feat(profiles): replace old [0-9]* glob by @{int}

Beware some [0-9]* glob are actually not proper @{int}.
2023-08-18 17:09:53 +01:00 · 2023-08-18 17:09:53 +01:00 · 275d6b6e62
commit 275d6b6e62
parent 8ea4491a56
368 changed files with 637 additions and 636 deletions
--- a/apparmor.d/profiles-a-f/aa-log
+++ b/apparmor.d/profiles-a-f/aa-log
@ -33,7 +33,7 @@ profile aa-log @{exec_path} {
  @{PROC}/sys/kernel/random/boot_id r,
  @{PROC}/sys/kernel/cap_last_cap r,

-  /dev/tty[0-9]* rw,
+  /dev/tty@{int} rw,

  include if exists <local/aa-log>
 }
--- a/apparmor.d/profiles-a-f/aa-notify
+++ b/apparmor.d/profiles-a-f/aa-notify
@ -34,7 +34,7 @@ profile aa-notify @{exec_path} {
  /var/log/audit/audit.log r,

  owner @{HOME}/.inputrc r,
-  owner @{HOME}/.terminfo/[0-9]*/dumb r,
+  owner @{HOME}/.terminfo/@{int}/dumb r,

  owner /tmp/[a-z0-9]* rw,
  owner /tmp/apparmor-bugreport-*.txt rw,
--- a/apparmor.d/profiles-a-f/aa-status
+++ b/apparmor.d/profiles-a-f/aa-status
@ -26,7 +26,7 @@ profile aa-status @{exec_path} {
        @{PROC}/@{pids}/attr/current r,
  owner @{PROC}/@{pid}/mounts r,

-  /dev/tty[0-9]* rw,
+  /dev/tty@{int} rw,

  include if exists <local/aa-status>
 }
--- a/apparmor.d/profiles-a-f/acpi-powerbtn
+++ b/apparmor.d/profiles-a-f/acpi-powerbtn
@ -43,7 +43,7 @@ profile acpi-powerbtn flags=(attach_disconnected) {
    @{bin}/fgconsole r,

          /dev/tty       rw,
-    owner /dev/tty[0-9]* rw,
+    owner /dev/tty@{int} rw,
  }

  include if exists <local/acpi-powerbtn>
--- a/apparmor.d/profiles-a-f/agetty
+++ b/apparmor.d/profiles-a-f/agetty
@ -38,9 +38,9 @@ profile agetty @{exec_path} {
        @{run}/resolvconf/resolv.conf r,
  owner @{run}/agetty.reload rw,

-        /dev/tty[0-9]*   rw,
-  owner /dev/ttyGS[0-9]* rw,
-  owner /dev/ttyS[0-9]*  rw,
+        /dev/tty@{int}   rw,
+  owner /dev/ttyGS@{int} rw,
+  owner /dev/ttyS@{int}  rw,

  include if exists <local/agetty>
 }
--- a/apparmor.d/profiles-a-f/amixer
+++ b/apparmor.d/profiles-a-f/amixer
@ -26,7 +26,7 @@ profile amixer @{exec_path} {
  owner @{PROC}/@{pid}/task/@{tid}/comm rw,

  # file_inherit
-  owner /dev/tty[0-9]* rw,
+  owner /dev/tty@{int} rw,

  include if exists <local/amixer>
 }
--- a/apparmor.d/profiles-a-f/anki
+++ b/apparmor.d/profiles-a-f/anki
@ -137,7 +137,7 @@ profile anki @{exec_path} {
  /etc/machine-id r,

  # file_inherit
-  owner /dev/tty[0-9]* rw,
+  owner /dev/tty@{int} rw,
  owner @{HOME}/.xsession-errors w,

  # Allowed apps to open
@ -170,10 +170,10 @@ profile anki @{exec_path} {
    /etc/machine-id r,

    @{sys}/devices/system/node/ r,
-    @{sys}/devices/system/node/node[0-9]*/meminfo r,
+    @{sys}/devices/system/node/node@{int}/meminfo r,

    # file_inherit
-    owner /dev/tty[0-9]* rw,
+    owner /dev/tty@{int} rw,
    owner @{HOME}/.xsession-errors w,

  }
--- a/apparmor.d/profiles-a-f/apparmor_parser
+++ b/apparmor.d/profiles-a-f/apparmor_parser
@ -23,8 +23,8 @@ profile apparmor_parser @{exec_path} flags=(attach_disconnected) {
  /usr/share/apparmor-features/{,**} r,
  /usr/share/apparmor/{,**} r,

-  owner /snap/core[0-9]*/[0-9]*/etc/apparmor.d/{,**} r,
-  owner /snap/core[0-9]*/[0-9]*/etc/apparmor/* r,
+  owner /snap/core[0-9]*/@{int}/etc/apparmor.d/{,**} r,
+  owner /snap/core[0-9]*/@{int}/etc/apparmor/* r,
  owner /var/cache/apparmor/{,**} rw,
  owner /var/lib/docker/tmp/docker-default[0-9]* r,
  owner /var/lib/snapd/apparmor/{,**} r,
--- a/apparmor.d/profiles-a-f/arandr
+++ b/apparmor.d/profiles-a-f/arandr
@ -32,7 +32,7 @@ profile arandr @{exec_path} {
  /etc/fstab r,

  # file_inherit
-  owner /dev/tty[0-9]* rw,
+  owner /dev/tty@{int} rw,

  include if exists <local/arandr>
 }
--- a/apparmor.d/profiles-a-f/arduino-builder
+++ b/apparmor.d/profiles-a-f/arduino-builder
@ -18,11 +18,11 @@ profile arduino-builder @{exec_path} {
  @{bin}/avr-gcc-ar                 rix,
  @{bin}/avr-size                   rix,
  @{bin}/avrdude                    rix,
-  @{lib}/gcc/avr/[0-9]*/cc1plus     rix,
-  @{lib}/gcc/avr/[0-9]*/cc1         rix,
-  @{lib}/gcc/avr/[0-9]*/collect2    rix,
-  @{lib}/gcc/avr/[0-9]*/lto-wrapper rix,
-  @{lib}/gcc/avr/[0-9]*/lto1        rix,
+  @{lib}/gcc/avr/@{int}/cc1plus     rix,
+  @{lib}/gcc/avr/@{int}/cc1         rix,
+  @{lib}/gcc/avr/@{int}/collect2    rix,
+  @{lib}/gcc/avr/@{int}/lto-wrapper rix,
+  @{lib}/gcc/avr/@{int}/lto1        rix,
  @{lib}/llvm-[0-9]*/bin/clang      rix,
  @{lib}/avr/bin/as                 rix,
  @{lib}/avr/bin/ar                 rix,
--- a/apparmor.d/profiles-a-f/birdtray
+++ b/apparmor.d/profiles-a-f/birdtray
@ -69,7 +69,7 @@ profile birdtray @{exec_path} {
  /etc/machine-id r,

  # file_inherit
-  owner /dev/tty[0-9]* rw,
+  owner /dev/tty@{int} rw,


  profile open {
--- a/apparmor.d/profiles-a-f/blueman
+++ b/apparmor.d/profiles-a-f/blueman
@ -64,7 +64,7 @@ profile blueman @{exec_path} flags=(attach_disconnected) {
  owner @{PROC}/@{pid}/mounts r,
        @{PROC}/@{pids}/cmdline r,

-  /dev/dri/card[0-9]* rw,
+  /dev/dri/card@{int} rw,
  /dev/rfkill r,
  /dev/shm/ r,
  /dev/tty rw,
--- a/apparmor.d/profiles-a-f/bluetoothd
+++ b/apparmor.d/profiles-a-f/bluetoothd
@ -42,7 +42,7 @@ profile bluetoothd @{exec_path} {
  /dev/uhid rw,
  /dev/uinput rw,
  /dev/rfkill rw,
-  /dev/hidraw[0-9]* rw,
+  /dev/hidraw@{int} rw,

  include if exists <local/bluetoothd>
 }
--- a/apparmor.d/profiles-a-f/btop
+++ b/apparmor.d/profiles-a-f/btop
@ -24,15 +24,15 @@ profile btop @{exec_path} {

  @{sys}/class/power_supply/ r,
  @{sys}/class/hwmon/ r,
-  @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/scaling_{cur,min,max}_freq r,
+  @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_{cur,min,max}_freq r,
  @{sys}/devices/virtual/thermal/thermal_zone[0-9]*/ r,
-  @{sys}/devices/virtual/thermal/thermal_zone[0-9]*/hwmon[0-9]*/{,*} r,
-  @{sys}/devices/platform/coretemp.[0-9]*/hwmon/hwmon[0-9]*/{,*} r,
-  @{sys}/devices/virtual/block/dm-[0-9]*/stat r,
-  @{sys}/devices/pci[0-9]*/**/host[0-9]*/*/*/block/*/*/stat r,
+  @{sys}/devices/virtual/thermal/thermal_zone@{int}/hwmon@{int}/{,*} r,
+  @{sys}/devices/platform/coretemp.@{int}/hwmon/hwmon@{int}/{,*} r,
+  @{sys}/devices/virtual/block/dm-@{int}/stat r,
+  @{sys}/devices/pci[0-9]*/**/host@{int}/*/*/block/*/*/stat r,
  @{sys}/devices/{pci[0-9]*,virtual}/{,**/}net/*/statistics/{rx,tx}_bytes r,
  @{sys}/devices/{pci[0-9]*,virtual}/{,**/}net/*/address r,
-  @{sys}/devices/pci[0-9]*/*/*/usb[0-9]*/**/power_supply/hidpp_battery_[0-9]*/{,hwmon[0-9]*/} r,
+  @{sys}/devices/pci[0-9]*/*/*/usb@{int}/**/power_supply/hidpp_battery_[@{int}/{,hwmon@{int}/} r,

        @{PROC} r,
        @{PROC}/loadavg r,
--- a/apparmor.d/profiles-a-f/btrfs
+++ b/apparmor.d/profiles-a-f/btrfs
@ -42,14 +42,14 @@ profile btrfs @{exec_path} {
  @{run}/blkid/blkid.tab{,-@{rand6}} rw,
  @{run}/blkid/blkid.tab.old rwl -> @{run}/blkid/blkid.tab,

-  @{sys}/fs/btrfs/@{uuid}/devinfo/[0-9]*/fsid r,
+  @{sys}/fs/btrfs/@{uuid}/devinfo/@{int}/fsid r,

        @{PROC}/partitions r,
  owner @{PROC}/@{pid}/mounts r,

        /dev/btrfs-control rw,
-        /dev/tty[0-9]* rw,
-  owner /dev/pts/[0-9]* rw,
+        /dev/tty@{int} rw,
+  owner /dev/pts/@{int} rw,


  include if exists <local/btrfs>
--- a/apparmor.d/profiles-a-f/code-extension-git-askpass
+++ b/apparmor.d/profiles-a-f/code-extension-git-askpass
@ -19,7 +19,7 @@ profile code-extension-git-askpass @{exec_path} {
  @{bin}/cat                      rix,
  @{bin}/mktemp                   rix,
  @{bin}/rm                       rix,
-  @{lib}/electron[0-9]*/electron  rix,
+  @{lib}/electron@{int}/electron  rix,

  /usr/share/terminfo/x/xterm-256color r,

--- a/apparmor.d/profiles-a-f/code-extension-git-editor
+++ b/apparmor.d/profiles-a-f/code-extension-git-editor
@ -13,7 +13,7 @@ profile code-extension-git-editor @{exec_path} {
  @{exec_path} mr,

  @{bin}/{,ba,da}sh               rix,
-  @{lib}/electron[0-9]*/electron  rix,
+  @{lib}/electron@{int}/electron  rix,

  /dev/tty rw,

--- a/apparmor.d/profiles-a-f/compton
+++ b/apparmor.d/profiles-a-f/compton
@ -19,7 +19,7 @@ profile compton @{exec_path} {
  owner @{HOME}/.Xauthority r,

  # file_inherit
-  owner /dev/tty[0-9]* rw,
+  owner /dev/tty@{int} rw,
  owner @{HOME}/.xsession-errors w,

  include if exists <local/compton>
--- a/apparmor.d/profiles-a-f/conky
+++ b/apparmor.d/profiles-a-f/conky
@ -87,7 +87,7 @@ profile conky @{exec_path} {
  @{sys}/devices/system/cpu/present r,

  # Get the current frequency of the CPU
-  @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/scaling_cur_freq r,
+  @{sys}/devices/system/cpu/cpufreq/policy@{int}/scaling_cur_freq r,

  # Get load average values for 1, 5 and 15 minutes
  @{PROC}/loadavg r,
@ -128,8 +128,8 @@ profile conky @{exec_path} {

  # Temperatures and Fans
  @{bin}/sensors rPUx,
-  @{sys}/devices/**/hwmon[0-9]*/temp[0-9]*_input r,
-  @{sys}/devices/**/hwmon/hwmon[0-9]*/temp[0-9]*_input r,
+  @{sys}/devices/**/hwmon@{int}/temp[0-9]*_input r,
+  @{sys}/devices/**/hwmon/hwmon@{int}/temp[0-9]*_input r,
  @{sys}/class/hwmon/ r,
  @{PROC}/acpi/ibm/fan r,

@ -146,7 +146,7 @@ profile conky @{exec_path} {
  /usr/share/X11/XErrorDB r,

  # file_inherit
-  owner /dev/tty[0-9]* rw,
+  owner /dev/tty@{int} rw,
  owner @{HOME}/.xsession-errors w,


@ -187,7 +187,7 @@ profile conky @{exec_path} {
    /usr/share/publicsuffix/public_suffix_list.* r,

    # file_inherit
-    owner /dev/tty[0-9]* rw,
+    owner /dev/tty@{int} rw,
    deny @{PROC}/@{pids}/net/dev r,
    deny @{PROC}/@{pids}/net/tcp r,
    deny @{PROC}/@{pids}/net/tcp6 r,
--- a/apparmor.d/profiles-a-f/cpuid
+++ b/apparmor.d/profiles-a-f/cpuid
@ -14,7 +14,7 @@ profile cpuid @{exec_path} {

  @{exec_path} mr,

-  /dev/cpu/[0-9]*/cpuid r,
+  /dev/cpu/@{int}/cpuid r,

  owner /tmp/cpuid* rw,

--- a/apparmor.d/profiles-a-f/dkms
+++ b/apparmor.d/profiles-a-f/dkms
@ -55,7 +55,7 @@ profile dkms @{exec_path} flags=(attach_disconnected) {
  @{bin}/{,g,m}awk  rix,
  @{bin}/update-secureboot-policy rPUx,

-  @{lib}/gcc/@{multiarch}/[0-9]*/*             rix,
+  @{lib}/gcc/@{multiarch}/@{int}/*             rix,
  @{lib}/linux-kbuild-*/scripts/**             rix,
  @{lib}/linux-kbuild-*/tools/objtool/objtool  rix,
  @{lib}/llvm-[0-9]*/bin/clang                 rix,
--- a/apparmor.d/profiles-a-f/downloadhelper
+++ b/apparmor.d/profiles-a-f/downloadhelper
@ -37,7 +37,7 @@ profile downloadhelper @{exec_path} {
  owner /tmp/vdh-*.tmp rw,

  @{sys}/devices/system/node/ r,
-  @{sys}/devices/system/node/node[0-9]*/meminfo r,
+  @{sys}/devices/system/node/node@{int}/meminfo r,

  deny @{PROC}/version r,
  deny @{user_share_dirs}/gvfs-metadata/* r,
--- a/apparmor.d/profiles-a-f/dring
+++ b/apparmor.d/profiles-a-f/dring
@ -27,7 +27,7 @@ profile dring @{exec_path} {
  @{sys}/class/ r,
  @{sys}/bus/ r,
  @{sys}/devices/system/node/ r,
-  @{sys}/devices/system/node/node[0-9]*/meminfo r,
+  @{sys}/devices/system/node/node@{int}/meminfo r,

  /var/lib/dbus/machine-id r,
  /etc/machine-id r,
--- a/apparmor.d/profiles-a-f/dumpe2fs
+++ b/apparmor.d/profiles-a-f/dumpe2fs
@ -21,7 +21,7 @@ profile dumpe2fs @{exec_path} {
  owner @{run}/blkid/blkid.tab{,-@{rand6}} rw,
  owner @{run}/blkid/blkid.tab.old rwl -> @{run}/blkid/blkid.tab,

-  /dev/tty[0-9]* rw,
+  /dev/tty@{int} rw,

  include if exists <local/dumpe2fs>
 }
--- a/apparmor.d/profiles-a-f/dunstify
+++ b/apparmor.d/profiles-a-f/dunstify
@ -13,7 +13,7 @@ profile dunstify @{exec_path} {
  @{exec_path} mr,

  # file_inherit
-  owner /dev/tty[0-9]* rw,
+  owner /dev/tty@{int} rw,

  include if exists <local/dunstify>
 }
--- a/apparmor.d/profiles-a-f/engrampa
+++ b/apparmor.d/profiles-a-f/engrampa
@ -133,7 +133,7 @@ profile engrampa @{exec_path} {
  owner @{PROC}/@{pid}/fd/ r,

  # file_inherit
-  owner /dev/tty[0-9]* rw,
+  owner /dev/tty@{int} rw,

  deny owner @{user_share_dirs}/gvfs-metadata/{,*} r,

--- a/apparmor.d/profiles-a-f/exo-helper
+++ b/apparmor.d/profiles-a-f/exo-helper
@ -48,7 +48,7 @@ profile exo-helper @{exec_path} {
  /etc/fstab r,

  # file_inherit
-  owner /dev/tty[0-9]* rw,
+  owner /dev/tty@{int} rw,

  include if exists <local/exo-helper>
 }
--- a/apparmor.d/profiles-a-f/f3read
+++ b/apparmor.d/profiles-a-f/f3read
@ -18,9 +18,9 @@ profile f3read @{exec_path} {
  @{MOUNTS}/*/ r,

  # To be able to read h2w files
-  owner @{MOUNTDIRS}/[0-9]*.h2w r,
-  owner @{MOUNTS}/[0-9]*.h2w r,
-  owner @{MOUNTS}/*/[0-9]*.h2w r,
+  owner @{MOUNTDIRS}/@{int}.h2w r,
+  owner @{MOUNTS}/@{int}.h2w r,
+  owner @{MOUNTS}/*/@{int}.h2w r,

  include if exists <local/f3read>
 }
--- a/apparmor.d/profiles-a-f/f3write
+++ b/apparmor.d/profiles-a-f/f3write
@ -22,9 +22,9 @@ profile f3write @{exec_path} {
  @{MOUNTS}/*/ r,

  # To be able to write h2w files
-  owner @{MOUNTDIRS}/[0-9]*.h2w w,
-  owner @{MOUNTS}/[0-9]*.h2w w,
-  owner @{MOUNTS}/*/[0-9]*.h2w w,
+  owner @{MOUNTDIRS}/@{int}.h2w w,
+  owner @{MOUNTS}/@{int}.h2w w,
+  owner @{MOUNTS}/*/@{int}.h2w w,

  include if exists <local/f3write>
 }
--- a/apparmor.d/profiles-a-f/flatpak-portal
+++ b/apparmor.d/profiles-a-f/flatpak-portal
@ -32,9 +32,9 @@ profile flatpak-portal @{exec_path} flags=(attach_disconnected) {
  owner @{user_config_dirs}/user-dirs.dirs r,
  owner @{user_share_dirs}/mime/mime.cache r,

-  owner @{run}/user/@{uid}/.flatpak/[0-9]*/bwrapinfo.json r,
-  owner @{run}/user/@{uid}/.flatpak/[0-9]*/info r,
-  owner @{run}/user/@{uid}/.flatpak/[0-9]*/pid r,
+  owner @{run}/user/@{uid}/.flatpak/@{int}/bwrapinfo.json r,
+  owner @{run}/user/@{uid}/.flatpak/@{int}/info r,
+  owner @{run}/user/@{uid}/.flatpak/@{int}/pid r,

  include if exists <local/flatpak-portal>
 }
--- a/apparmor.d/profiles-a-f/fwupd
+++ b/apparmor.d/profiles-a-f/fwupd
@ -104,8 +104,8 @@ profile fwupd @{exec_path} flags=(complain,attach_disconnected) {
  /boot/{,**} r,
  /boot/EFI/*/.goutputstream-@{rand6} rw,
  /boot/EFI/*/fw/fwupd-*.cap{,.*} rw,
-  /boot/EFI/*/fwupdx[0-9]*.efi rw,
-  @{lib}/fwupd/efi/fwupdx[0-9]*.efi r,
+  /boot/EFI/*/fwupdx@{int}.efi rw,
+  @{lib}/fwupd/efi/fwupdx@{int}.efi r,

  /etc/machine-id r,
  /var/lib/dbus/machine-id r,
@ -129,7 +129,7 @@ profile fwupd @{exec_path} flags=(complain,attach_disconnected) {
  @{sys}/power/mem_sleep r,

  @{run}/motd.d/ r,
-  @{run}/motd.d/[0-9]*-fwupd* rw,
+  @{run}/motd.d/@{int}-fwupd* rw,
  @{run}/motd.d/fwupd/{,**} rw,
  @{run}/mount/utab r,
  @{run}/systemd/inhibit/[0-9]*.ref rw,
@ -145,17 +145,17 @@ profile fwupd @{exec_path} flags=(complain,attach_disconnected) {
  @{PROC}/sys/kernel/tainted r,

  /dev/bus/usb/ r,
-  /dev/bus/usb/[0-9]*/[0-9]* rw,
-  /dev/cpu/[0-9]*/msr rw,
-  /dev/drm_dp_aux[0-9]* rw,
-  /dev/gpiochip[0-9]* r,
-  /dev/hidraw[0-9]* rw,
-  /dev/mei[0-9]* rw,
+  /dev/bus/usb/@{int}/@{int} rw,
+  /dev/cpu/@{int}/msr rw,
+  /dev/drm_dp_aux@{int} rw,
+  /dev/gpiochip@{int} r,
+  /dev/hidraw@{int} rw,
+  /dev/mei@{int} rw,
  /dev/mem r,
-  /dev/mtd[0-9]* rw,
+  /dev/mtd@{int} rw,
  /dev/sd[a-z]* r,
-  /dev/tpm[0-9]* rw,
-  /dev/tpmrm[0-9]* rw,
+  /dev/tpm@{int} rw,
+  /dev/tpmrm@{int} rw,
  /dev/wmi/* r,

  profile gpg flags=(complain) {