..d6158b67a 100644 --- a/apparmor.d/profiles-m-r/packagekitd +++ b/apparmor.d/profiles-m-r/packagekitd @@ -127,7 +127,7 @@ profile packagekitd @{exec_path} flags=(attach_disconnected) { owner @{run}/systemd/users/@{uid} r, owner @{run}/zypp-rpm.pid rwk, # only: opensuse - owner /dev/shm/AP_0x??????/{,**} rw, + owner /dev/shm/AP_0x@{rand6}/{,**} rw, owner /dev/shm/ r, @{sys}/**/ r, diff --git a/apparmor.d/profiles-m-r/pactl b/apparmor.d/profiles-m-r/pactl index a3861a8f9..5490c5e1b 100644 --- a/apparmor.d/profiles-m-r/pactl +++ b/apparmor.d/profiles-m-r/pactl @@ -27,7 +27,7 @@ profile pactl @{exec_path} { owner @{user_config_dirs}/pulse/ rw, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, owner @{HOME}/.xsession-errors w, owner @{HOME}/.anyRemote/anyremote.stdout w, diff --git a/apparmor.d/profiles-m-r/pavucontrol b/apparmor.d/profiles-m-r/pavucontrol index 2f86ca01e..41eaee9c7 100644 --- a/apparmor.d/profiles-m-r/pavucontrol +++ b/apparmor.d/profiles-m-r/pavucontrol @@ -33,7 +33,7 @@ profile pavucontrol @{exec_path} { /usr/share/**/icons/**/*.png r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-m-r/picom b/apparmor.d/profiles-m-r/picom index a1d8da4fb..97abb1477 100644 --- a/apparmor.d/profiles-m-r/picom +++ b/apparmor.d/profiles-m-r/picom @@ -32,7 +32,7 @@ profile picom @{exec_path} { owner @{PROC}/@{pid}/fd/ r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-m-r/pidof b/apparmor.d/profiles-m-r/pidof index f0e7ca4a8..4a3fa08a0 100644 --- a/apparmor.d/profiles-m-r/pidof +++ b/apparmor.d/profiles-m-r/pidof @@ -23,7 +23,7 @@ profile pidof @{exec_path} { @{PROC}/@{pids}/stat r, @{PROC}/sys/kernel/osrelease r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } \ No newline at end of file diff --git a/apparmor.d/profiles-m-r/pkexec b/apparmor.d/profiles-m-r/pkexec index 8930e9375..96e5fa8ec 100644 --- a/apparmor.d/profiles-m-r/pkexec +++ b/apparmor.d/profiles-m-r/pkexec @@ -70,7 +70,7 @@ profile pkexec @{exec_path} { owner @{PROC}/@{pid}/fd/ r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, owner @{HOME}/.xsession-errors w, # Silencer diff --git a/apparmor.d/profiles-m-r/power-profiles-daemon b/apparmor.d/profiles-m-r/power-profiles-daemon index df946a722..316339936 100644 --- a/apparmor.d/profiles-m-r/power-profiles-daemon +++ b/apparmor.d/profiles-m-r/power-profiles-daemon @@ -52,10 +52,10 @@ profile power-profiles-daemon @{exec_path} flags=(attach_disconnected) { @{sys}/devices/**/power_supply/*/uevent r, @{sys}/devices/system/cpu/*_pstate/{no_turbo,turbo_pct} r, @{sys}/devices/system/cpu/*_pstate/status r, - @{sys}/devices/system/cpu/cpu[0-9]*/power/energy_perf_bias rw, + @{sys}/devices/system/cpu/cpu@{int}/power/energy_perf_bias rw, @{sys}/devices/system/cpu/cpufreq/ r, - @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/energy_performance_preference rw, - @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/scaling_governor rw, + @{sys}/devices/system/cpu/cpufreq/policy@{int}/energy_performance_preference rw, + @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_governor rw, @{sys}/firmware/acpi/platform_profile* rw, @{sys}/firmware/acpi/pm_profile* rw, diff --git a/apparmor.d/profiles-m-r/ps b/apparmor.d/profiles-m-r/ps index 4e1418b54..e82f97772 100644 --- a/apparmor.d/profiles-m-r/ps +++ b/apparmor.d/profiles-m-r/ps @@ -23,8 +23,8 @@ profile ps @{exec_path} flags=(attach_disconnected) { @{run}/systemd/sessions/* r, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/cpumap r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, + @{sys}/devices/system/node/node@{int}/cpumap r, + @{sys}/devices/system/node/node@{int}/meminfo r, @{PROC}/ r, @{PROC}/@{pids}/attr/current r, @@ -47,7 +47,7 @@ profile ps @{exec_path} flags=(attach_disconnected) { # file_inherit owner @{HOME}/.xsession-errors w, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, deny @{user_share_dirs}/gvfs-metadata/* r, diff --git a/apparmor.d/profiles-m-r/psi b/apparmor.d/profiles-m-r/psi index 266d10d68..8c0cf7d16 100644 --- a/apparmor.d/profiles-m-r/psi +++ b/apparmor.d/profiles-m-r/psi @@ -78,7 +78,7 @@ profile psi @{exec_path} { /dev/shm/#@{int} rw, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile aplay { include @@ -95,7 +95,7 @@ profile psi @{exec_path} { owner @{HOME}/.Xauthority r, # file_inherit - /dev/dri/card[0-9]* rw, + /dev/dri/card@{int} rw, } @@ -108,7 +108,7 @@ profile psi @{exec_path} { owner @{HOME}/.gnupg/** rwkl -> @{HOME}/.gnupg/**, # file_inherit - /dev/dri/card[0-9]* rw, + /dev/dri/card@{int} rw, } diff --git a/apparmor.d/profiles-m-r/psi-plus b/apparmor.d/profiles-m-r/psi-plus index 57761905f..b375c7108 100644 --- a/apparmor.d/profiles-m-r/psi-plus +++ b/apparmor.d/profiles-m-r/psi-plus @@ -77,7 +77,7 @@ profile psi-plus @{exec_path} { /dev/shm/#@{int} rw, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile aplay { include @@ -94,7 +94,7 @@ profile psi-plus @{exec_path} { owner @{HOME}/.Xauthority r, # file_inherit - /dev/dri/card[0-9]* rw, + /dev/dri/card@{int} rw, } @@ -107,7 +107,7 @@ profile psi-plus @{exec_path} { owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**, # file_inherit - /dev/dri/card[0-9]* rw, + /dev/dri/card@{int} rw, } diff --git a/apparmor.d/profiles-m-r/pulseeffects b/apparmor.d/profiles-m-r/pulseeffects index 1d270b8b0..8afef6419 100644 --- a/apparmor.d/profiles-m-r/pulseeffects +++ b/apparmor.d/profiles-m-r/pulseeffects @@ -33,7 +33,7 @@ profile pulseeffects @{exec_path} { owner @{PROC}/@{pid}/fd/ r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-m-r/qbittorrent b/apparmor.d/profiles-m-r/qbittorrent index 0f4717aa4..a9cc491c9 100644 --- a/apparmor.d/profiles-m-r/qbittorrent +++ b/apparmor.d/profiles-m-r/qbittorrent @@ -163,7 +163,7 @@ profile qbittorrent @{exec_path} { owner /tmp/xauth-[0-9]*-_[0-9] rw, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, # gnome-tiny /usr/share/gvfs/remote-volume-monitors/{,*} r, @@ -267,7 +267,7 @@ profile qbittorrent @{exec_path} { # file_inherit owner @{MOUNTS}/torrent/** r, - deny /dev/dri/card[0-9]* rw, + deny /dev/dri/card@{int} rw, include if exists } diff --git a/apparmor.d/profiles-m-r/qnapi b/apparmor.d/profiles-m-r/qnapi index d42a38dd2..db179df54 100644 --- a/apparmor.d/profiles-m-r/qnapi +++ b/apparmor.d/profiles-m-r/qnapi @@ -81,7 +81,7 @@ profile qnapi @{exec_path} { owner @{PROC}/@{pid}/mounts r, deny @{PROC}/sys/kernel/random/boot_id r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile open { include diff --git a/apparmor.d/profiles-m-r/qpdfview b/apparmor.d/profiles-m-r/qpdfview index ebef6c9bf..627763e9c 100644 --- a/apparmor.d/profiles-m-r/qpdfview +++ b/apparmor.d/profiles-m-r/qpdfview @@ -67,7 +67,7 @@ profile qpdfview @{exec_path} { deny @{PROC}/sys/kernel/random/boot_id r, deny owner @{PROC}/@{pid}/cmdline r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-m-r/qtox b/apparmor.d/profiles-m-r/qtox index b78851a94..a3e58b4c5 100644 --- a/apparmor.d/profiles-m-r/qtox +++ b/apparmor.d/profiles-m-r/qtox @@ -63,10 +63,10 @@ profile qtox @{exec_path} { owner /tmp/qipc_{systemsem,sharedmemory}_*@{hex} rw, @{sys}/devices/system/node/ r, # for ld-linux-x86-64.so -> libnuma1.so - @{sys}/devices/system/node/node[0-9]*/meminfo r, # for ld-linux-x86-64.so -> libnuma1.so + @{sys}/devices/system/node/node@{int}/meminfo r, # for ld-linux-x86-64.so -> libnuma1.so /dev/ r, - /dev/video[0-9]* rw, + /dev/video@{int} rw, profile open { @@ -91,7 +91,7 @@ profile qtox @{exec_path} { # file_inherit owner @{HOME}/.xsession-errors w, owner @{user_cache_dirs}/qTox/qtox.log w, - deny /dev/video[0-9]* rw, + deny /dev/video@{int} rw, } diff --git a/apparmor.d/profiles-m-r/quiterss b/apparmor.d/profiles-m-r/quiterss index 382adeec9..2179eb5bc 100644 --- a/apparmor.d/profiles-m-r/quiterss +++ b/apparmor.d/profiles-m-r/quiterss @@ -73,7 +73,7 @@ profile quiterss @{exec_path} { @{lib}/firefox/firefox rPUx, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile open { diff --git a/apparmor.d/profiles-m-r/rdmsr b/apparmor.d/profiles-m-r/rdmsr index 5ef9e0ade..c2af5b2f5 100644 --- a/apparmor.d/profiles-m-r/rdmsr +++ b/apparmor.d/profiles-m-r/rdmsr @@ -15,7 +15,7 @@ profile rdmsr @{exec_path} { @{exec_path} mr, - owner /dev/cpu/[0-9]*/msr r, + owner /dev/cpu/@{int}/msr r, include if exists } diff --git a/apparmor.d/profiles-m-r/redshift b/apparmor.d/profiles-m-r/redshift index 47d36accb..51a0a4929 100644 --- a/apparmor.d/profiles-m-r/redshift +++ b/apparmor.d/profiles-m-r/redshift @@ -36,7 +36,7 @@ profile redshift @{exec_path} { owner /tmp/xauth-[0-9]*-_[0-9] r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-m-r/run-parts b/apparmor.d/profiles-m-r/run-parts index 0e4f7189e..06f0a7ca8 100644 --- a/apparmor.d/profiles-m-r/run-parts +++ b/apparmor.d/profiles-m-r/run-parts @@ -104,7 +104,7 @@ profile run-parts @{exec_path} { # Motd /etc/update-motd.d/ r, - /etc/update-motd.d/[0-9]*-[a-z]* rCx -> motd, + /etc/update-motd.d/@{int}-[a-z]* rCx -> motd, # Kernel /etc/kernel/header_postinst.d/ r, @@ -135,7 +135,7 @@ profile run-parts @{exec_path} { owner @{sys}/class/power_supply/ r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, profile motd { include @@ -161,7 +161,7 @@ profile run-parts @{exec_path} { / r, /etc/default/motd-news r, /etc/lsb-release r, - /etc/update-motd.d/[0-9]*-[a-z]* r, + /etc/update-motd.d/@{int}-[a-z]* r, /var/cache/motd-news rw, /var/lib/update-notifier/updates-available r, @@ -171,7 +171,7 @@ profile run-parts @{exec_path} { @{PROC}/@{pids}/mounts r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, } profile kernel { diff --git a/apparmor.d/profiles-m-r/rustdesk b/apparmor.d/profiles-m-r/rustdesk index 6f53f6800..516e90be4 100644 --- a/apparmor.d/profiles-m-r/rustdesk +++ b/apparmor.d/profiles-m-r/rustdesk @@ -68,7 +68,7 @@ profile rustdesk @{exec_path} { owner @{user_share_dirs}/logs/[rR]ust[dD]esk/{,**} rw, owner @{user_config_dirs}/[rR]ust[dD]esk/{,**} rw, - @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/scaling_{cur,min,max}_freq r, + @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_{cur,min,max}_freq r, @{PROC}/uptime r, owner @{PROC}/@{pid}/cgroup r, diff --git a/apparmor.d/profiles-s-z/sensors b/apparmor.d/profiles-s-z/sensors index 4670bf5c1..bf1cfce83 100644 --- a/apparmor.d/profiles-s-z/sensors +++ b/apparmor.d/profiles-s-z/sensors @@ -24,14 +24,14 @@ profile sensors @{exec_path} { @{sys}/devices/**/hwmon*/{in[0-9]_label,in[0-9]_min,in[0-9]_max} r, @{sys}/devices/**/hwmon*/{name,temp*,*_input} r, @{sys}/devices/**/hwmon*/**/{name,temp*,*_input} r, - @{sys}/devices/**/hwmon/hwmon[0-9]*/power[0-9]*_crit r, + @{sys}/devices/**/hwmon/hwmon@{int}/power[0-9]*_crit r, @{sys}/devices/{,platform/*.{i2c,hdmi}/}i2c-[0-9]*/name r, @{sys}/devices/pci[0-9]*/**/name r, - @{sys}/devices/platform/**/power_supply/**/hwmon[0-9]*/curr1_max r, + @{sys}/devices/platform/**/power_supply/**/hwmon@{int}/curr1_max r, @{sys}/devices/virtual/hwmon/hwmon[0-9]* r, - @{sys}/devices/virtual/hwmon/hwmon[0-9]*/ r, - @{sys}/devices/virtual/hwmon/hwmon[0-9]*/{name,temp*} r, - @{sys}/devices/virtual/hwmon/hwmon[0-9]*/fan[0-9]_label r, + @{sys}/devices/virtual/hwmon/hwmon@{int}/ r, + @{sys}/devices/virtual/hwmon/hwmon@{int}/{name,temp*} r, + @{sys}/devices/virtual/hwmon/hwmon@{int}/fan[0-9]_label r, # file_inherit deny @{PROC}/@{pid}/net/dev r, diff --git a/apparmor.d/profiles-s-z/smplayer b/apparmor.d/profiles-s-z/smplayer index f81309272..6f84b00f1 100644 --- a/apparmor.d/profiles-s-z/smplayer +++ b/apparmor.d/profiles-s-z/smplayer @@ -69,7 +69,7 @@ profile smplayer @{exec_path} { owner /tmp/qtsingleapp-smplay-* rw, owner /tmp/qtsingleapp-smplay-*-lockfile rwk, owner /tmp/smplayer_preview/ rw, - owner /tmp/smplayer_preview/[0-9]*.{jpg,png} rw, + owner /tmp/smplayer_preview/@{int}.{jpg,png} rw, owner /tmp/smplayer-mpv-* w, owner @{run}/user/@{uid}/gvfs/smb-share:server=*,share=**/ r, @@ -84,7 +84,7 @@ profile smplayer @{exec_path} { @{PROC}/@{pid}/mounts r, /dev/ r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-s-z/smtube b/apparmor.d/profiles-s-z/smtube index f958a0e0e..3aa949017 100644 --- a/apparmor.d/profiles-s-z/smtube +++ b/apparmor.d/profiles-s-z/smtube @@ -77,7 +77,7 @@ profile smtube @{exec_path} { @{lib}/firefox/firefox rPUx, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile open { diff --git a/apparmor.d/profiles-s-z/snap b/apparmor.d/profiles-s-z/snap index c9ddb14b8..456c899e7 100644 --- a/apparmor.d/profiles-s-z/snap +++ b/apparmor.d/profiles-s-z/snap @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{snap/snapd/[0-9]*/,}{usr/,}bin/snap +@{exec_path} = /{snap/snapd/@{int}/,}{usr/,}bin/snap profile snap @{exec_path} { include include @@ -43,9 +43,9 @@ profile snap @{exec_path} { @{bin}/systemctl rPx -> child-systemctl, /snap/{,**} rw, - /{snap/snapd/[0-9]*/,}{usr/,}lib/snapd/snap-confine rPx, - /{snap/snapd/[0-9]*/,}{usr/,}lib/snapd/snap-seccomp rPx, - /{snap/snapd/[0-9]*/,}{usr/,}lib/snapd/snapd r, + /{snap/snapd/@{int}/,}{usr/,}lib/snapd/snap-confine rPx, + /{snap/snapd/@{int}/,}{usr/,}lib/snapd/snap-seccomp rPx, + /{snap/snapd/@{int}/,}{usr/,}lib/snapd/snapd r, /etc/fstab r, @@ -77,7 +77,7 @@ profile snap @{exec_path} { @{PROC}/sys/kernel/seccomp/actions_avail r, @{PROC}/version r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, /dev/ttyS[0-9]* rw, deny @{user_share_dirs}/gvfs-metadata/* r, diff --git a/apparmor.d/profiles-s-z/snap-discard-ns b/apparmor.d/profiles-s-z/snap-discard-ns index 7d39be686..278faabf0 100644 --- a/apparmor.d/profiles-s-z/snap-discard-ns +++ b/apparmor.d/profiles-s-z/snap-discard-ns @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{snap/snapd/[0-9]*/,}{usr/,}lib/snapd/snap-discard-ns +@{exec_path} = /{snap/snapd/@{int}/,}{usr/,}lib/snapd/snap-discard-ns profile snap-discard-ns @{exec_path} { include diff --git a/apparmor.d/profiles-s-z/snap-failure b/apparmor.d/profiles-s-z/snap-failure index 4f6a5a976..3ce23d709 100644 --- a/apparmor.d/profiles-s-z/snap-failure +++ b/apparmor.d/profiles-s-z/snap-failure @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{snap/snapd/[0-9]*/,}{usr/,}lib/snapd/snap-failure +@{exec_path} = /{snap/snapd/@{int}/,}{usr/,}lib/snapd/snap-failure profile snap-failure @{exec_path} { include diff --git a/apparmor.d/profiles-s-z/snap-seccomp b/apparmor.d/profiles-s-z/snap-seccomp index 791d716c9..a1e69f44d 100644 --- a/apparmor.d/profiles-s-z/snap-seccomp +++ b/apparmor.d/profiles-s-z/snap-seccomp @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{snap/snapd/[0-9]*/,}{usr/,}lib/snapd/snap-seccomp +@{exec_path} = /{snap/snapd/@{int}/,}{usr/,}lib/snapd/snap-seccomp profile snap-seccomp @{exec_path} { include include @@ -16,7 +16,7 @@ profile snap-seccomp @{exec_path} { @{exec_path} mr, - /snap/snapd/[0-9]*/usr/lib/snapd/snap-seccomp r, + /snap/snapd/@{int}/usr/lib/snapd/snap-seccomp r, /var/lib/snapd/seccomp/bpf/{,**} rw, diff --git a/apparmor.d/profiles-s-z/snap-update-ns b/apparmor.d/profiles-s-z/snap-update-ns index 19cb2ea42..61f3b815a 100644 --- a/apparmor.d/profiles-s-z/snap-update-ns +++ b/apparmor.d/profiles-s-z/snap-update-ns @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{snap/snapd/[0-9]*/,}{usr/,}lib/snapd/snap-update-ns +@{exec_path} = /{snap/snapd/@{int}/,}{usr/,}lib/snapd/snap-update-ns profile snap-update-ns @{exec_path} { include diff --git a/apparmor.d/profiles-s-z/snapd b/apparmor.d/profiles-s-z/snapd index 066ab505b..e0bfd90f2 100644 --- a/apparmor.d/profiles-s-z/snapd +++ b/apparmor.d/profiles-s-z/snapd @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{snap/snapd/[0-9]*/,}{usr/,}lib/snapd/snapd +@{exec_path} = /{snap/snapd/@{int}/,}{usr/,}lib/snapd/snapd profile snapd @{exec_path} { include include @@ -84,15 +84,15 @@ profile snapd @{exec_path} { @{bin}/unsquashfs rix, @{bin}/update-desktop-database rPx, - /{snap/snapd/[0-9]*/,}{usr/,}bin/fc-cache-* mr, - /{snap/snapd/[0-9]*/,}{usr/,}bin/snap rPx, - /{snap/snapd/[0-9]*/,}{usr/,}bin/xdelta3 rix, # TODO: rPx ? - /{snap/snapd/[0-9]*/,}{usr/,}lib/@{multiarch}/** mr, - /{snap/snapd/[0-9]*/,}{usr/,}lib/@{multiarch}/ld-*.so rix, - /{snap/snapd/[0-9]*/,}{usr/,}lib/snapd/snap-discard-ns rPx, - /{snap/snapd/[0-9]*/,}{usr/,}lib/snapd/snap-seccomp rPx, - /{snap/snapd/[0-9]*/,}{usr/,}lib/snapd/snap-update-ns rPx, - /{snap/snapd/[0-9]*/,}{usr/,}lib/snapd/snapd rix, + /{snap/snapd/@{int}/,}{usr/,}bin/fc-cache-* mr, + /{snap/snapd/@{int}/,}{usr/,}bin/snap rPx, + /{snap/snapd/@{int}/,}{usr/,}bin/xdelta3 rix, # TODO: rPx ? + /{snap/snapd/@{int}/,}{usr/,}lib/@{multiarch}/** mr, + /{snap/snapd/@{int}/,}{usr/,}lib/@{multiarch}/ld-*.so rix, + /{snap/snapd/@{int}/,}{usr/,}lib/snapd/snap-discard-ns rPx, + /{snap/snapd/@{int}/,}{usr/,}lib/snapd/snap-seccomp rPx, + /{snap/snapd/@{int}/,}{usr/,}lib/snapd/snap-update-ns rPx, + /{snap/snapd/@{int}/,}{usr/,}lib/snapd/snapd rix, /usr/share/bash-completion/{,**} r, /usr/share/dbus-1/{system,session}.d/{,snapd*} r, diff --git a/apparmor.d/profiles-s-z/spacefm b/apparmor.d/profiles-s-z/spacefm index c7a82d06a..ab8358525 100644 --- a/apparmor.d/profiles-s-z/spacefm +++ b/apparmor.d/profiles-s-z/spacefm @@ -48,7 +48,7 @@ profile spacefm @{exec_path} { @{sys}/class/ r, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, + @{sys}/devices/system/node/node@{int}/meminfo r, @{sys}/fs/cgroup/{,**} r, diff --git a/apparmor.d/profiles-s-z/spectre-meltdown-checker b/apparmor.d/profiles-s-z/spectre-meltdown-checker index 66b4f8a56..fee708388 100644 --- a/apparmor.d/profiles-s-z/spectre-meltdown-checker +++ b/apparmor.d/profiles-s-z/spectre-meltdown-checker @@ -11,7 +11,7 @@ profile spectre-meltdown-checker @{exec_path} { include include - # Needed to read the /dev/cpu/[0-9]*/msr device + # Needed to read the /dev/cpu/@{int}/msr device capability sys_rawio, # Needed to read system logs @@ -84,8 +84,8 @@ profile spectre-meltdown-checker @{exec_path} { /tmp/ r, owner /tmp/{config,kernel}-* rw, - owner /dev/cpu/[0-9]*/cpuid r, - owner /dev/cpu/[0-9]*/msr rw, + owner /dev/cpu/@{int}/cpuid r, + owner /dev/cpu/@{int}/msr rw, owner /dev/kmsg r, /boot/ r, diff --git a/apparmor.d/profiles-s-z/spice-vdagent b/apparmor.d/profiles-s-z/spice-vdagent index cb6957962..2444f88dd 100644 --- a/apparmor.d/profiles-s-z/spice-vdagent +++ b/apparmor.d/profiles-s-z/spice-vdagent @@ -64,7 +64,7 @@ profile spice-vdagent @{exec_path} { owner @{PROC}/@{pids}/task/@{tid}/comm rw, - /dev/dri/card[0-9]* rw, + /dev/dri/card@{int} rw, include if exists } diff --git a/apparmor.d/profiles-s-z/spice-vdagentd b/apparmor.d/profiles-s-z/spice-vdagentd index 85e488cda..91ab1b08e 100644 --- a/apparmor.d/profiles-s-z/spice-vdagentd +++ b/apparmor.d/profiles-s-z/spice-vdagentd @@ -22,7 +22,7 @@ profile spice-vdagentd @{exec_path} flags=(attach_disconnected) { owner @{run}/spice-vdagentd/spice-vdagent-sock r, owner @{run}/spice-vdagentd/spice-vdagentd.pid rw, @{run}/systemd/journal/dev-log w, - @{run}/systemd/seats/seat[0-9]* r, + @{run}/systemd/seats/seat@{int} r, @{run}/systemd/sessions/* r, @{run}/systemd/users/@{uid} r, diff --git a/apparmor.d/profiles-s-z/startx b/apparmor.d/profiles-s-z/startx index 5605a7e45..a7a8e82cf 100644 --- a/apparmor.d/profiles-s-z/startx +++ b/apparmor.d/profiles-s-z/startx @@ -43,7 +43,7 @@ profile startx @{exec_path} flags=(attach_disconnected) { owner /tmp/serverauth.* rw, /dev/ r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-s-z/steam b/apparmor.d/profiles-s-z/steam index b265ea2c8..4bc831a70 100644 --- a/apparmor.d/profiles-s-z/steam +++ b/apparmor.d/profiles-s-z/steam @@ -223,12 +223,12 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted,complain) owner @{PROC}/@{pid}/task/@{tid}/comm rw, owner @{PROC}/@{pid}/task/@{tid}/status r, - /dev/hidraw[0-9]* rw, + /dev/hidraw@{int} rw, /dev/input/ r, - /dev/input/event[0-9]* r, + /dev/input/event@{int} r, /dev/tty rw, /dev/uinput w, - /dev/video[0-9]* rw, + /dev/video@{int} rw, audit deny /**.steam_exec_test.sh rw, deny owner @{user_share_dirs}/gvfs-metadata/{,*} r, @@ -244,7 +244,7 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted,complain) @{sys}/bus/pci/devices/ r, @{sys}/bus/pci/slots/ r, - @{sys}/bus/pci/slots/[0-9]*/address r, + @{sys}/bus/pci/slots/@{int}/address r, @{sys}/devices/pci[0-9]*/** r, owner /dev/shm/ValveIPCSHM_@{uid} rw, diff --git a/apparmor.d/profiles-s-z/steam-fossilize b/apparmor.d/profiles-s-z/steam-fossilize index 40522a1d3..5c168490c 100644 --- a/apparmor.d/profiles-s-z/steam-fossilize +++ b/apparmor.d/profiles-s-z/steam-fossilize @@ -22,15 +22,15 @@ profile steam-fossilize @{exec_path} flags=(attach_disconnected) { owner @{HOME}/.steam/steam.pipe r, - owner @{user_share_dirs}/Steam/steamapps/shadercache/[0-9]*/fozpipelinesv[0-9]*/{,**} rw, - owner @{user_share_dirs}/Steam/steamapps/shadercache/[0-9]*/mesa_shader_cache_sf/{,**} rwk, - owner @{user_share_dirs}/Steam/steamapps/shadercache/[0-9]*/nvidiav[0-9]*/GLCache/ rw, - owner @{user_share_dirs}/Steam/steamapps/shadercache/[0-9]*/nvidiav[0-9]*/GLCache/** rwk, + owner @{user_share_dirs}/Steam/steamapps/shadercache/@{int}/fozpipelinesv[0-9]*/{,**} rw, + owner @{user_share_dirs}/Steam/steamapps/shadercache/@{int}/mesa_shader_cache_sf/{,**} rwk, + owner @{user_share_dirs}/Steam/steamapps/shadercache/@{int}/nvidiav[0-9]*/GLCache/ rw, + owner @{user_share_dirs}/Steam/steamapps/shadercache/@{int}/nvidiav[0-9]*/GLCache/** rwk, owner @{run}/user/@{uid}/.mutter-Xwaylandauth.[0-9A-Z]* rw, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/cpumap r, + @{sys}/devices/system/node/node@{int}/cpumap r, @{PROC}/@{pids}/statm r, @{PROC}/pressure/io r, diff --git a/apparmor.d/profiles-s-z/steam-game b/apparmor.d/profiles-s-z/steam-game index b31521e11..95703701c 100644 --- a/apparmor.d/profiles-s-z/steam-game +++ b/apparmor.d/profiles-s-z/steam-game @@ -111,7 +111,7 @@ profile steam-game @{exec_path} flags=(attach_disconnected) { @{user_share_dirs}/Steam/steamapps/common/Proton*/files/bin/* mrix, @{user_share_dirs}/Steam/steamapps/common/Proton*/files/lib{,32,64}/** mrix, @{user_share_dirs}/Steam/steamapps/common/Proton*/proton rix, - @{user_share_dirs}/Steam/steamapps/compatdata/[0-9]*/pfx/**.dll rm, + @{user_share_dirs}/Steam/steamapps/compatdata/@{int}/pfx/**.dll rm, @{user_games_dirs}/*/* mr, @{user_games_dirs}/*/**.dll mr, @@ -236,7 +236,7 @@ profile steam-game @{exec_path} flags=(attach_disconnected) { owner @{PROC}/@{pid}/task/@{tid}/stat r, owner @{PROC}/@{pid}/uid_map rw, - /dev/hidraw[0-9]* rw, + /dev/hidraw@{int} rw, /dev/input/ r, /dev/input/* rw, /dev/tty rw, diff --git a/apparmor.d/profiles-s-z/steam-gameoverlayui b/apparmor.d/profiles-s-z/steam-gameoverlayui index 55d16d57a..dc7d8cdae 100644 --- a/apparmor.d/profiles-s-z/steam-gameoverlayui +++ b/apparmor.d/profiles-s-z/steam-gameoverlayui @@ -38,7 +38,7 @@ profile steam-gameoverlayui @{exec_path} { owner @{user_share_dirs}/Steam/config/DialogConfigOverlay*.vdf rw, owner @{user_share_dirs}/Steam/public/* rk, owner @{user_share_dirs}/Steam/resource/{,**} rk, - owner @{user_share_dirs}/Steam/userdata/[0-9]*/{,**} rk, + owner @{user_share_dirs}/Steam/userdata/@{int}/{,**} rk, owner /var/cache/fontconfig/ rw, @@ -54,7 +54,7 @@ profile steam-gameoverlayui @{exec_path} { owner /tmp/miles_image_* mrw, @{sys}/ r, - @{sys}/devices/system/cpu/cpu[0-9]*/** r, + @{sys}/devices/system/cpu/cpu@{int}/** r, @{sys}/kernel/ r, @{PROC}/version r, diff --git a/apparmor.d/profiles-s-z/steam-reaper b/apparmor.d/profiles-s-z/steam-reaper index e6fd30701..92e6035b6 100644 --- a/apparmor.d/profiles-s-z/steam-reaper +++ b/apparmor.d/profiles-s-z/steam-reaper @@ -29,7 +29,7 @@ profile steam-reaper @{exec_path} { owner /dev/shm/u@{uid}-Shm_@{hex} rw, owner /dev/shm/u@{uid}-ValveIPCSharedObj-Steam rwk, - @{sys}/devices/system/cpu/cpu[0-9]*/** r, + @{sys}/devices/system/cpu/cpu@{int}/** r, deny owner @{user_share_dirs}/gvfs-metadata/{,*} r, diff --git a/apparmor.d/profiles-s-z/strawberry b/apparmor.d/profiles-s-z/strawberry index b9971fc24..ac56cb7df 100644 --- a/apparmor.d/profiles-s-z/strawberry +++ b/apparmor.d/profiles-s-z/strawberry @@ -100,7 +100,7 @@ profile strawberry @{exec_path} { @{lib}/firefox/firefox rPUx, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, owner @{HOME}/.anyRemote/anyremote.stdout w, diff --git a/apparmor.d/profiles-s-z/strawberry-tagreader b/apparmor.d/profiles-s-z/strawberry-tagreader index 229dad80c..ccf2b2de5 100644 --- a/apparmor.d/profiles-s-z/strawberry-tagreader +++ b/apparmor.d/profiles-s-z/strawberry-tagreader @@ -25,7 +25,7 @@ profile strawberry-tagreader @{exec_path} { # file_inherit owner @{HOME}/.xsession-errors w, owner @{HOME}/.anyRemote/anyremote.stdout w, - owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp@{rand6}} rw, + owner @{user_cache_dirs}/gstreamer-@{int}/registry.*.bin{,.tmp@{rand6}} rw, include if exists } diff --git a/apparmor.d/profiles-s-z/su b/apparmor.d/profiles-s-z/su index d3bbbc3ad..0502fa502 100644 --- a/apparmor.d/profiles-s-z/su +++ b/apparmor.d/profiles-s-z/su @@ -64,7 +64,7 @@ profile su @{exec_path} { @{sys}/devices/virtual/tty/console/active r, /dev/{,pts/}ptmx rw, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-s-z/sudo b/apparmor.d/profiles-s-z/sudo index db41f1e68..d66d1d78b 100644 --- a/apparmor.d/profiles-s-z/sudo +++ b/apparmor.d/profiles-s-z/sudo @@ -57,7 +57,7 @@ profile sudo @{exec_path} { @{bin}/{c,k,tc,z}sh rUx, @{lib}/cockpit/cockpit-askpass rPx, @{lib}/molly-guard/molly-guard rPx, - /snap/snapd/[0-9]*/usr/bin/snap rPx, + /snap/snapd/@{int}/usr/bin/snap rPx, @{etc_ro}/environment r, @{etc_ro}/security/limits.d/{,*} r, @@ -95,7 +95,7 @@ profile sudo @{exec_path} { /dev/ r, # interactive login /dev/ptmx rw, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, deny @{user_share_dirs}/gvfs-metadata/* r, diff --git a/apparmor.d/profiles-s-z/sulogin b/apparmor.d/profiles-s-z/sulogin index 7b20324bb..1cfbe35c2 100644 --- a/apparmor.d/profiles-s-z/sulogin +++ b/apparmor.d/profiles-s-z/sulogin @@ -20,7 +20,7 @@ profile sulogin @{exec_path} { /etc/shadow r, /dev/ r, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, @{PROC}/consoles r, diff --git a/apparmor.d/profiles-s-z/swtpm b/apparmor.d/profiles-s-z/swtpm index 95b1f8f90..3f56ab579 100644 --- a/apparmor.d/profiles-s-z/swtpm +++ b/apparmor.d/profiles-s-z/swtpm @@ -21,9 +21,9 @@ profile swtpm @{exec_path} { /var/log/swtpm/libvirt/qemu/*-swtpm.log w, /tmp/.swtpm_setup.pidfile.* rw, - /tmp/[0-9]*/.lock rwk, - /tmp/[0-9]*/TMP* rw, - /tmp/[0-9]*/vtpm.sock rw, + /tmp/@{int}/.lock rwk, + /tmp/@{int}/TMP* rw, + /tmp/@{int}/vtpm.sock rw, @{run}/libvirt/qemu/swtpm/*.sock w, @{run}/libvirt/qemu/swtpm/*.pid w, diff --git a/apparmor.d/profiles-s-z/system-config-printer b/apparmor.d/profiles-s-z/system-config-printer index ed268af4c..83c635760 100644 --- a/apparmor.d/profiles-s-z/system-config-printer +++ b/apparmor.d/profiles-s-z/system-config-printer @@ -70,7 +70,7 @@ profile system-config-printer @{exec_path} flags=(complain) { owner @{PROC}/@{pid}/mounts r, owner @{PROC}/@{pid}/mountinfo r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-s-z/thermald b/apparmor.d/profiles-s-z/thermald index 860c08e17..da3ade1f9 100644 --- a/apparmor.d/profiles-s-z/thermald +++ b/apparmor.d/profiles-s-z/thermald @@ -55,8 +55,8 @@ profile thermald @{exec_path} flags=(attach_disconnected) { @{sys}/devices/pci[0-9]*/**/power_limits/power_limit_[0-9]*_tmax_us r, @{sys}/devices/pci[0-9]*/**/power_limits/power_limit_[0-9]*_tmin_us r, - @{sys}/devices/**/hwmon[0-9]*/name r, - @{sys}/devices/**/hwmon[0-9]*/temp[0-9]*_{max,crit} r, + @{sys}/devices/**/hwmon@{int}/name r, + @{sys}/devices/**/hwmon@{int}/temp[0-9]*_{max,crit} r, @{sys}/devices/**/path r, @{sys}/devices/virtual/dmi/id/product_name r, @@ -87,7 +87,7 @@ profile thermald @{exec_path} flags=(attach_disconnected) { /dev/acpi_thermal_rel rw, /dev/input/ r, - /dev/input/event[0-9]* r, + /dev/input/event@{int} r, include if exists } diff --git a/apparmor.d/profiles-s-z/thunderbird b/apparmor.d/profiles-s-z/thunderbird index be3e75b08..b761b8a0a 100644 --- a/apparmor.d/profiles-s-z/thunderbird +++ b/apparmor.d/profiles-s-z/thunderbird @@ -193,13 +193,13 @@ profile thunderbird @{exec_path} { /dev/shm/ r, owner /dev/shm/org.chromium.* rw, - owner /dev/shm/org.mozilla.ipc.@{pid}.[0-9]* rw, - owner /dev/shm/wayland.mozilla.ipc.[0-9]* rw, + owner /dev/shm/org.mozilla.ipc.@{pid}.@{int} rw, + owner /dev/shm/wayland.mozilla.ipc.@{int} rw, /dev/tty rw, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, owner @{HOME}/.xsession-errors w, # Silencer diff --git a/apparmor.d/profiles-s-z/thunderbird-glxtest b/apparmor.d/profiles-s-z/thunderbird-glxtest index 80c764b3c..9e9d9f9ca 100644 --- a/apparmor.d/profiles-s-z/thunderbird-glxtest +++ b/apparmor.d/profiles-s-z/thunderbird-glxtest @@ -26,7 +26,7 @@ profile thunderbird-glxtest @{exec_path} { owner /tmp/thunderbird/.parentlock rw, - owner @{run}/user/@{uid}/xauth_?????? r, + owner @{run}/user/@{uid}/xauth_@{rand6} r, @{sys}/bus/pci/devices/ r, @{sys}/devices/pci[0-9]*/**/class r, diff --git a/apparmor.d/profiles-s-z/tint2 b/apparmor.d/profiles-s-z/tint2 index b657f8f84..e8c3704a9 100644 --- a/apparmor.d/profiles-s-z/tint2 +++ b/apparmor.d/profiles-s-z/tint2 @@ -56,7 +56,7 @@ profile tint2 @{exec_path} { owner @{PROC}/@{pid}/mountinfo r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, owner @{HOME}/.xsession-errors w, include if exists diff --git a/apparmor.d/profiles-s-z/tint2conf b/apparmor.d/profiles-s-z/tint2conf index 58303b84e..b8ab39563 100644 --- a/apparmor.d/profiles-s-z/tint2conf +++ b/apparmor.d/profiles-s-z/tint2conf @@ -36,7 +36,7 @@ profile tint2conf @{exec_path} { /etc/fstab r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-s-z/top b/apparmor.d/profiles-s-z/top index cc954cc5c..8c657671d 100644 --- a/apparmor.d/profiles-s-z/top +++ b/apparmor.d/profiles-s-z/top @@ -66,8 +66,8 @@ profile top @{exec_path} flags=(attach_disconnected) { /etc/toprc r, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, - @{sys}/devices/system/node/node[0-9]*/cpumap r, + @{sys}/devices/system/node/node@{int}/meminfo r, + @{sys}/devices/system/node/node@{int}/cpumap r, owner @{user_config_dirs}/procps/ rw, owner @{user_config_dirs}/procps/toprc rw, diff --git a/apparmor.d/profiles-s-z/udisksd b/apparmor.d/profiles-s-z/udisksd index c854a4f08..632522267 100644 --- a/apparmor.d/profiles-s-z/udisksd +++ b/apparmor.d/profiles-s-z/udisksd @@ -131,7 +131,7 @@ profile udisksd @{exec_path} flags=(attach_disconnected) { @{run}/mount/utab{,.*} rw, @{run}/mount/utab.lock rwk, @{run}/udisks2/{,**} rw, - @{run}/systemd/seats/seat[0-9]* r, + @{run}/systemd/seats/seat@{int} r, @{run}/systemd/inhibit/[0-9]*.ref rw, @{run}/cryptsetup/ r, @{run}/cryptsetup/L* rwk, diff --git a/apparmor.d/profiles-s-z/unix-chkpwd b/apparmor.d/profiles-s-z/unix-chkpwd index d30da5c0d..4333ea136 100644 --- a/apparmor.d/profiles-s-z/unix-chkpwd +++ b/apparmor.d/profiles-s-z/unix-chkpwd @@ -21,7 +21,7 @@ profile unix-chkpwd @{exec_path} { /etc/shadow r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-s-z/update-ca-certificates b/apparmor.d/profiles-s-z/update-ca-certificates index 3d3a99ce9..2d33d3fdd 100644 --- a/apparmor.d/profiles-s-z/update-ca-certificates +++ b/apparmor.d/profiles-s-z/update-ca-certificates @@ -62,7 +62,7 @@ profile update-ca-certificates @{exec_path} { /etc/ca-certificates/update.d/ r, # file_inherit - owner /dev/pts/[0-9]* rw, + owner /dev/pts/@{int} rw, } diff --git a/apparmor.d/profiles-s-z/utox b/apparmor.d/profiles-s-z/utox index fe38d12b1..63e126f15 100644 --- a/apparmor.d/profiles-s-z/utox +++ b/apparmor.d/profiles-s-z/utox @@ -61,7 +61,7 @@ profile utox @{exec_path} { owner @{HOME}/.xsession-errors w, owner @{user_config_dirs}/tox/[0-9A-F].ftinfo w, owner @{user_config_dirs}/tox/[0-9A-F].ftoutfo w, - deny /dev/video[0-9]* rw, + deny /dev/video@{int} rw, } diff --git a/apparmor.d/profiles-s-z/vidcutter b/apparmor.d/profiles-s-z/vidcutter index 281414fdb..8fc3b46ab 100644 --- a/apparmor.d/profiles-s-z/vidcutter +++ b/apparmor.d/profiles-s-z/vidcutter @@ -69,7 +69,7 @@ profile vidcutter @{exec_path} { owner @{user_config_dirs}/qt5ct/{,**} r, @{sys}/devices/system/node/ r, - @{sys}/devices/system/node/node[0-9]*/meminfo r, + @{sys}/devices/system/node/node@{int}/meminfo r, owner /tmp/vidcutter-@{uuid} w, owner /tmp/#@{int} rw, @@ -86,7 +86,7 @@ profile vidcutter @{exec_path} { /dev/shm/#@{int} rw, /dev/disk/*/ r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-s-z/virt-manager b/apparmor.d/profiles-s-z/virt-manager index 0b2d194df..15980a19d 100644 --- a/apparmor.d/profiles-s-z/virt-manager +++ b/apparmor.d/profiles-s-z/virt-manager @@ -102,8 +102,8 @@ profile virt-manager @{exec_path} flags=(attach_disconnected) { owner @{PROC}/@{pid}/fd/ r, @{PROC}/@{pids}/net/route r, - /dev/media[0-9]* r, - /dev/video[0-9]* rw, + /dev/media@{int} r, + /dev/video@{int} rw, # Silence the noise deny /usr/share/virt-manager/{,**} w, diff --git a/apparmor.d/profiles-s-z/vnstat b/apparmor.d/profiles-s-z/vnstat index 22d095eee..7f6ff8d77 100644 --- a/apparmor.d/profiles-s-z/vnstat +++ b/apparmor.d/profiles-s-z/vnstat @@ -61,7 +61,7 @@ profile vnstat @{exec_path} { deny @{PROC}/diskstats r, deny @{PROC}/loadavg r, deny @{sys}/devices/**/hwmon/**/temp*_input r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, deny network inet dgram, deny network inet6 dgram, diff --git a/apparmor.d/profiles-s-z/volumeicon b/apparmor.d/profiles-s-z/volumeicon index 241da201a..39e17f8f2 100644 --- a/apparmor.d/profiles-s-z/volumeicon +++ b/apparmor.d/profiles-s-z/volumeicon @@ -38,7 +38,7 @@ profile volumeicon @{exec_path} { @{bin}/pulseeffects rPUx, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-s-z/wireplumber b/apparmor.d/profiles-s-z/wireplumber index 30a951e84..982b3d7f6 100644 --- a/apparmor.d/profiles-s-z/wireplumber +++ b/apparmor.d/profiles-s-z/wireplumber @@ -61,7 +61,7 @@ profile wireplumber @{exec_path} { owner @{PROC}/@{pid}/task/@{tid}/comm rw, - /dev/media[0-9]* rw, + /dev/media@{int} rw, /dev/snd/ r, include if exists diff --git a/apparmor.d/profiles-s-z/wireshark b/apparmor.d/profiles-s-z/wireshark index 13732d3b3..e01c6147f 100644 --- a/apparmor.d/profiles-s-z/wireshark +++ b/apparmor.d/profiles-s-z/wireshark @@ -84,7 +84,7 @@ profile wireshark @{exec_path} { @{lib}/firefox/firefox rPUx, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile open { diff --git a/apparmor.d/profiles-s-z/wpa-gui b/apparmor.d/profiles-s-z/wpa-gui index b356eb29e..dec258b00 100644 --- a/apparmor.d/profiles-s-z/wpa-gui +++ b/apparmor.d/profiles-s-z/wpa-gui @@ -32,7 +32,7 @@ profile wpa-gui @{exec_path} { owner @{PROC}/@{pid}/cmdline r, - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-s-z/wrmsr b/apparmor.d/profiles-s-z/wrmsr index 909504a06..683f9d74a 100644 --- a/apparmor.d/profiles-s-z/wrmsr +++ b/apparmor.d/profiles-s-z/wrmsr @@ -15,7 +15,7 @@ profile wrmsr @{exec_path} { @{exec_path} mr, - owner /dev/cpu/[0-9]*/msr w, + owner /dev/cpu/@{int}/msr w, include if exists } diff --git a/apparmor.d/profiles-s-z/xarchiver b/apparmor.d/profiles-s-z/xarchiver index 2800b1524..3a2709294 100644 --- a/apparmor.d/profiles-s-z/xarchiver +++ b/apparmor.d/profiles-s-z/xarchiver @@ -69,7 +69,7 @@ profile xarchiver @{exec_path} { @{bin}/viewnior rPUx, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, profile open { diff --git a/apparmor.d/profiles-s-z/xautolock b/apparmor.d/profiles-s-z/xautolock index 57f285720..7112ce9f4 100644 --- a/apparmor.d/profiles-s-z/xautolock +++ b/apparmor.d/profiles-s-z/xautolock @@ -25,7 +25,7 @@ profile xautolock @{exec_path} { owner @{HOME}/.Xauthority r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-s-z/xbrlapi b/apparmor.d/profiles-s-z/xbrlapi index a64db6c63..888539006 100644 --- a/apparmor.d/profiles-s-z/xbrlapi +++ b/apparmor.d/profiles-s-z/xbrlapi @@ -15,7 +15,7 @@ profile xbrlapi @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, - /dev/tty[0-9]* rw, + /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-s-z/xfce4-notifyd b/apparmor.d/profiles-s-z/xfce4-notifyd index 3ddd0a13c..0b84dd373 100644 --- a/apparmor.d/profiles-s-z/xfce4-notifyd +++ b/apparmor.d/profiles-s-z/xfce4-notifyd @@ -28,7 +28,7 @@ profile xfce4-notifyd @{exec_path} { owner @{user_config_dirs}/calibre/resources/images/*.png r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, include if exists } diff --git a/apparmor.d/profiles-s-z/xfconfd b/apparmor.d/profiles-s-z/xfconfd index c61297c3f..319a57bb1 100644 --- a/apparmor.d/profiles-s-z/xfconfd +++ b/apparmor.d/profiles-s-z/xfconfd @@ -25,7 +25,7 @@ profile xfconfd @{exec_path} { owner @{user_share_dirs}/ r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, owner @{HOME}/.xsession-errors w, include if exists diff --git a/apparmor.d/profiles-s-z/xinit b/apparmor.d/profiles-s-z/xinit index 498dc4d89..283553289 100644 --- a/apparmor.d/profiles-s-z/xinit +++ b/apparmor.d/profiles-s-z/xinit @@ -80,7 +80,7 @@ profile xinit @{exec_path} { /etc/X11/Xresources/ r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, owner @{HOME}/.xsession-errors w, } @@ -108,7 +108,7 @@ profile xinit @{exec_path} { @{run}/udev/data/* r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, owner @{HOME}/.xsession-errors w, } diff --git a/apparmor.d/profiles-s-z/xsel b/apparmor.d/profiles-s-z/xsel index d69656c65..36a94c9bc 100644 --- a/apparmor.d/profiles-s-z/xsel +++ b/apparmor.d/profiles-s-z/xsel @@ -21,7 +21,7 @@ profile xsel @{exec_path} { owner /tmp/xauth-[0-9]*-_[0-9] r, # file_inherit - owner /dev/tty[0-9]* rw, + owner /dev/tty@{int} rw, owner @{HOME}/.xsession-errors w, include if exists diff --git a/apparmor.d/profiles-s-z/zed b/apparmor.d/profiles-s-z/zed index e9251686f..c2fa61627 100644 --- a/apparmor.d/profiles-s-z/zed +++ b/apparmor.d/profiles-s-z/zed @@ -46,7 +46,7 @@ profile zed @{exec_path} { owner /tmp/tmp.* rw, @{sys}/bus/pci/slots/ r, - @{sys}/bus/pci/slots/[0-9]*/address r, + @{sys}/bus/pci/slots/@{int}/address r, @{sys}/module/zfs/parameters/zfs_zevent_len_max rw, @{PROC}/@{pids}/mounts r, diff --git a/apparmor.d/profiles-s-z/zpool b/apparmor.d/profiles-s-z/zpool index 3ad0e8379..00472ab2b 100644 --- a/apparmor.d/profiles-s-z/zpool +++ b/apparmor.d/profiles-s-z/zpool @@ -28,13 +28,13 @@ profile zpool @{exec_path} { /tmp/tmp.* rw, @{sys}/bus/pci/slots/ r, - @{sys}/bus/pci/slots/[0-9]*/address r, + @{sys}/bus/pci/slots/@{int}/address r, @{PROC}/@{pids}/mountinfo r, @{PROC}/@{pids}/mounts r, @{PROC}/sys/kernel/spl/hostid r, - /dev/pts/[0-9]* rw, + /dev/pts/@{int} rw, /dev/zfs rw, include if exists diff --git a/apparmor.d/profiles-s-z/zsysd b/apparmor.d/profiles-s-z/zsysd index 56d1283ce..3be0e3849 100644 --- a/apparmor.d/profiles-s-z/zsysd +++ b/apparmor.d/profiles-s-z/zsysd @@ -42,7 +42,7 @@ profile zsysd @{exec_path} flags=(complain) { @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, - /dev/pts/[0-9]* rw, + /dev/pts/@{int} rw, /dev/zfs rw, include if exists