feat(profile): add more programs to the list of sbin program.

apparmor.d/groups/apparmor/aa-notify

@@ -6,7 +6,7 @@ abi <abi/4.0>,
 
 include <tunables/global>
 
-@{exec_path} = @{bin}/aa-notify
+@{exec_path} = @{sbin}/aa-notify
 profile aa-notify @{exec_path} {
   include <abstractions/base>
   include <abstractions/bus-session>

apparmor.d/groups/apparmor/aa-unconfined

@@ -21,7 +21,7 @@ profile aa-unconfined @{exec_path} flags=(attach_disconnected) {
 
   @{bin}/          r,
   @{bin}/netstat  Px,
-  @{bin}/ss       Px,
+  @{sbin}/ss      Px,
 
   /usr/share/terminfo/** r,
 

apparmor.d/groups/apt/unattended-upgrade

@@ -55,7 +55,7 @@ profile unattended-upgrade @{exec_path} flags=(attach_disconnected) {
   @{bin}/etckeeper                rPx,
   @{bin}/lsb_release              rPx -> lsb_release,
   @{sbin}/on_ac_power             rPx,
-  @{bin}/sendmail                rPUx,
+  @{sbin}/sendmail               rPUx,
   @{lib}/apt/methods/http{,s}     rPx,
   @{lib}/needrestart/apt-pinvoke  rPx,
   @{lib}/update-notifier/update-motd-updates-available rPx,

apparmor.d/groups/display-manager/xdm-xsession

@@ -20,7 +20,7 @@ profile xdm-xsession @{exec_path} {
 
   @{bin}/basename           rix,
   @{bin}/cat                rix,
-  @{bin}/checkproc          rix,
+  @{sbin}/checkproc         rix,
   @{bin}/dirname            rix,
   @{bin}/fortune           rPUx,
   @{bin}/gpg-agent          rPx,

apparmor.d/groups/filesystem/btrfs-convert

@@ -7,7 +7,7 @@ abi <abi/4.0>,
 
 include <tunables/global>
 
-@{exec_path} = @{bin}/btrfs-convert
+@{exec_path} = @{sbin}/btrfs-convert
 profile btrfs-convert @{exec_path} {
   include <abstractions/base>
   include <abstractions/disks-write>

apparmor.d/groups/filesystem/btrfs-image

@@ -7,7 +7,7 @@ abi <abi/4.0>,
 
 include <tunables/global>
 
-@{exec_path} = @{bin}/btrfs-image
+@{exec_path} = @{sbin}/btrfs-image
 profile btrfs-image @{exec_path} {
   include <abstractions/base>
   include <abstractions/disks-write>

apparmor.d/groups/filesystem/btrfstune

@@ -7,7 +7,7 @@ abi <abi/4.0>,
 
 include <tunables/global>
 
-@{exec_path} = @{bin}/btrfstune
+@{exec_path} = @{sbin}/btrfstune
 profile btrfstune @{exec_path} {
   include <abstractions/base>
   include <abstractions/disks-write>

apparmor.d/groups/filesystem/mount-nfs

@@ -7,7 +7,7 @@ abi <abi/4.0>,
 
 include <tunables/global>
 
-@{exec_path} = @{bin}/mount.nfs
+@{exec_path} = @{sbin}/mount.nfs
 profile mount-nfs @{exec_path} flags=(complain) {
   include <abstractions/base>
   include <abstractions/nameservice-strict>
@@ -42,7 +42,7 @@ profile mount-nfs @{exec_path} flags=(complain) {
 
   @{sh_path}              rix,
   @{bin}/flock            rix,
-  @{bin}/start-statd      rix,
+  @{sbin}/start-statd     rix,
   @{bin}/systemctl        rCx -> systemctl,
 
   /etc/fstab r,

apparmor.d/groups/filesystem/nfsdcld

@@ -6,7 +6,7 @@ abi <abi/4.0>,
 
 include <tunables/global>
 
-@{exec_path} = @{bin}/nfsdcld
+@{exec_path} = @{sbin}/nfsdcld
 profile nfsdcld @{exec_path} {
   include <abstractions/base>
 

apparmor.d/groups/freedesktop/plymouth-set-default-theme

@@ -6,7 +6,7 @@ abi <abi/4.0>,
 
 include <tunables/global>
 
-@{exec_path} = @{bin}/plymouth-set-default-theme
+@{exec_path} = @{sbin}/plymouth-set-default-theme
 profile plymouth-set-default-theme @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/nameservice-strict>

apparmor.d/groups/gnome/gnome-initial-setup

@@ -37,7 +37,7 @@ profile gnome-initial-setup @{exec_path} {
   @{bin}/dpkg    rPx -> child-dpkg,
   @{bin}/locale  rix,
   @{bin}/lscpu   rPx,
-  @{bin}/lspci   rPx,
+  @{sbin}/lspci  rPx,
   @{bin}/xrandr  rPx,
 
   @{lib}/gnome-initial-setup-goa-helper rix,

apparmor.d/groups/grub/grub-install

@@ -19,7 +19,7 @@ profile grub-install @{exec_path} flags=(complain) {
   @{exec_path} mr,
 
   @{sh_path}               rix,
-  @{bin}/efibootmgr        rix,
+  @{sbin}/efibootmgr       rix,
   @{bin}/kmod              rPx,
   @{bin}/lsb_release       rPx -> lsb_release,
   @{bin}/udevadm           rPx,

apparmor.d/groups/grub/grub-mkconfig

@@ -21,7 +21,7 @@ profile grub-mkconfig @{exec_path} flags=(attach_disconnected) {
   @{bin}/{e,f,}grep           rix,
   @{bin}/{m,g,}awk            rix,
   @{bin}/basename             rix,
-  @{bin}/btrfs                rPx,
+  @{sbin}/btrfs               rPx,
   @{bin}/cat                  rix,
   @{bin}/chmod                rix,
   @{bin}/cut                  rix,

apparmor.d/groups/gvfs/gvfsd-wsdd

@@ -19,7 +19,7 @@ profile gvfsd-wsdd @{exec_path} {
   @{exec_path} mr,
 
   @{bin}/env r,
-  @{bin}/wsdd rPx,
+  @{sbin}/wsdd rPx,
 
         @{run}/mount/utab r,
   owner @{run}/user/@{uid}/gvfsd/socket-@{rand8} rw,

apparmor.d/groups/kde/sddm

@@ -76,7 +76,7 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) {
 
   @{shells_path}       rix,
   @{bin}/cat           rix,
-  @{bin}/checkproc     rix,
+  @{sbin}/checkproc    rix,
   @{bin}/disable-paste rix,
   @{bin}/locale        rix,
   @{bin}/manpath       rix,

apparmor.d/groups/kde/systemsettings

@@ -29,7 +29,7 @@ profile systemsettings @{exec_path} {
   @{bin}/cat rix,
   @{bin}/eglinfo rPUx,
   @{bin}/kcminit rPx,
-  @{bin}/lspci rPx,
+  @{sbin}/lspci rPx,
   @{bin}/openssl rix,
   @{bin}/pactl rPx,
   @{bin}/plasma-discover rPx,

apparmor.d/groups/pacman/mkinitcpio

@@ -47,7 +47,7 @@ profile mkinitcpio @{exec_path} flags=(attach_disconnected) {
   @{bin}/{modinfo,rmmod}     rPx,
   @{sbin}/modprobe           rPx,
   @{bin}/plymouth            rPx,
-  @{bin}/plymouth-set-default-theme rPx,
+  @{sbin}/plymouth-set-default-theme rPx,
   @{bin}/sbctl               rPx,
   @{bin}/sync                rPx,
 

apparmor.d/groups/pacman/pacman

@@ -74,7 +74,7 @@ profile pacman @{exec_path} flags=(attach_disconnected) {
   @{bin}/gtk{,4}-update-icon-cache   rPx,
   @{sbin}/iconvconfig                rix,
   @{bin}/install-catalog             rPx,
-  @{bin}/install-info                rPx,
+  @{sbin}/install-info               rPx,
   @{sbin}/iscsi-iname                rix,
   @{bin}/journalctl                  rPx,
   @{bin}/killall                     rix,

apparmor.d/groups/steam/steam

@@ -71,7 +71,7 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted) {
   @{bin}/ldd                    rix,
   @{bin}/lsb_release            rPx -> lsb_release,
   @{bin}/lsof                   rix,
-  @{bin}/lspci                  rCx -> lspci,
+  @{sbin}/lspci                 rCx -> lspci,
   @{bin}/tar                    rix,
   @{bin}/which{,.debianutils}   rix,
   @{bin}/xdg-icon-resource      rPx,
@@ -408,7 +408,7 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted) {
 
     unix receive type=stream,
 
-    @{bin}/lspci mr,
+    @{sbin}/lspci mr,
 
     owner @{HOME}/.steam/steam.pipe r,
 

apparmor.d/groups/systemd/systemd-udevd

@@ -45,7 +45,7 @@ profile systemd-udevd @{exec_path} flags=(attach_disconnected) {
   @{bin}/ddcutil          rPx,
   @{sbin}/dmsetup         rPx,
   @{sbin}/ethtool         rix,
-  @{bin}/issue-generator  rPx,
+  @{sbin}/issue-generator rPx,
   @{sbin}/kdump-config    rPUx,
   @{bin}/kmod             rPx,
   @{bin}/logger           rix,

apparmor.d/groups/utils/lspci

@@ -7,7 +7,7 @@ abi <abi/4.0>,
 
 include <tunables/global>
 
-@{exec_path} = @{bin}/lspci
+@{exec_path} = @{sbin}/lspci
 profile lspci @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/consoles>