From 415c09ca88c8ed25e023174acaf4d97b69a49dea Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Wed, 14 May 2025 22:43:58 +0200 Subject: [PATCH] feat(tunable): add alias from which.debianutils to which. --- apparmor.d/abstractions/app/editor | 4 ++-- apparmor.d/groups/apt/apt-listchanges | 2 +- apparmor.d/groups/apt/aptitude | 3 +-- apparmor.d/groups/browsers/brave-wrapper | 2 +- apparmor.d/groups/browsers/chrome-wrapper | 2 +- apparmor.d/groups/browsers/msedge-wrapper | 2 +- apparmor.d/groups/cron/cron-apt-compat | 2 +- apparmor.d/groups/cron/cron-apt-xapian-index | 2 +- apparmor.d/groups/cron/cron-aptitude | 2 +- apparmor.d/groups/cron/cron-mlocate | 2 +- apparmor.d/groups/cron/cron-plocate | 2 +- apparmor.d/groups/cron/cron-popularity-contest | 2 +- apparmor.d/groups/display-manager/x11-xsession | 2 +- apparmor.d/groups/gnome/gdm-xsession | 2 +- apparmor.d/groups/gnome/gsd-xsettings | 2 +- apparmor.d/groups/grub/grub-mkconfig | 2 +- apparmor.d/groups/network/openvpn | 2 +- apparmor.d/groups/ubuntu/apport-gtk | 2 +- apparmor.d/profiles-a-f/anyremote | 2 +- apparmor.d/profiles-a-f/aspell-autobuildhash | 2 +- apparmor.d/profiles-a-f/claws-mail | 2 +- apparmor.d/profiles-g-l/ganyremote | 2 +- apparmor.d/profiles-g-l/gsmartcontrol-root | 2 +- apparmor.d/profiles-g-l/kanyremote | 2 +- apparmor.d/profiles-m-r/mumble-overlay | 2 +- apparmor.d/profiles-m-r/needrestart-vmlinuz-get-version | 2 +- apparmor.d/profiles-m-r/openbox | 2 +- apparmor.d/profiles-s-z/ucf | 2 +- apparmor.d/profiles-s-z/update-pciids | 2 +- apparmor.d/profiles-s-z/uupdate | 2 +- apparmor.d/profiles-s-z/xinit | 2 +- apparmor.d/tunables/multiarch.d/system | 3 +++ 32 files changed, 35 insertions(+), 33 deletions(-) diff --git a/apparmor.d/abstractions/app/editor b/apparmor.d/abstractions/app/editor index d21930d81..1c0b87e6a 100644 --- a/apparmor.d/abstractions/app/editor +++ b/apparmor.d/abstractions/app/editor @@ -12,8 +12,8 @@ @{sh_path} rix, @{bin}/nvim mix, @{bin}/sensible-editor mr, - @{bin}/vim{,.*} mrix, - @{bin}/which{,.debianutils} ix, + @{bin}/vim{,.*} mrix, + @{bin}/which rix, /usr/share/nvim/{,**} r, /usr/share/terminfo/** r, diff --git a/apparmor.d/groups/apt/apt-listchanges b/apparmor.d/groups/apt/apt-listchanges index dbbba9d4d..559e58504 100644 --- a/apparmor.d/groups/apt/apt-listchanges +++ b/apparmor.d/groups/apt/apt-listchanges @@ -87,7 +87,7 @@ profile apt-listchanges @{exec_path} { @{bin}/ r, @{sh_path} rix, - @{bin}/which{,.debianutils} rix, + @{bin}/which rix, owner @{HOME}/.less* rw, diff --git a/apparmor.d/groups/apt/aptitude b/apparmor.d/groups/apt/aptitude index eb8a8cd8d..e3a6a794b 100644 --- a/apparmor.d/groups/apt/aptitude +++ b/apparmor.d/groups/apt/aptitude @@ -174,8 +174,7 @@ profile aptitude @{exec_path} flags=(complain) { @{bin}/ r, @{editor_path} mrix, @{sh_path} rix, - - @{bin}/which{,.debianutils} rix, + @{bin}/which rix, owner @{HOME}/.less* rw, owner @{tmp}/aptitude-*.@{pid}:*/aptitude-download-* rw, diff --git a/apparmor.d/groups/browsers/brave-wrapper b/apparmor.d/groups/browsers/brave-wrapper index b4f70689c..7001da3fe 100644 --- a/apparmor.d/groups/browsers/brave-wrapper +++ b/apparmor.d/groups/browsers/brave-wrapper @@ -23,7 +23,7 @@ profile brave-wrapper @{exec_path} { @{bin}/mkdir rix, @{bin}/readlink rix, @{bin}/touch rix, - @{bin}/which{,.debianutils} rix, + @{bin}/which rix, @{lib_dirs}/brave rPx, diff --git a/apparmor.d/groups/browsers/chrome-wrapper b/apparmor.d/groups/browsers/chrome-wrapper index 709eb79a1..0a97d4052 100644 --- a/apparmor.d/groups/browsers/chrome-wrapper +++ b/apparmor.d/groups/browsers/chrome-wrapper @@ -22,7 +22,7 @@ profile chrome-wrapper @{exec_path} flags=(attach_disconnected) { @{bin}/mkdir rix, @{bin}/readlink rix, @{bin}/touch rix, - @{bin}/which{,.debianutils} rix, + @{bin}/which rix, @{lib_dirs}/chrome rPx, diff --git a/apparmor.d/groups/browsers/msedge-wrapper b/apparmor.d/groups/browsers/msedge-wrapper index 8268db2e1..3da31e332 100644 --- a/apparmor.d/groups/browsers/msedge-wrapper +++ b/apparmor.d/groups/browsers/msedge-wrapper @@ -22,7 +22,7 @@ profile msedge-wrapper @{exec_path} flags=(attach_disconnected) { @{bin}/mkdir rix, @{bin}/readlink rix, @{bin}/touch rix, - @{bin}/which{,.debianutils} rix, + @{bin}/which rix, @{lib_dirs}/msedge rPx, diff --git a/apparmor.d/groups/cron/cron-apt-compat b/apparmor.d/groups/cron/cron-apt-compat index fcf5e4430..1778d4b7e 100644 --- a/apparmor.d/groups/cron/cron-apt-compat +++ b/apparmor.d/groups/cron/cron-apt-compat @@ -22,7 +22,7 @@ profile cron-apt-compat @{exec_path} { @{bin}/dd rix, @{bin}/cksum rix, @{bin}/cut rix, - @{bin}/which{,.debianutils} rix, + @{bin}/which rix, @{bin}/sleep rix, include if exists diff --git a/apparmor.d/groups/cron/cron-apt-xapian-index b/apparmor.d/groups/cron/cron-apt-xapian-index index f264de78c..83eb22428 100644 --- a/apparmor.d/groups/cron/cron-apt-xapian-index +++ b/apparmor.d/groups/cron/cron-apt-xapian-index @@ -14,7 +14,7 @@ profile cron-apt-xapian-index @{exec_path} { @{exec_path} r, @{sh_path} rix, - @{bin}/which{,.debianutils} rix, + @{bin}/which rix, @{bin}/{,e}grep rix, @{bin}/nice rix, diff --git a/apparmor.d/groups/cron/cron-aptitude b/apparmor.d/groups/cron/cron-aptitude index 76657dc94..a471b2844 100644 --- a/apparmor.d/groups/cron/cron-aptitude +++ b/apparmor.d/groups/cron/cron-aptitude @@ -17,7 +17,7 @@ profile cron-aptitude @{exec_path} { @{bin}/cp rix, @{bin}/date rix, @{bin}/basename rix, - @{bin}/which{,.debianutils} rix, + @{bin}/which rix, @{bin}/dirname rix, @{bin}/rm rix, @{bin}/mv rix, diff --git a/apparmor.d/groups/cron/cron-mlocate b/apparmor.d/groups/cron/cron-mlocate index f0757187a..ec9690938 100644 --- a/apparmor.d/groups/cron/cron-mlocate +++ b/apparmor.d/groups/cron/cron-mlocate @@ -15,7 +15,7 @@ profile cron-mlocate @{exec_path} { @{exec_path} r, @{sh_path} rix, - @{bin}/which{,.debianutils} rix, + @{bin}/which rix, @{bin}/true rix, @{bin}/flock rix, @{bin}/nocache rix, diff --git a/apparmor.d/groups/cron/cron-plocate b/apparmor.d/groups/cron/cron-plocate index 742531b41..0604eba3a 100644 --- a/apparmor.d/groups/cron/cron-plocate +++ b/apparmor.d/groups/cron/cron-plocate @@ -15,7 +15,7 @@ profile cron-plocate @{exec_path} { @{exec_path} r, @{sh_path} rix, - @{bin}/which{,.debianutils} rix, + @{bin}/which rix, @{bin}/true rix, @{bin}/flock rix, @{bin}/nocache rix, diff --git a/apparmor.d/groups/cron/cron-popularity-contest b/apparmor.d/groups/cron/cron-popularity-contest index c4b9de0b3..63a664096 100644 --- a/apparmor.d/groups/cron/cron-popularity-contest +++ b/apparmor.d/groups/cron/cron-popularity-contest @@ -74,7 +74,7 @@ profile cron-popularity-contest @{exec_path} { @{bin}/mv rix, @{bin}/rm rix, @{bin}/touch rix, - @{bin}/which{,.debianutils} rix, + @{bin}/which rix, @{sh_path} rix, /var/log/ r, diff --git a/apparmor.d/groups/display-manager/x11-xsession b/apparmor.d/groups/display-manager/x11-xsession index 445531691..4eb916aab 100644 --- a/apparmor.d/groups/display-manager/x11-xsession +++ b/apparmor.d/groups/display-manager/x11-xsession @@ -34,7 +34,7 @@ profile x11-xsession @{exec_path} { @{bin}/tail rix, @{bin}/tempfile rix, @{bin}/touch rix, - @{bin}/which{,.debianutils} rix, + @{bin}/which rix, @{bin}/dbus-update-activation-environment rCx -> dbus, diff --git a/apparmor.d/groups/gnome/gdm-xsession b/apparmor.d/groups/gnome/gdm-xsession index 03e77816c..9804ddcb0 100644 --- a/apparmor.d/groups/gnome/gdm-xsession +++ b/apparmor.d/groups/gnome/gdm-xsession @@ -35,7 +35,7 @@ profile gdm-xsession @{exec_path} { @{bin}/tr rix, @{bin}/truncate rix, @{bin}/tty rix, - @{bin}/which{,.debianutils} rix, + @{bin}/which rix, @{bin}/zsh rix, @{bin}/dbus-update-activation-environment rCx -> dbus, diff --git a/apparmor.d/groups/gnome/gsd-xsettings b/apparmor.d/groups/gnome/gsd-xsettings index c7478292c..e5489c2b4 100644 --- a/apparmor.d/groups/gnome/gsd-xsettings +++ b/apparmor.d/groups/gnome/gsd-xsettings @@ -47,7 +47,7 @@ profile gsd-xsettings @{exec_path} { @{bin}/cat rix, @{bin}/sed rix, - @{bin}/which{,.debianutils} rix, + @{bin}/which rix, @{bin}/busctl rPx, @{bin}/pactl rPx, diff --git a/apparmor.d/groups/grub/grub-mkconfig b/apparmor.d/groups/grub/grub-mkconfig index 8034d7e54..c4c24efc9 100644 --- a/apparmor.d/groups/grub/grub-mkconfig +++ b/apparmor.d/groups/grub/grub-mkconfig @@ -56,7 +56,7 @@ profile grub-mkconfig @{exec_path} flags=(attach_disconnected) { @{bin}/tr rix, @{bin}/umount rPx, @{bin}/uname rix, - @{bin}/which{.debianutils,} rix, + @{bin}/which rix, @{bin}/zfs rPx, @{bin}/zpool rPx, /etc/grub.d/{,**} rix, diff --git a/apparmor.d/groups/network/openvpn b/apparmor.d/groups/network/openvpn index 5623901fb..f4fcfa50d 100644 --- a/apparmor.d/groups/network/openvpn +++ b/apparmor.d/groups/network/openvpn @@ -84,7 +84,7 @@ profile openvpn @{exec_path} flags=(attach_disconnected) { @{sh_path} rix, @{bin}/cut rix, @{sbin}/ip rix, - @{bin}/which{,.debianutils} rix, + @{bin}/which rix, @{sbin}/xtables-nft-multi rix, /etc/iproute2/rt_tables r, diff --git a/apparmor.d/groups/ubuntu/apport-gtk b/apparmor.d/groups/ubuntu/apport-gtk index 15c7f27ad..1307313d9 100644 --- a/apparmor.d/groups/ubuntu/apport-gtk +++ b/apparmor.d/groups/ubuntu/apport-gtk @@ -52,7 +52,7 @@ profile apport-gtk @{exec_path} { @{bin}/systemctl rCx -> systemctl, @{bin}/systemd-detect-virt rPx, @{bin}/uname rix, - @{bin}/which{,.debianutils} rix, + @{bin}/which rix, @{lib}/{,colord/}colord-sane rPx, @{lib}/@{multiarch}/ld*.so* rix, /usr/share/apport/root_info_wrapper rix, diff --git a/apparmor.d/profiles-a-f/anyremote b/apparmor.d/profiles-a-f/anyremote index db67de319..6af2cd38d 100644 --- a/apparmor.d/profiles-a-f/anyremote +++ b/apparmor.d/profiles-a-f/anyremote @@ -41,7 +41,7 @@ profile anyremote @{exec_path} { @{bin}/tail rix, @{bin}/tr rix, @{bin}/wc rix, - @{bin}/which{,.debianutils} rix, + @{bin}/which rix, @{bin}/convert-im6.q16 rCx -> imagemagic, @{bin}/killall rCx -> killall, diff --git a/apparmor.d/profiles-a-f/aspell-autobuildhash b/apparmor.d/profiles-a-f/aspell-autobuildhash index a10df8394..43edd3233 100644 --- a/apparmor.d/profiles-a-f/aspell-autobuildhash +++ b/apparmor.d/profiles-a-f/aspell-autobuildhash @@ -20,7 +20,7 @@ profile aspell-autobuildhash @{exec_path} flags=(complain) { @{bin}/gzip rix, @{bin}/precat rix, @{bin}/prezip-bin rix, - @{bin}/which{,.debianutils} rix, + @{bin}/which rix, @{bin}/zcat rix, @{bin}/dpkg-trigger rPx, diff --git a/apparmor.d/profiles-a-f/claws-mail b/apparmor.d/profiles-a-f/claws-mail index 7c5486c50..cecb0e22d 100644 --- a/apparmor.d/profiles-a-f/claws-mail +++ b/apparmor.d/profiles-a-f/claws-mail @@ -24,7 +24,7 @@ profile claws-mail @{exec_path} flags=(complain) { @{exec_path} mr, @{sh_path} rix, - @{bin}/which{,.debianutils} rix, + @{bin}/which rix, @{bin}/gpg{,2} rCx -> gpg, @{bin}/gpgsm rCx -> gpg, diff --git a/apparmor.d/profiles-g-l/ganyremote b/apparmor.d/profiles-g-l/ganyremote index 79f8c2fc7..b2dc7b92d 100644 --- a/apparmor.d/profiles-g-l/ganyremote +++ b/apparmor.d/profiles-g-l/ganyremote @@ -30,7 +30,7 @@ profile ganyremote @{exec_path} { @{bin}/{,e}grep rix, @{bin}/cut rix, @{bin}/id rix, - @{bin}/which{,.debianutils} rix, + @{bin}/which rix, @{bin}/tr rix, @{bin}/{m,g,}awk rix, diff --git a/apparmor.d/profiles-g-l/gsmartcontrol-root b/apparmor.d/profiles-g-l/gsmartcontrol-root index 10c1f445b..515d2234c 100644 --- a/apparmor.d/profiles-g-l/gsmartcontrol-root +++ b/apparmor.d/profiles-g-l/gsmartcontrol-root @@ -15,7 +15,7 @@ profile gsmartcontrol-root @{exec_path} { @{exec_path} r, @{sh_path} rix, - @{bin}/which{,.debianutils} rix, + @{bin}/which rix, @{bin}/pkexec rCx -> pkexec, diff --git a/apparmor.d/profiles-g-l/kanyremote b/apparmor.d/profiles-g-l/kanyremote index 0e27fa5ae..10e085799 100644 --- a/apparmor.d/profiles-g-l/kanyremote +++ b/apparmor.d/profiles-g-l/kanyremote @@ -31,7 +31,7 @@ profile kanyremote @{exec_path} { @{bin}/{,e}grep rix, @{bin}/cut rix, @{bin}/id rix, - @{bin}/which{,.debianutils} rix, + @{bin}/which rix, @{bin}/tr rix, @{bin}/{m,g,}awk rix, @{bin}/head rix, diff --git a/apparmor.d/profiles-m-r/mumble-overlay b/apparmor.d/profiles-m-r/mumble-overlay index 8d17ef3d6..c077f3836 100644 --- a/apparmor.d/profiles-m-r/mumble-overlay +++ b/apparmor.d/profiles-m-r/mumble-overlay @@ -16,7 +16,7 @@ profile mumble-overlay @{exec_path} { @{sh_path} rix, @{bin}/file rix, - @{bin}/which{,.debianutils} rix, + @{bin}/which rix, @{bin}/glxgears rPx, diff --git a/apparmor.d/profiles-m-r/needrestart-vmlinuz-get-version b/apparmor.d/profiles-m-r/needrestart-vmlinuz-get-version index 0c3c669a0..655566c74 100644 --- a/apparmor.d/profiles-m-r/needrestart-vmlinuz-get-version +++ b/apparmor.d/profiles-m-r/needrestart-vmlinuz-get-version @@ -23,7 +23,7 @@ profile needrestart-vmlinuz-get-version @{exec_path} { @{bin}/rm rix, @{bin}/tail rix, @{bin}/tr rix, - @{bin}/which{,.debianutils} rix, + @{bin}/which rix, @{bin}/xz rix, /boot/intel-ucode.img r, diff --git a/apparmor.d/profiles-m-r/openbox b/apparmor.d/profiles-m-r/openbox index 15957b348..e4e8a36e2 100644 --- a/apparmor.d/profiles-m-r/openbox +++ b/apparmor.d/profiles-m-r/openbox @@ -58,7 +58,7 @@ profile openbox @{exec_path} { @{lib}/@{multiarch}/openbox-xdg-autostart rix, @{sh_path} rix, - @{bin}/which{,.debianutils} rix, + @{bin}/which rix, # Apps allowed to run @{bin}/* rPUx, diff --git a/apparmor.d/profiles-s-z/ucf b/apparmor.d/profiles-s-z/ucf index 4fdbb5a52..86d94c7a1 100644 --- a/apparmor.d/profiles-s-z/ucf +++ b/apparmor.d/profiles-s-z/ucf @@ -33,7 +33,7 @@ profile ucf @{exec_path} { @{bin}/seq rix, @{bin}/stat rix, @{bin}/tr rix, - @{bin}/which{,.debianutils} rix, + @{bin}/which rix, @{bin}/dpkg-query rpx, @{bin}/dpkg-divert rPx, diff --git a/apparmor.d/profiles-s-z/update-pciids b/apparmor.d/profiles-s-z/update-pciids index a40afd994..bba603690 100644 --- a/apparmor.d/profiles-s-z/update-pciids +++ b/apparmor.d/profiles-s-z/update-pciids @@ -24,7 +24,7 @@ profile update-pciids @{exec_path} { @{bin}/chmod rix, @{bin}/echo rix, @{bin}/cat rix, - @{bin}/which{,.debianutils} rix, + @{bin}/which rix, @{bin}/bunzip2 rix, @{bin}/bzip2 rix, @{bin}/gzip rix, diff --git a/apparmor.d/profiles-s-z/uupdate b/apparmor.d/profiles-s-z/uupdate index 8858a80f1..eb26a4967 100644 --- a/apparmor.d/profiles-s-z/uupdate +++ b/apparmor.d/profiles-s-z/uupdate @@ -18,7 +18,7 @@ profile uupdate @{exec_path} flags=(complain) { @{sh_path} rix, @{bin}/basename rix, - @{bin}/which{,.debianutils} rix, + @{bin}/which rix, @{bin}/tr rix, @{bin}/{,e}grep rix, @{bin}/getopt rix, diff --git a/apparmor.d/profiles-s-z/xinit b/apparmor.d/profiles-s-z/xinit index a332bd20b..61151a7db 100644 --- a/apparmor.d/profiles-s-z/xinit +++ b/apparmor.d/profiles-s-z/xinit @@ -35,7 +35,7 @@ profile xinit @{exec_path} { @{bin}/tail rix, @{bin}/tempfile rix, @{bin}/touch rix, - @{bin}/which{,.debianutils} rix, + @{bin}/which rix, /etc/X11/xinit/xinitrc rix, /etc/X11/xinit/xserverrc rix, diff --git a/apparmor.d/tunables/multiarch.d/system b/apparmor.d/tunables/multiarch.d/system index 6f7995c05..3f6e0f890 100644 --- a/apparmor.d/tunables/multiarch.d/system +++ b/apparmor.d/tunables/multiarch.d/system @@ -67,4 +67,7 @@ alias // -> /, +#aa:only apt +alias /usr/bin/which.debianutils -> /usr/bin/which, + # vim:syntax=apparmor