feat(profiles): replace old [0-9]* glob by @{int}

Beware some [0-9]* glob are actually not proper @{int}.
2023-08-18 17:09:53 +01:00 · 2023-08-18 17:09:53 +01:00 · 275d6b6e62
commit 275d6b6e62
parent 8ea4491a56
368 changed files with 637 additions and 636 deletions
--- a/apparmor.d/groups/pacman/pacman
+++ b/apparmor.d/groups/pacman/pacman
@ -157,8 +157,8 @@ profile pacman @{exec_path} {

  @{run}/utmp rk,
  
-        /dev/tty[0-9]* rw,
-  owner /dev/pts/[0-9]* rw,
+        /dev/tty@{int} rw,
+  owner /dev/pts/@{int} rw,

  # Silencer, 
  deny /tmp/ r,
@ -184,8 +184,8 @@ profile pacman @{exec_path} {

    deny @{user_share_dirs}/sddm/* rw,
    
-          /dev/tty[0-9]* rw,
-    owner /dev/pts/[0-9]* rw,
+          /dev/tty@{int} rw,
+    owner /dev/pts/@{int} rw,

    deny network inet stream,
    deny network inet6 stream,
--- a/apparmor.d/groups/pacman/pacman-conf
+++ b/apparmor.d/groups/pacman/pacman-conf
@ -17,7 +17,7 @@ profile pacman-conf @{exec_path} flags=(attach_disconnected) {
  /etc/pacman.d/mirrorlist r,
  /etc/pacman.d/*-mirrorlist r,
  
-  /dev/tty[0-9]* rw,
+  /dev/tty@{int} rw,

  # Inherit Silencer
  deny network inet6 stream,
--- a/apparmor.d/groups/pacman/pacman-hook-depmod
+++ b/apparmor.d/groups/pacman/pacman-hook-depmod
@ -24,8 +24,8 @@ profile pacman-hook-depmod @{exec_path} {
  /usr/lib/modules/*/{,**} rw,

        /dev/tty rw,
-        /dev/tty[0-9]* rw,
-  owner /dev/pts/[0-9]* rw,
+        /dev/tty@{int} rw,
+  owner /dev/pts/@{int} rw,

  # Inherit Silencer
  deny network inet6 stream,
--- a/apparmor.d/groups/pacman/pacman-hook-gtk
+++ b/apparmor.d/groups/pacman/pacman-hook-gtk
@ -24,8 +24,8 @@ profile pacman-hook-gtk @{exec_path} {
  /usr/share/icons/{,**} rw,

        /dev/tty rw,
-        /dev/tty[0-9]* rw,
-  owner /dev/pts/[0-9]* rw,
+        /dev/tty@{int} rw,
+  owner /dev/pts/@{int} rw,

  # Inherit Silencer
  deny network inet6 stream,
--- a/apparmor.d/groups/pacman/pacman-hook-perl
+++ b/apparmor.d/groups/pacman/pacman-hook-perl
@ -24,8 +24,8 @@ profile pacman-hook-perl @{exec_path} {
  @{lib}/perl[0-9]*/{,**} r,

        /dev/tty rw,
-        /dev/tty[0-9]* rw,
-  owner /dev/pts/[0-9]* rw,
+        /dev/tty@{int} rw,
+  owner /dev/pts/@{int} rw,

  # Inherit silencer
  deny network inet6 stream,
--- a/apparmor.d/groups/pacman/pacman-hook-systemd
+++ b/apparmor.d/groups/pacman/pacman-hook-systemd
@ -31,8 +31,8 @@ profile pacman-hook-systemd @{exec_path} {
  /usr/ rw,

        /dev/tty rw,
-        /dev/tty[0-9]* rw,
-  owner /dev/pts/[0-9]* rw,
+        /dev/tty@{int} rw,
+  owner /dev/pts/@{int} rw,

  # Inherit silencer
  deny network inet6 stream,
--- a/apparmor.d/groups/pacman/reflector
+++ b/apparmor.d/groups/pacman/reflector
@ -37,8 +37,8 @@ profile reflector @{exec_path} flags=(attach_disconnected) {
  @{PROC}/cmdline r,
  @{PROC}/sys/kernel/osrelease r,

-        /dev/tty[0-9]* rw,
-  owner /dev/pts/[0-9]* rw,
+        /dev/tty@{int} rw,
+  owner /dev/pts/@{int} rw,

  include if exists <local/reflector>
 }