Replace shells with new sh_path variable

Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>
2024-02-11 15:34:46 +01:00 · 2024-02-11 15:34:46 +01:00 · 40b171ee94
commit 40b171ee94
parent 3b1b187d13
315 changed files with 415 additions and 369 deletions
--- a/apparmor.d/profiles-s-z/sanoid
+++ b/apparmor.d/profiles-s-z/sanoid
@ -12,7 +12,7 @@ profile sanoid @{exec_path} flags=(complain) {
  include <abstractions/perl>

  @{exec_path}                 mr,
-  @{bin}/{,ba,da}sh       rix,
+  @{sh_path}              rix,
  @{bin}/perl             rix,
  @{bin}/ps               rPx,
  /{usr/,}{local/,}{s,}bin/zfs rPx,
--- a/apparmor.d/profiles-s-z/scrot
+++ b/apparmor.d/profiles-s-z/scrot
@ -15,7 +15,7 @@ profile scrot @{exec_path} {
  @{exec_path} mr,

  # "mv" is needed to change the image dir
-  @{bin}/{,ba,da}sh rix,
+  @{sh_path}        rix,
  @{bin}/mv         rix,

  # The image dir
--- a/apparmor.d/profiles-s-z/secure-time-sync
+++ b/apparmor.d/profiles-s-z/secure-time-sync
@ -20,7 +20,7 @@ profile secure-time-sync @{exec_path} flags=(attach_disconnected) {

  @{exec_path} mr,

-  @{bin}/{,ba,da}sh  rix,
+  @{sh_path}         rix,
  @{bin}/curl        rix,
  @{bin}/date        rix,
  @{bin}/grep        rix,
--- a/apparmor.d/profiles-s-z/smartd
+++ b/apparmor.d/profiles-s-z/smartd
@ -22,7 +22,7 @@ profile smartd @{exec_path} {

  @{exec_path} mr,

-  @{bin}/{,ba,da}sh rix,
+  @{sh_path}        rix,
  @{bin}/cat        rix,
  @{bin}/hostname   rix,
  @{bin}/mail       rix,
--- a/apparmor.d/profiles-s-z/smtube
+++ b/apparmor.d/profiles-s-z/smtube
@ -87,7 +87,7 @@ profile smtube @{exec_path} {

    @{bin}/xdg-open mr,

-    @{bin}/{,ba,da}sh      rix,
+    @{sh_path}             rix,
    @{bin}/{m,g,}awk       rix,
    @{bin}/readlink        rix,
    @{bin}/basename        rix,
--- a/apparmor.d/profiles-s-z/snapd
+++ b/apparmor.d/profiles-s-z/snapd
@ -66,7 +66,7 @@ profile snapd @{exec_path} {
  @{bin}/ssh-keygen               rPx,
  @{bin}/useradd                  rPx,

-  @{bin}/{,ba,da}sh               rix,
+  @{sh_path}                      rix,
  @{bin}/apparmor_parser          rPx,
  @{bin}/cp                       rix,
  @{bin}/gzip                     rix,
--- a/apparmor.d/profiles-s-z/spacefm-auth
+++ b/apparmor.d/profiles-s-z/spacefm-auth
@ -12,7 +12,7 @@ profile spacefm-auth @{exec_path} {
  include <abstractions/base>

  @{exec_path} r,
-  @{bin}/{,ba,da}sh rix,
+  @{sh_path}        rix,

  include if exists <local/spacefm-auth>
 }
--- a/apparmor.d/profiles-s-z/spectre-meltdown-checker
+++ b/apparmor.d/profiles-s-z/spectre-meltdown-checker
@ -28,7 +28,7 @@ profile spectre-meltdown-checker @{exec_path} {
  @{bin}/{,@{multiarch}-}objdump rix,
  @{bin}/{,@{multiarch}-}readelf rix,
  @{bin}/{,@{multiarch}-}strings rix,
-  @{bin}/{,ba,da}sh rix,
+  @{sh_path}        rix,
  @{bin}/{,e}grep   rix,
  @{bin}/{,g,m}awk  rix,
  @{bin}/base64     rix,
--- a/apparmor.d/profiles-s-z/start-pulseaudio-x11
+++ b/apparmor.d/profiles-s-z/start-pulseaudio-x11
@ -12,7 +12,7 @@ profile start-pulseaudio-x11 @{exec_path} {

  @{exec_path} mr,

-  @{bin}/{,ba,da}sh  rix,
+  @{sh_path}         rix,
  @{bin}/head        rix,
  @{bin}/pactl       rPx,
  @{bin}/plasmashell rPx,
--- a/apparmor.d/profiles-s-z/startx
+++ b/apparmor.d/profiles-s-z/startx
@ -14,7 +14,7 @@ profile startx @{exec_path} flags=(attach_disconnected) {
  include <abstractions/nameservice-strict>

  @{exec_path} r,
-  @{bin}/{,ba,da}sh rix,
+  @{sh_path}        rix,

  @{bin}/{,e}grep   rix,
  @{bin}/deallocvt  rix,
--- a/apparmor.d/profiles-s-z/steam
+++ b/apparmor.d/profiles-s-z/steam
@ -37,7 +37,7 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted,complain)

  @{exec_path} mrix,

-  @{bin}/{,ba,da}sh             rix,
+  @{sh_path}                    rix,
  @{bin}/{m,g,}awk              rix,
  @{bin}/*sum                   rix,
  @{bin}/basename               rix,
--- a/apparmor.d/profiles-s-z/steam-game
+++ b/apparmor.d/profiles-s-z/steam-game
@ -60,7 +60,7 @@ profile steam-game @{exec_path} flags=(attach_disconnected) {

  @{exec_path} mrix,

-  @{bin}/{,ba,da}sh                          rix,
+  @{sh_path}                                 rix,
  @{bin}/bwrap                               rix,
  @{bin}/env                                 rix,
  @{bin}/getopt                              rix,
--- a/apparmor.d/profiles-s-z/strawberry
+++ b/apparmor.d/profiles-s-z/strawberry
@ -111,7 +111,7 @@ profile strawberry @{exec_path} {

    @{bin}/xdg-open mr,

-    @{bin}/{,ba,da}sh      rix,
+    @{sh_path}             rix,
    @{bin}/{m,g,}awk       rix,
    @{bin}/readlink        rix,
    @{bin}/basename        rix,
--- a/apparmor.d/profiles-s-z/syncoid
+++ b/apparmor.d/profiles-s-z/syncoid
@ -14,7 +14,7 @@ profile syncoid @{exec_path} flags=(complain) {

  @{exec_path} mr,

-  @{bin}/{,ba,da}sh              rix,
+  @{sh_path}                     rix,
  @{bin}/grep                    rix,
  @{bin}/mbuffer                 rix,
  @{bin}/perl                    rix,
--- a/apparmor.d/profiles-s-z/system-config-printer
+++ b/apparmor.d/profiles-s-z/system-config-printer
@ -31,7 +31,7 @@ profile system-config-printer @{exec_path} flags=(complain) {

  @{exec_path} mrix,

-  @{bin}/{,ba,da}sh           rix,
+  @{sh_path}                  rix,
  @{bin}/python3.@{int}         r,
  @{lib}/cups/*/*            rPUx,
  /usr/share/hplip/query.py  rPUx,
--- a/apparmor.d/profiles-s-z/system-config-printer-applet
+++ b/apparmor.d/profiles-s-z/system-config-printer-applet
@ -19,7 +19,7 @@ profile system-config-printer-applet @{exec_path} {

  @{exec_path} mrix,

-  @{bin}/{,ba,da}sh     rix,
+  @{sh_path}            rix,
  @{bin}/python3.@{int} r,

  /usr/share/system-config-printer/{,**} r,
--- a/apparmor.d/profiles-s-z/tasksel
+++ b/apparmor.d/profiles-s-z/tasksel
@ -15,7 +15,7 @@ profile tasksel @{exec_path} flags=(complain) {
  @{exec_path} r,
  @{bin}/perl r,

-  @{bin}/{,ba,da}sh              rix,
+  @{sh_path}                     rix,
  @{bin}/tempfile                rix,
  @{lib}/tasksel/tasksel-debconf rix,

@ -45,7 +45,7 @@ profile tasksel @{exec_path} flags=(complain) {
    include <abstractions/base>

    @{lib}/tasksel/tests/* r,
-    @{bin}/{,ba,da}sh rix,
+    @{sh_path}        rix,

  }

@ -60,7 +60,7 @@ profile tasksel @{exec_path} flags=(complain) {

    @{bin}/tasksel rPx,

-    @{bin}/{,ba,da}sh rix,
+    @{sh_path}        rix,
    @{bin}/stty       rix,
    @{bin}/locale     rix,

--- a/apparmor.d/profiles-s-z/thunderbird
+++ b/apparmor.d/profiles-s-z/thunderbird
@ -59,7 +59,7 @@ profile thunderbird @{exec_path} {

  @{exec_path} mrix,

-  @{bin}/{,ba,da}sh  rix,
+  @{sh_path}         rix,

  @{lib_dirs}/{,**}                            r,
  @{lib_dirs}/*.so                            mr,
--- a/apparmor.d/profiles-s-z/tint2conf
+++ b/apparmor.d/profiles-s-z/tint2conf
@ -19,7 +19,7 @@ profile tint2conf @{exec_path} {

  @{bin}/tint2      rPx,

-  @{bin}/{,ba,da}sh rix,
+  @{sh_path}        rix,

  /usr/share/tint2/{,*} r,

--- a/apparmor.d/profiles-s-z/torify
+++ b/apparmor.d/profiles-s-z/torify
@ -12,7 +12,7 @@ profile torify @{exec_path} {
  include <abstractions/base>

  @{exec_path} r,
-  @{bin}/{,ba,da}sh rix,
+  @{sh_path}        rix,

  include if exists <local/torify>
 }
--- a/apparmor.d/profiles-s-z/torsocks
+++ b/apparmor.d/profiles-s-z/torsocks
@ -16,7 +16,7 @@ profile torsocks @{exec_path} {

  @{exec_path} rm,

-  @{bin}/{,ba,da}sh  rix,
+  @{sh_path}         rix,
  @{bin}/*          rPUx,
  @{lib}/uwt/uwtexec rPUx,
  @{bin}/getcap      rix,
--- a/apparmor.d/profiles-s-z/tpacpi-bat
+++ b/apparmor.d/profiles-s-z/tpacpi-bat
@ -15,7 +15,7 @@ profile tpacpi-bat @{exec_path} {
  @{exec_path} mr,
  @{bin}/perl r,

-  @{bin}/{,ba,da}sh rix,
+  @{sh_path}        rix,
  @{bin}/cat        rix,

  # To load the acpi_call module
--- a/apparmor.d/profiles-s-z/ucf
+++ b/apparmor.d/profiles-s-z/ucf
@ -13,7 +13,7 @@ profile ucf @{exec_path} flags=(complain) {
  include <abstractions/consoles>

  @{exec_path} r,
-  @{bin}/{,ba,da}sh     rix,
+  @{sh_path}            rix,

  @{bin}/{,e}grep       rix,
  @{bin}/basename       rix,
@ -92,7 +92,7 @@ profile ucf @{exec_path} flags=(complain) {

    @{bin}/ucf rPx,

-    @{bin}/{,ba,da}sh rix,
+    @{sh_path}        rix,
    @{bin}/stty       rix,
    @{bin}/locale     rix,

--- a/apparmor.d/profiles-s-z/udiskie
+++ b/apparmor.d/profiles-s-z/udiskie
@ -49,7 +49,7 @@ profile udiskie @{exec_path} {

    @{bin}/xdg-open mr,

-    @{bin}/{,ba,da}sh      rix,
+    @{sh_path}             rix,
    @{bin}/{m,g,}awk       rix,
    @{bin}/readlink        rix,
    @{bin}/basename        rix,
--- a/apparmor.d/profiles-s-z/udisksctl
+++ b/apparmor.d/profiles-s-z/udisksctl
@ -13,7 +13,7 @@ profile udisksctl @{exec_path} {

  @{exec_path} mr,

-  @{bin}/{,ba,da}sh rix,
+  @{sh_path}        rix,

  @{bin}/pager rPx -> child-pager,
  @{bin}/less  rPx -> child-pager,
--- a/apparmor.d/profiles-s-z/udisksd
+++ b/apparmor.d/profiles-s-z/udisksd
@ -69,7 +69,7 @@ profile udisksd @{exec_path} flags=(attach_disconnected) {

  @{exec_path} mr,

-  @{bin}/{,ba,da}sh      rix,
+  @{sh_path}             rix,
  @{bin}/umount          rix,

  @{bin}/dmidecode            rPx,
--- a/apparmor.d/profiles-s-z/unhide-linux
+++ b/apparmor.d/profiles-s-z/unhide-linux
@ -18,7 +18,7 @@ profile unhide-linux @{exec_path} {

  @{exec_path} mr,

-  @{bin}/{,ba,da}sh rix,
+  @{sh_path}        rix,
  @{bin}/ps         rix,

  @{PROC}/ r,
--- a/apparmor.d/profiles-s-z/unhide-posix
+++ b/apparmor.d/profiles-s-z/unhide-posix
@ -18,7 +18,7 @@ profile unhide-posix @{exec_path} {

  @{exec_path} mr,

-  @{bin}/{,ba,da}sh rix,
+  @{sh_path}        rix,
  @{bin}/{,e}grep   rix,
  @{bin}/{m,g,}awk  rix,
  @{bin}/ps         rix,
--- a/apparmor.d/profiles-s-z/unhide-tcp
+++ b/apparmor.d/profiles-s-z/unhide-tcp
@ -18,7 +18,7 @@ profile unhide-tcp @{exec_path} {

  @{exec_path} mr,

-  @{bin}/{,ba,da}sh rix,
+  @{sh_path}        rix,
  @{bin}/fuser      rix,
  @{bin}/netstat    rix,
  @{bin}/sed        rix,
--- a/apparmor.d/profiles-s-z/unmkinitramfs
+++ b/apparmor.d/profiles-s-z/unmkinitramfs
@ -17,7 +17,7 @@ profile unmkinitramfs @{exec_path} {

  @{exec_path} r,

-  @{bin}/{,ba,da}sh rix,
+  @{sh_path}        rix,
  @{bin}/{,e}grep   rix,
  @{bin}/bzip2      rix,
  @{bin}/cat        rix,
--- a/apparmor.d/profiles-s-z/update-ca-certificates
+++ b/apparmor.d/profiles-s-z/update-ca-certificates
@ -16,7 +16,7 @@ profile update-ca-certificates @{exec_path} {

  @{exec_path} rmix,

-  @{bin}/{,ba,da}sh rix,
+  @{sh_path}        rix,
  @{bin}/basename   rix,
  @{bin}/cat        rix,
  @{bin}/chmod      rix,
--- a/apparmor.d/profiles-s-z/update-cracklib
+++ b/apparmor.d/profiles-s-z/update-cracklib
@ -13,7 +13,7 @@ profile update-cracklib @{exec_path} {

  @{exec_path} mr,

-  @{bin}/{,ba,da}sh           rix,
+  @{sh_path}                  rix,
  @{bin}/cracklib-format      rix,
  @{bin}/cracklib-packer      rPx,
  @{bin}/env                  rix,
--- a/apparmor.d/profiles-s-z/update-dlocatedb
+++ b/apparmor.d/profiles-s-z/update-dlocatedb
@ -13,7 +13,7 @@ profile update-dlocatedb @{exec_path} {
  include <abstractions/consoles>

  @{exec_path} mr,
-  @{bin}/{,ba,da}sh rix,
+  @{sh_path}        rix,

  @{bin}/cat        rix,
  @{bin}/uname      rix,
--- a/apparmor.d/profiles-s-z/update-initramfs
+++ b/apparmor.d/profiles-s-z/update-initramfs
@ -15,7 +15,7 @@ profile update-initramfs @{exec_path} {
  ptrace (read) peer=unconfined,

  @{exec_path} rix,
-  @{bin}/{,ba,da}sh    rix,
+  @{sh_path}           rix,

  @{bin}/             r,

--- a/apparmor.d/profiles-s-z/update-pciids
+++ b/apparmor.d/profiles-s-z/update-pciids
@ -13,7 +13,7 @@ profile update-pciids @{exec_path} {
  include <abstractions/consoles>

  @{exec_path} r,
-  @{bin}/{,ba,da}sh rix,
+  @{sh_path}        rix,

  @{bin}/touch      rix,
  @{bin}/rm         rix,
--- a/apparmor.d/profiles-s-z/update-secureboot-policy
+++ b/apparmor.d/profiles-s-z/update-secureboot-policy
@ -14,7 +14,7 @@ profile update-secureboot-policy @{exec_path} {

  @{exec_path} rm,

-  @{bin}/{,ba,da}sh      rix,
+  @{sh_path}             rix,
  @{bin}/{,m,g}awk       rix,
  @{bin}/dpkg-trigger    rPx,
  @{bin}/find            rix,
--- a/apparmor.d/profiles-s-z/update-smart-drivedb
+++ b/apparmor.d/profiles-s-z/update-smart-drivedb
@ -13,7 +13,7 @@ profile update-smart-drivedb @{exec_path} {
  include <abstractions/consoles>

  @{exec_path} r,
-  @{bin}/{,ba,da}sh rix,
+  @{sh_path}        rix,

  @{bin}/cat        rix,
  @{bin}/dirname    rix,
@ -76,7 +76,7 @@ profile update-smart-drivedb @{exec_path} {
    @{bin}/curl mr,
    @{bin}/lynx mr,

-    @{bin}/{,ba,da}sh rix,
+    @{sh_path}        rix,

    /etc/mime.types r,
    /etc/mailcap r,
--- a/apparmor.d/profiles-s-z/usb-devices
+++ b/apparmor.d/profiles-s-z/usb-devices
@ -17,7 +17,7 @@ profile usb-devices @{exec_path} {
  deny capability dac_override,

  @{exec_path} r,
-  @{bin}/{,ba,da}sh rix,
+  @{sh_path}        rix,

  @{bin}/cat        rix,
  @{bin}/cut        rix,
--- a/apparmor.d/profiles-s-z/utox
+++ b/apparmor.d/profiles-s-z/utox
@ -45,7 +45,7 @@ profile utox @{exec_path} {

    @{bin}/xdg-open mr,

-    @{bin}/{,ba,da}sh      rix,
+    @{sh_path}             rix,
    @{bin}/{m,g,}awk       rix,
    @{bin}/readlink        rix,
    @{bin}/basename        rix,
--- a/apparmor.d/profiles-s-z/uupdate
+++ b/apparmor.d/profiles-s-z/uupdate
@ -15,7 +15,7 @@ profile uupdate @{exec_path} flags=(complain) {
  include <abstractions/nameservice-strict>

  @{exec_path} r,
-  @{bin}/{,ba,da}sh rix,
+  @{sh_path}        rix,

  @{bin}/basename   rix,
  @{bin}/which{,.debianutils}      rix,
--- a/apparmor.d/profiles-s-z/vipw-vigr
+++ b/apparmor.d/profiles-s-z/vipw-vigr
@ -15,7 +15,7 @@ profile vipw-vigr @{exec_path} {

  @{exec_path} mr,

-  @{bin}/{,ba,da}sh      rix,
+  @{sh_path}             rix,

  @{bin}/sensible-editor rCx -> editor,
  @{bin}/vim.*           rCx -> editor,
@ -47,7 +47,7 @@ profile vipw-vigr @{exec_path} {

    @{bin}/sensible-editor mr,
    @{bin}/vim.*           mrix,
-    @{bin}/{,ba,da}sh       rix,
+    @{sh_path}              rix,
    @{bin}/which{,.debianutils}            rix,

    owner @{HOME}/.selected_editor r,
--- a/apparmor.d/profiles-s-z/virt-manager
+++ b/apparmor.d/profiles-s-z/virt-manager
@ -31,7 +31,7 @@ profile virt-manager @{exec_path} flags=(attach_disconnected) {

  @{exec_path} rix,

-  @{bin}/{,ba,da}sh rix,
+  @{sh_path}        rix,
  @{bin}/python3.@{int} r,
  @{lib}/python3.@{int}/site-packages/__pycache__/guestfs.cpython-[0-9]*.pyc.[0-9]* w,

--- a/apparmor.d/profiles-s-z/volumeicon
+++ b/apparmor.d/profiles-s-z/volumeicon
@ -34,7 +34,7 @@ profile volumeicon @{exec_path} {
  /etc/machine-id r,

  # Start the PulseAudio sound mixer
-  @{bin}/{,ba,da}sh    rix,
+  @{sh_path}           rix,
  @{bin}/pavucontrol  rPUx,
  @{bin}/pulseeffects rPUx,

--- a/apparmor.d/profiles-s-z/whdd
+++ b/apparmor.d/profiles-s-z/whdd
@ -19,7 +19,7 @@ profile whdd @{exec_path} {

  @{exec_path} mr,

-  @{bin}/{,ba,da}sh rix,
+  @{sh_path}        rix,
  @{bin}/{,e}grep   rix,
  @{bin}/{m,g,}awk  rix,
  @{bin}/tr         rix,
--- a/apparmor.d/profiles-s-z/which
+++ b/apparmor.d/profiles-s-z/which
@ -14,7 +14,7 @@ profile which @{exec_path} flags=(attach_disconnected) {

  @{exec_path} mr,

-  @{bin}/{,ba,da}sh  rix,
+  @{sh_path}         rix,

  @{bin}/ r,
  @{bin}/**/ r,
--- a/apparmor.d/profiles-s-z/wireshark
+++ b/apparmor.d/profiles-s-z/wireshark
@ -94,7 +94,7 @@ profile wireshark @{exec_path} {

    @{bin}/xdg-open mr,

-    @{bin}/{,ba,da}sh      rix,
+    @{sh_path}             rix,
    @{bin}/{m,g,}awk       rix,
    @{bin}/readlink        rix,
    @{bin}/basename        rix,
--- a/apparmor.d/profiles-s-z/wpa-action
+++ b/apparmor.d/profiles-s-z/wpa-action
@ -19,7 +19,7 @@ profile wpa-action @{exec_path} {

  @{bin}/wpa_cli   rPx,

-  @{bin}/{,ba,da}sh rix,
+  @{sh_path}        rix,
  @{bin}/{,e}grep   rix,
  @{bin}/cat        rix,
  @{bin}/date       rix,
--- a/apparmor.d/profiles-s-z/x11-xsession
+++ b/apparmor.d/profiles-s-z/x11-xsession
@ -15,7 +15,7 @@ profile x11-xsession @{exec_path} {

  @{exec_path} r,

-  @{bin}/{,ba,da}sh rix,
+  @{sh_path}        rix,
  @{bin}/{,e}grep   rix,
  @{bin}/{m,g,}awk  rix,
  @{bin}/basename   rix,
--- a/apparmor.d/profiles-s-z/xarchiver
+++ b/apparmor.d/profiles-s-z/xarchiver
@ -21,7 +21,7 @@ profile xarchiver @{exec_path} {

  @{exec_path} mrix,

-  @{bin}/{,ba,da}sh    rix,
+  @{sh_path}           rix,
  @{bin}/ls            rix,
  @{bin}/rm            rix,
  @{bin}/mv            rix,
@ -79,7 +79,7 @@ profile xarchiver @{exec_path} {

    @{bin}/xdg-open mr,

-    @{bin}/{,ba,da}sh      rix,
+    @{sh_path}             rix,
    @{bin}/{m,g,}awk       rix,
    @{bin}/readlink        rix,
    @{bin}/basename        rix,
--- a/apparmor.d/profiles-s-z/xautolock
+++ b/apparmor.d/profiles-s-z/xautolock
@ -13,7 +13,7 @@ profile xautolock @{exec_path} {

  @{exec_path} mr,

-  @{bin}/{,ba,da}sh rix,
+  @{sh_path}        rix,
  @{bin}/env        rix,

  # Locker apps to launch.
--- a/apparmor.d/profiles-s-z/xinit
+++ b/apparmor.d/profiles-s-z/xinit
@ -20,7 +20,7 @@ profile xinit @{exec_path} {
  @{exec_path} mr,

  @{bin}/               r,
-  @{bin}/{,ba,da}sh   rix,
+  @{sh_path}          rix,
  @{bin}/{,e}grep     rix,
  @{bin}/{m,g,}awk    rix,
  @{bin}/cat          rix,
--- a/apparmor.d/profiles-s-z/youtube-viewer
+++ b/apparmor.d/profiles-s-z/youtube-viewer
@ -27,7 +27,7 @@ profile youtube-viewer @{exec_path} {
  @{exec_path} r,
  @{bin}/perl r,

-  @{bin}/{,ba,da}sh rix,
+  @{sh_path}        rix,
  @{bin}/infocmp    rix,
  @{bin}/stty       rix,

--- a/apparmor.d/profiles-s-z/zpool
+++ b/apparmor.d/profiles-s-z/zpool
@ -15,7 +15,7 @@ profile zpool @{exec_path} {

  @{exec_path} mr,

-  @{bin}/{,ba,da}sh rix,
+  @{sh_path}        rix,
  /{usr/,}{local/,}lib/zfs-linux/zpool.d/* rix,

  /etc/hostid r,
--- a/apparmor.d/profiles-s-z/zsys-system-autosnapshot
+++ b/apparmor.d/profiles-s-z/zsys-system-autosnapshot
@ -13,7 +13,7 @@ profile zsys-system-autosnapshot @{exec_path} flags=(complain) {

  @{exec_path}            mr,
  
-  @{bin}/{,ba,da}sh  rix,
+  @{sh_path}         rix,
  @{bin}/cat         rix,
  @{bin}/cp          rix,
  @{bin}/rm          rix,