refactor(profiles): use @{bin} and @{lib} in profiles (2)

2023-07-09 13:30:27 +01:00 · 2023-07-09 13:30:27 +01:00 · 2eed3b725f
commit 2eed3b725f
parent bb71f49598
101 changed files with 538 additions and 538 deletions
--- a/apparmor.d/groups/cron/cron-popularity-contest
+++ b/apparmor.d/groups/cron/cron-popularity-contest
@ -11,28 +11,28 @@ profile cron-popularity-contest @{exec_path} {
  include <abstractions/base>

  @{exec_path} r,
-  /{usr/,}bin/{,ba,da}sh          rix,
+  @{bin}/{,ba,da}sh          rix,

-  /{usr/,}sbin/popularity-contest rPx,
+  @{bin}/popularity-contest rPx,

-  /{usr/,}bin/logger              rix,
-  /{usr/,}bin/date                rix,
-  /{usr/,}bin/mktemp              rix,
-  /{usr/,}bin/mkdir               rix,
-  /{usr/,}bin/rm                  rix,
-  /{usr/,}bin/mv                  rix,
-  /{usr/,}bin/cat                 rix,
-  /{usr/,}bin/setsid              rix,
+  @{bin}/logger              rix,
+  @{bin}/date                rix,
+  @{bin}/mktemp              rix,
+  @{bin}/mkdir               rix,
+  @{bin}/rm                  rix,
+  @{bin}/mv                  rix,
+  @{bin}/cat                 rix,
+  @{bin}/setsid              rix,

  # To send reports via TOR
-  /{usr/,}bin/torify              rix,
-  /{usr/,}bin/torsocks            rix,
-  /{usr/,}sbin/getcap             rix,
+  @{bin}/torify              rix,
+  @{bin}/torsocks            rix,
+  @{bin}/getcap             rix,

  /usr/share/popularity-contest/popcon-upload rCx -> popcon-upload,
-  /{usr/,}bin/gpg{,2}             rCx -> gpg,
-  /{usr/,}sbin/runuser            rCx -> runuser,
-  /{usr/,}bin/savelog             rCx -> savelog,
+  @{bin}/gpg{,2}             rCx -> gpg,
+  @{bin}/runuser            rCx -> runuser,
+  @{bin}/savelog             rCx -> savelog,

  /usr/share/popularity-contest/ r,
  /usr/share/popularity-contest/default.conf r,
@ -62,18 +62,18 @@ profile cron-popularity-contest @{exec_path} {
  profile savelog {
    include <abstractions/base>

-    /{usr/,}bin/savelog mr,
+    @{bin}/savelog mr,

-    /{usr/,}bin/date       rix,
-    /{usr/,}bin/basename   rix,
-    /{usr/,}bin/which{,.debianutils}      rix,
-    /{usr/,}bin/dirname    rix,
-    /{usr/,}bin/rm         rix,
-    /{usr/,}bin/mv         rix,
-    /{usr/,}bin/touch      rix,
-    /{usr/,}bin/gzip       rix,
+    @{bin}/date       rix,
+    @{bin}/basename   rix,
+    @{bin}/which{,.debianutils}      rix,
+    @{bin}/dirname    rix,
+    @{bin}/rm         rix,
+    @{bin}/mv         rix,
+    @{bin}/touch      rix,
+    @{bin}/gzip       rix,

-    /{usr/,}bin/{,ba,da}sh rix,
+    @{bin}/{,ba,da}sh rix,

    /var/log/ r,
    /var/log/popularity-contest.[0-9]*.gz rw,
@ -91,11 +91,11 @@ profile cron-popularity-contest @{exec_path} {
    include <abstractions/nameservice-strict>
    include <abstractions/authentication>

-    /{usr/,}sbin/runuser mr,
+    @{bin}/runuser mr,

-    /{usr/,}bin/{,ba,da}sh          rix,
+    @{bin}/{,ba,da}sh          rix,

-    /{usr/,}sbin/popularity-contest rPx,
+    @{bin}/popularity-contest rPx,

    owner @{PROC}/@{pids}/loginuid r,
          @{PROC}/1/limits r,
@ -113,7 +113,7 @@ profile cron-popularity-contest @{exec_path} {
    include <abstractions/base>
    include <abstractions/nameservice-strict>

-    /{usr/,}bin/gpg{,2} mr,
+    @{bin}/gpg{,2} mr,

    /usr/share/popularity-contest/debian-popcon.gpg r,

@ -141,9 +141,9 @@ profile cron-popularity-contest @{exec_path} {
    network netlink raw,

    /usr/share/popularity-contest/popcon-upload r,
-    /{usr/,}bin/perl r,
+    @{bin}/perl r,

-    /{usr/,}bin/gzip rix,
+    @{bin}/gzip rix,

    /var/log/ r,
    /var/log/popularity-contest.new.gpg r,