diff --git a/apparmor.d/groups/bus/dbus-run-session b/apparmor.d/groups/bus/dbus-run-session index 30ad1699f..8e7330cf1 100644 --- a/apparmor.d/groups/bus/dbus-run-session +++ b/apparmor.d/groups/bus/dbus-run-session @@ -19,7 +19,7 @@ profile dbus-run-session @{exec_path} { /{usr/,}bin/dbus-daemon rPx, /{usr/,}bin/gnome-session rix, /{usr/,}bin/gsettings rix, - /{usr/,}lib/gnome-session-binary rPx, + @{libexec}/gnome-session-binary rPx, /usr/share/glib-2.0/schemas/gschemas.compiled r, /usr/share/gdm/greeter-dconf-defaults r, diff --git a/apparmor.d/groups/bus/ibus-dconf b/apparmor.d/groups/bus/ibus-dconf index 562dde203..131ec1175 100644 --- a/apparmor.d/groups/bus/ibus-dconf +++ b/apparmor.d/groups/bus/ibus-dconf @@ -7,6 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/ibus/ibus-dconf +@{exec_path} += @{libexec}/ibus-dconf profile ibus-dconf @{exec_path} flags=(attach_disconnected) { include include diff --git a/apparmor.d/groups/bus/ibus-engine-simple b/apparmor.d/groups/bus/ibus-engine-simple index 790767987..3340a8a88 100644 --- a/apparmor.d/groups/bus/ibus-engine-simple +++ b/apparmor.d/groups/bus/ibus-engine-simple @@ -7,6 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/ibus/ibus-engine-simple +@{exec_path} += @{libexec}/ibus-engine-simple profile ibus-engine-simple @{exec_path} flags=(attach_disconnected) { include diff --git a/apparmor.d/groups/bus/ibus-extension-gtk3 b/apparmor.d/groups/bus/ibus-extension-gtk3 index 2f58d0515..8685c80ea 100644 --- a/apparmor.d/groups/bus/ibus-extension-gtk3 +++ b/apparmor.d/groups/bus/ibus-extension-gtk3 @@ -6,7 +6,8 @@ abi , include -@{exec_path} = /{usr/,}lib/ibus/ibus-extension-gtk3 +@{exec_path} = /{usr/,}lib/ibus/ibus-extension-gtk3 +@{exec_path} += @{libexec}/ibus-extension-gtk3 profile ibus-extension-gtk3 @{exec_path} { include include diff --git a/apparmor.d/groups/bus/ibus-portal b/apparmor.d/groups/bus/ibus-portal index 82a97d393..3d6d6d57f 100644 --- a/apparmor.d/groups/bus/ibus-portal +++ b/apparmor.d/groups/bus/ibus-portal @@ -7,6 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/ibus/ibus-portal +@{exec_path} += @{libexec}/ibus-portal profile ibus-portal @{exec_path} flags=(attach_disconnected) { include diff --git a/apparmor.d/groups/bus/ibus-x11 b/apparmor.d/groups/bus/ibus-x11 index 7a64e81fa..acb769712 100644 --- a/apparmor.d/groups/bus/ibus-x11 +++ b/apparmor.d/groups/bus/ibus-x11 @@ -7,6 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/ibus/ibus-x11 +@{exec_path} += @{libexec}/ibus-x11 profile ibus-x11 @{exec_path} flags=(attach_disconnected) { include include diff --git a/apparmor.d/groups/desktop/colord b/apparmor.d/groups/desktop/colord index 90a0b9a78..e92650958 100644 --- a/apparmor.d/groups/desktop/colord +++ b/apparmor.d/groups/desktop/colord @@ -7,7 +7,8 @@ abi , include -@{exec_path} = /{usr/,}lib/colord/colord /usr/lib/colord +@{exec_path} = /{usr/,}lib/colord/colord +@{exec_path} += @{libexec}/colord profile colord @{exec_path} flags=(attach_disconnected) { include include diff --git a/apparmor.d/groups/desktop/geoclue b/apparmor.d/groups/desktop/geoclue index b29f2b75d..af5198d5b 100644 --- a/apparmor.d/groups/desktop/geoclue +++ b/apparmor.d/groups/desktop/geoclue @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/geoclue +@{exec_path} = @{libexec}/geoclue profile geoclue @{exec_path} { include diff --git a/apparmor.d/groups/gnome/evolution-addressbook-factory b/apparmor.d/groups/gnome/evolution-addressbook-factory index 80c000ebd..75206db54 100644 --- a/apparmor.d/groups/gnome/evolution-addressbook-factory +++ b/apparmor.d/groups/gnome/evolution-addressbook-factory @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/evolution-addressbook-factory +@{exec_path} = @{libexec}/evolution-addressbook-factory profile evolution-addressbook-factory @{exec_path} { include include @@ -22,6 +22,7 @@ profile evolution-addressbook-factory @{exec_path} { @{exec_path} mr, @{exec_path}-subprocess rix, + /usr/share/glib-2.0/schemas/gschemas.compiled r, owner @{user_share_dirs}/evolution/{,**} rwk, diff --git a/apparmor.d/groups/gnome/evolution-alarm-notify b/apparmor.d/groups/gnome/evolution-alarm-notify index fb1309a28..f2ab307ef 100644 --- a/apparmor.d/groups/gnome/evolution-alarm-notify +++ b/apparmor.d/groups/gnome/evolution-alarm-notify @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/evolution-data-server/evolution-alarm-notify +@{exec_path} = @{libexec}/evolution-data-server/evolution-alarm-notify profile evolution-alarm-notify @{exec_path} { include include diff --git a/apparmor.d/groups/gnome/evolution-calendar-factory b/apparmor.d/groups/gnome/evolution-calendar-factory index a62f2048a..6a60f3c15 100644 --- a/apparmor.d/groups/gnome/evolution-calendar-factory +++ b/apparmor.d/groups/gnome/evolution-calendar-factory @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/evolution-calendar-factory +@{exec_path} = @{libexec}/evolution-calendar-factory profile evolution-calendar-factory @{exec_path} { include include @@ -22,6 +22,7 @@ profile evolution-calendar-factory @{exec_path} { @{exec_path} mr, @{exec_path}-subprocess rix, + /usr/share/glib-2.0/schemas/gschemas.compiled r, owner @{user_share_dirs}/evolution/calendar/{,**} rwk, diff --git a/apparmor.d/groups/gnome/evolution-source-registry b/apparmor.d/groups/gnome/evolution-source-registry index c9ee74c53..b40e3ed93 100644 --- a/apparmor.d/groups/gnome/evolution-source-registry +++ b/apparmor.d/groups/gnome/evolution-source-registry @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/evolution-source-registry +@{exec_path} = @{libexec}/evolution-source-registry profile evolution-source-registry @{exec_path} { include include @@ -21,6 +21,7 @@ profile evolution-source-registry @{exec_path} { network netlink raw, @{exec_path} mr, + /usr/share/glib-2.0/schemas/gschemas.compiled r, owner @{user_config_dirs}/evolution/sources/{,*} rw, diff --git a/apparmor.d/groups/gnome/gdm b/apparmor.d/groups/gnome/gdm index 297f3559f..c2ea82079 100644 --- a/apparmor.d/groups/gnome/gdm +++ b/apparmor.d/groups/gnome/gdm @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}bin/gdm +@{exec_path} = /{usr/,}{s,}bin/gdm{,3} profile gdm @{exec_path} flags=(attach_disconnected) { include include diff --git a/apparmor.d/groups/gnome/gdm-runtime-config b/apparmor.d/groups/gnome/gdm-runtime-config index cf74acf25..e9821c979 100644 --- a/apparmor.d/groups/gnome/gdm-runtime-config +++ b/apparmor.d/groups/gnome/gdm-runtime-config @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/gdm-runtime-config +@{exec_path} = @{libexec}/gdm-runtime-config profile gdm-runtime-config @{exec_path} { include diff --git a/apparmor.d/groups/gnome/gdm-session-worker b/apparmor.d/groups/gnome/gdm-session-worker index be5582011..85bb1aa4f 100644 --- a/apparmor.d/groups/gnome/gdm-session-worker +++ b/apparmor.d/groups/gnome/gdm-session-worker @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/gdm-session-worker +@{exec_path} = @{libexec}/gdm-session-worker profile gdm-session-worker @{exec_path} flags=(attach_disconnected) { include include @@ -42,8 +42,8 @@ profile gdm-session-worker @{exec_path} flags=(attach_disconnected) { @{exec_path} mrix, /{usr/,}bin/gnome-keyring-daemon rPx, - /{usr/,}lib/gdm-wayland-session rPx, - /{usr/,}lib/gdm-x-session rPx, + @{libexec}/gdm-wayland-session rPx, + @{libexec}/gdm-x-session rPx, /etc/gdm/{Pre,Post}Session/Default rix, /etc/environment r, diff --git a/apparmor.d/groups/gnome/gdm-wayland-session b/apparmor.d/groups/gnome/gdm-wayland-session index c2e0d5599..2af9c93c1 100644 --- a/apparmor.d/groups/gnome/gdm-wayland-session +++ b/apparmor.d/groups/gnome/gdm-wayland-session @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/gdm-wayland-session +@{exec_path} = @{libexec}/gdm-wayland-session profile gdm-wayland-session @{exec_path} { include include @@ -32,7 +32,7 @@ profile gdm-wayland-session @{exec_path} { /{usr/,}bin/dbus-daemon rPx, /{usr/,}bin/dbus-run-session rPx, /{usr/,}bin/flatpak rPUx, - /{usr/,}lib/gnome-session-binary rPx, + @{libexec}/gnome-session-binary rPx, /etc/gdm/custom.conf r, /etc/machine-id r, diff --git a/apparmor.d/groups/gnome/gdm-x-session b/apparmor.d/groups/gnome/gdm-x-session index 1bb69aba4..5992fe6fa 100644 --- a/apparmor.d/groups/gnome/gdm-x-session +++ b/apparmor.d/groups/gnome/gdm-x-session @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/gdm-x-session +@{exec_path} = @{libexec}/gdm-x-session profile gdm-x-session @{exec_path} flags=(attach_disconnected) { include diff --git a/apparmor.d/groups/gnome/gdm-xsession b/apparmor.d/groups/gnome/gdm-xsession index cd123bcb6..02e9834fa 100644 --- a/apparmor.d/groups/gnome/gdm-xsession +++ b/apparmor.d/groups/gnome/gdm-xsession @@ -29,7 +29,7 @@ profile gdm-xsession @{exec_path} { /{usr/,}bin/systemctl rPx -> child-systemctl, /{usr/,}bin/xbrlapi rPx, /{usr/,}bin/xhost rPx, - /{usr/,}lib/gnome-session-binary rPx, + @{libexec}/gnome-session-binary rPx, /usr/share/glib-2.0/schemas/gschemas.compiled r, /etc/X11/{,**} r, diff --git a/apparmor.d/groups/gnome/gnome-calculator-search-provider b/apparmor.d/groups/gnome/gnome-calculator-search-provider index 2b61e8316..00a762b65 100644 --- a/apparmor.d/groups/gnome/gnome-calculator-search-provider +++ b/apparmor.d/groups/gnome/gnome-calculator-search-provider @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/gnome-calculator-search-provider +@{exec_path} = @{libexec}/gnome-calculator-search-provider profile gnome-calculator-search-provider @{exec_path} { include include diff --git a/apparmor.d/groups/gnome/gnome-control-center-print-renderer b/apparmor.d/groups/gnome/gnome-control-center-print-renderer index 8e90dc83f..9aafa1c72 100644 --- a/apparmor.d/groups/gnome/gnome-control-center-print-renderer +++ b/apparmor.d/groups/gnome/gnome-control-center-print-renderer @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/gnome-control-center-print-renderer +@{exec_path} = @{libexec}/gnome-control-center-print-renderer profile gnome-control-center-print-renderer @{exec_path} { include include diff --git a/apparmor.d/groups/gnome/gnome-control-center-search-provider b/apparmor.d/groups/gnome/gnome-control-center-search-provider index ca0d2141d..692de63e5 100644 --- a/apparmor.d/groups/gnome/gnome-control-center-search-provider +++ b/apparmor.d/groups/gnome/gnome-control-center-search-provider @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/gnome-control-center-search-provider +@{exec_path} = @{libexec}/gnome-control-center-search-provider profile gnome-control-center-search-provider @{exec_path} { include include diff --git a/apparmor.d/groups/gnome/gnome-session-binary b/apparmor.d/groups/gnome/gnome-session-binary index 66da01a54..773a73b9c 100644 --- a/apparmor.d/groups/gnome/gnome-session-binary +++ b/apparmor.d/groups/gnome/gnome-session-binary @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/gnome-session-binary +@{exec_path} = @{libexec}/gnome-session-binary profile gnome-session-binary @{exec_path} flags=(attach_disconnected) { include include @@ -34,11 +34,11 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) { /{usr/,}bin/touch rix, /{usr/,}bin/gsettings rix, /{usr/,}bin/xdg-user-dirs-gtk-update rix, - /{usr/,}lib/gnome-session-check-accelerated rix, - /{usr/,}lib/gnome-session-check-accelerated-gl-helper rix, - /{usr/,}lib/gnome-session-check-accelerated-gles-helper rix, - /{usr/,}lib/gnome-session-failed rix, - /{usr/,}lib/gnome-shell-overrides-migration.sh rix, + @{libexec}/gnome-session-check-accelerated rix, + @{libexec}/gnome-session-check-accelerated-gl-helper rix, + @{libexec}/gnome-session-check-accelerated-gles-helper rix, + @{libexec}/gnome-session-failed rix, + @{libexec}/gnome-shell-overrides-migration.sh rix, /{usr/,}bin/aa-notify rPx, /{usr/,}bin/blueman-applet rPx, @@ -48,8 +48,8 @@ profile gnome-session-binary @{exec_path} flags=(attach_disconnected) { /{usr/,}bin/pkcs11-register rPx, /{usr/,}bin/start-pulseaudio-x11 rPx, /{usr/,}bin/xbrlapi rPx, - /{usr/,}lib/evolution-data-server/evolution-alarm-notify rPx, - /{usr/,}lib/gsd-* rPx, + @{libexec}/evolution-data-server/evolution-alarm-notify rPx, + @{libexec}/gsd-* rPx, /usr/share/applications//{,**} r, /usr/share/gdm/greeter-dconf-defaults r, diff --git a/apparmor.d/groups/gnome/gnome-session-ctl b/apparmor.d/groups/gnome/gnome-session-ctl index d5508496e..df3c9ce04 100644 --- a/apparmor.d/groups/gnome/gnome-session-ctl +++ b/apparmor.d/groups/gnome/gnome-session-ctl @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/gnome-session-ctl +@{exec_path} = @{libexec}/gnome-session-ctl profile gnome-session-ctl @{exec_path} { include diff --git a/apparmor.d/groups/gnome/gnome-shell-calendar-server b/apparmor.d/groups/gnome/gnome-shell-calendar-server index 36fcf98ce..a41f6aaec 100644 --- a/apparmor.d/groups/gnome/gnome-shell-calendar-server +++ b/apparmor.d/groups/gnome/gnome-shell-calendar-server @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/gnome-shell-calendar-server +@{exec_path} = @{libexec}/gnome-shell-calendar-server profile gnome-shell-calendar-server @{exec_path} { include include diff --git a/apparmor.d/groups/gnome/gnome-shell-hotplug-sniffer b/apparmor.d/groups/gnome/gnome-shell-hotplug-sniffer index f72f60537..6769ca2ff 100644 --- a/apparmor.d/groups/gnome/gnome-shell-hotplug-sniffer +++ b/apparmor.d/groups/gnome/gnome-shell-hotplug-sniffer @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/gnome-shell-hotplug-sniffer +@{exec_path} = @{libexec}/gnome-shell-hotplug-sniffer profile gnome-shell-hotplug-sniffer @{exec_path} { include diff --git a/apparmor.d/groups/gnome/gnome-terminal-server b/apparmor.d/groups/gnome/gnome-terminal-server index ade81ec76..6ea5ce240 100644 --- a/apparmor.d/groups/gnome/gnome-terminal-server +++ b/apparmor.d/groups/gnome/gnome-terminal-server @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/gnome-terminal-server +@{exec_path} = @{libexec}/gnome-terminal-server profile gnome-terminal-server @{exec_path} { include include diff --git a/apparmor.d/groups/gnome/goa-daemon b/apparmor.d/groups/gnome/goa-daemon index 49f815d60..fa65e3ce1 100644 --- a/apparmor.d/groups/gnome/goa-daemon +++ b/apparmor.d/groups/gnome/goa-daemon @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/goa-daemon +@{exec_path} = @{libexec}/goa-daemon profile goa-daemon @{exec_path} { include include diff --git a/apparmor.d/groups/gnome/goa-identity-service b/apparmor.d/groups/gnome/goa-identity-service index 8bf1957e9..6a728d631 100644 --- a/apparmor.d/groups/gnome/goa-identity-service +++ b/apparmor.d/groups/gnome/goa-identity-service @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/goa-identity-service +@{exec_path} = @{libexec}/goa-identity-service profile goa-identity-service @{exec_path} { include include diff --git a/apparmor.d/groups/gnome/gsd-a11y-settings b/apparmor.d/groups/gnome/gsd-a11y-settings index 1ebfacb32..8be54615f 100644 --- a/apparmor.d/groups/gnome/gsd-a11y-settings +++ b/apparmor.d/groups/gnome/gsd-a11y-settings @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/gsd-a11y-settings +@{exec_path} = @{libexec}/gsd-a11y-settings profile gsd-a11y-settings @{exec_path} flags=(attach_disconnected) { include include diff --git a/apparmor.d/groups/gnome/gsd-color b/apparmor.d/groups/gnome/gsd-color index 514fe6c86..b2537f563 100644 --- a/apparmor.d/groups/gnome/gsd-color +++ b/apparmor.d/groups/gnome/gsd-color @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/gsd-color +@{exec_path} = @{libexec}/gsd-color profile gsd-color @{exec_path} flags=(attach_disconnected) { include include diff --git a/apparmor.d/groups/gnome/gsd-datetime b/apparmor.d/groups/gnome/gsd-datetime index 61b3839d2..b43be95b1 100644 --- a/apparmor.d/groups/gnome/gsd-datetime +++ b/apparmor.d/groups/gnome/gsd-datetime @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/gsd-datetime +@{exec_path} = @{libexec}/gsd-datetime profile gsd-datetime @{exec_path} flags=(attach_disconnected) { include include diff --git a/apparmor.d/groups/gnome/gsd-disk-utility-notify b/apparmor.d/groups/gnome/gsd-disk-utility-notify index edd2bec43..0ff646dbc 100644 --- a/apparmor.d/groups/gnome/gsd-disk-utility-notify +++ b/apparmor.d/groups/gnome/gsd-disk-utility-notify @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/gsd-disk-utility-notify +@{exec_path} = @{libexec}/gsd-disk-utility-notify profile gsd-disk-utility-notify @{exec_path} { include diff --git a/apparmor.d/groups/gnome/gsd-housekeeping b/apparmor.d/groups/gnome/gsd-housekeeping index 1e01a5185..d9ede44b0 100644 --- a/apparmor.d/groups/gnome/gsd-housekeeping +++ b/apparmor.d/groups/gnome/gsd-housekeeping @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/gsd-housekeeping +@{exec_path} = @{libexec}/gsd-housekeeping profile gsd-housekeeping @{exec_path} flags=(attach_disconnected) { include include diff --git a/apparmor.d/groups/gnome/gsd-keyboard b/apparmor.d/groups/gnome/gsd-keyboard index c6c371c84..aa6dba369 100644 --- a/apparmor.d/groups/gnome/gsd-keyboard +++ b/apparmor.d/groups/gnome/gsd-keyboard @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/gsd-keyboard +@{exec_path} = @{libexec}/gsd-keyboard profile gsd-keyboard @{exec_path} flags=(attach_disconnected) { include include diff --git a/apparmor.d/groups/gnome/gsd-media-keys b/apparmor.d/groups/gnome/gsd-media-keys index 26536f298..d6fbdbab6 100644 --- a/apparmor.d/groups/gnome/gsd-media-keys +++ b/apparmor.d/groups/gnome/gsd-media-keys @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/gsd-media-keys +@{exec_path} = @{libexec}/gsd-media-keys profile gsd-media-keys @{exec_path} flags=(attach_disconnected) { include include diff --git a/apparmor.d/groups/gnome/gsd-power b/apparmor.d/groups/gnome/gsd-power index 2a72c531c..b4a6bd311 100644 --- a/apparmor.d/groups/gnome/gsd-power +++ b/apparmor.d/groups/gnome/gsd-power @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/gsd-power +@{exec_path} = @{libexec}/gsd-power profile gsd-power @{exec_path} flags=(attach_disconnected) { include include diff --git a/apparmor.d/groups/gnome/gsd-print-notifications b/apparmor.d/groups/gnome/gsd-print-notifications index 4ef365b4a..8c8affd80 100644 --- a/apparmor.d/groups/gnome/gsd-print-notifications +++ b/apparmor.d/groups/gnome/gsd-print-notifications @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/gsd-print-notifications +@{exec_path} = @{libexec}/gsd-print-notifications profile gsd-print-notifications @{exec_path} flags=(attach_disconnected) { include include @@ -18,7 +18,7 @@ profile gsd-print-notifications @{exec_path} flags=(attach_disconnected) { signal (send) set=(hup) peer=gsd-printer, @{exec_path} mr, - /{usr/,}lib/gsd-printer rPx, + @{libexec}/gsd-printer rPx, /etc/machine-id r, diff --git a/apparmor.d/groups/gnome/gsd-printer b/apparmor.d/groups/gnome/gsd-printer index 9ca5f5b54..487e827b1 100644 --- a/apparmor.d/groups/gnome/gsd-printer +++ b/apparmor.d/groups/gnome/gsd-printer @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/gsd-printer +@{exec_path} = @{libexec}/gsd-printer profile gsd-printer @{exec_path} flags=(attach_disconnected) { include diff --git a/apparmor.d/groups/gnome/gsd-rfkill b/apparmor.d/groups/gnome/gsd-rfkill index 25493729a..cca7f7a3b 100644 --- a/apparmor.d/groups/gnome/gsd-rfkill +++ b/apparmor.d/groups/gnome/gsd-rfkill @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/gsd-rfkill +@{exec_path} = @{libexec}/gsd-rfkill profile gsd-rfkill @{exec_path} flags=(attach_disconnected) { include diff --git a/apparmor.d/groups/gnome/gsd-screensaver-proxy b/apparmor.d/groups/gnome/gsd-screensaver-proxy index bb916f383..b6058e222 100644 --- a/apparmor.d/groups/gnome/gsd-screensaver-proxy +++ b/apparmor.d/groups/gnome/gsd-screensaver-proxy @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/gsd-screensaver-proxy +@{exec_path} = @{libexec}/gsd-screensaver-proxy profile gsd-screensaver-proxy @{exec_path} flags=(attach_disconnected) { include diff --git a/apparmor.d/groups/gnome/gsd-sharing b/apparmor.d/groups/gnome/gsd-sharing index 64c202fee..0f7fb3253 100644 --- a/apparmor.d/groups/gnome/gsd-sharing +++ b/apparmor.d/groups/gnome/gsd-sharing @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/gsd-sharing +@{exec_path} = @{libexec}/gsd-sharing profile gsd-sharing @{exec_path} flags=(attach_disconnected) { include include diff --git a/apparmor.d/groups/gnome/gsd-smartcard b/apparmor.d/groups/gnome/gsd-smartcard index a5008067d..e39cee498 100644 --- a/apparmor.d/groups/gnome/gsd-smartcard +++ b/apparmor.d/groups/gnome/gsd-smartcard @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/gsd-smartcard +@{exec_path} = @{libexec}/gsd-smartcard profile gsd-smartcard @{exec_path} flags=(attach_disconnected) { include include diff --git a/apparmor.d/groups/gnome/gsd-sound b/apparmor.d/groups/gnome/gsd-sound index 2ab11410c..5449e6bb0 100644 --- a/apparmor.d/groups/gnome/gsd-sound +++ b/apparmor.d/groups/gnome/gsd-sound @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/gsd-sound +@{exec_path} = @{libexec}/gsd-sound profile gsd-sound @{exec_path} flags=(attach_disconnected) { include include diff --git a/apparmor.d/groups/gnome/gsd-usb-protection b/apparmor.d/groups/gnome/gsd-usb-protection index 958457669..f461d904d 100644 --- a/apparmor.d/groups/gnome/gsd-usb-protection +++ b/apparmor.d/groups/gnome/gsd-usb-protection @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/gsd-usb-protection +@{exec_path} = @{libexec}/gsd-usb-protection profile gsd-usb-protection @{exec_path} { include include diff --git a/apparmor.d/groups/gnome/gsd-wacom b/apparmor.d/groups/gnome/gsd-wacom index 5b0c6871c..8585d792e 100644 --- a/apparmor.d/groups/gnome/gsd-wacom +++ b/apparmor.d/groups/gnome/gsd-wacom @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/gsd-wacom +@{exec_path} = @{libexec}/gsd-wacom profile gsd-wacom @{exec_path} flags=(attach_disconnected) { include include diff --git a/apparmor.d/groups/gnome/gsd-xsettings b/apparmor.d/groups/gnome/gsd-xsettings index accbc496d..6f1c1a7b9 100644 --- a/apparmor.d/groups/gnome/gsd-xsettings +++ b/apparmor.d/groups/gnome/gsd-xsettings @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/gsd-xsettings +@{exec_path} = @{libexec}/gsd-xsettings profile gsd-xsettings @{exec_path} { include include diff --git a/apparmor.d/groups/gnome/tracker-extract b/apparmor.d/groups/gnome/tracker-extract index 523658508..7d2f80d62 100644 --- a/apparmor.d/groups/gnome/tracker-extract +++ b/apparmor.d/groups/gnome/tracker-extract @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/tracker-extract-3 +@{exec_path} = @{libexec}/tracker-extract-3 profile tracker-extract @{exec_path} { include include diff --git a/apparmor.d/groups/gnome/tracker-miner b/apparmor.d/groups/gnome/tracker-miner index 80eb5ad40..eb5ff2175 100644 --- a/apparmor.d/groups/gnome/tracker-miner +++ b/apparmor.d/groups/gnome/tracker-miner @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/tracker-miner-fs-{,control-}3 +@{exec_path} = @{libexec}/tracker-miner-fs-{,control-}3 profile tracker-miner @{exec_path} { include include diff --git a/apparmor.d/profiles-g-l/glib-pacrunner b/apparmor.d/profiles-g-l/glib-pacrunner index 8dd1a0f3e..9e9b127f4 100644 --- a/apparmor.d/profiles-g-l/glib-pacrunner +++ b/apparmor.d/profiles-g-l/glib-pacrunner @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/glib-pacrunner +@{exec_path} = @{libexec}/glib-pacrunner profile glib-pacrunner @{exec_path} { include include diff --git a/apparmor.d/profiles-m-r/polkit-agent-helper b/apparmor.d/profiles-m-r/polkit-agent-helper index 960342575..e4d804aad 100644 --- a/apparmor.d/profiles-m-r/polkit-agent-helper +++ b/apparmor.d/profiles-m-r/polkit-agent-helper @@ -8,6 +8,7 @@ abi , include @{exec_path} = /{usr/,}lib/polkit-[0-9]/polkit-agent-helper-[0-9] +@{exec_path} += @{libexec}/polkit-agent-helper-[0-9] profile polkit-agent-helper @{exec_path} { include include diff --git a/apparmor.d/profiles-m-r/polkitd b/apparmor.d/profiles-m-r/polkitd index 41b9fa36c..fc0af8a18 100644 --- a/apparmor.d/profiles-m-r/polkitd +++ b/apparmor.d/profiles-m-r/polkitd @@ -8,6 +8,7 @@ abi , include @{exec_path} = /{usr/,}lib/polkit-1/polkitd +@{exec_path} += @{libexec}/polkitd profile polkitd @{exec_path} { include include diff --git a/apparmor.d/profiles-m-r/power-profiles-daemon b/apparmor.d/profiles-m-r/power-profiles-daemon index 0cd2fe026..29edb7668 100644 --- a/apparmor.d/profiles-m-r/power-profiles-daemon +++ b/apparmor.d/profiles-m-r/power-profiles-daemon @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/power-profiles-daemon +@{exec_path} = @{libexec}/power-profiles-daemon profile power-profiles-daemon @{exec_path} { include include @@ -25,8 +25,10 @@ profile power-profiles-daemon @{exec_path} { @{sys}/class/power_supply/ r, @{sys}/devices/**/power_supply/*/uevent r, @{sys}/devices/system/cpu/*_pstate/{no_turbo,turbo_pct} r, + @{sys}/devices/system/cpu/*_pstate/status r, @{sys}/devices/system/cpu/cpufreq/ r, @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/energy_performance_preference rw, + @{sys}/devices/system/cpu/cpufreq/policy[0-9]*/scaling_governor rw, include if exists } \ No newline at end of file diff --git a/apparmor.d/profiles-s-z/xdg-desktop-portal b/apparmor.d/profiles-s-z/xdg-desktop-portal index 7abb3e3fd..a6b7dcfa7 100644 --- a/apparmor.d/profiles-s-z/xdg-desktop-portal +++ b/apparmor.d/profiles-s-z/xdg-desktop-portal @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/xdg-desktop-portal +@{exec_path} = @{libexec}/xdg-desktop-portal profile xdg-desktop-portal @{exec_path} flags=(attach_disconnected) { include include diff --git a/apparmor.d/profiles-s-z/xdg-desktop-portal-gnome b/apparmor.d/profiles-s-z/xdg-desktop-portal-gnome index ea3124b39..a64210e79 100644 --- a/apparmor.d/profiles-s-z/xdg-desktop-portal-gnome +++ b/apparmor.d/profiles-s-z/xdg-desktop-portal-gnome @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/xdg-desktop-portal-gnome +@{exec_path} = @{libexec}/xdg-desktop-portal-gnome profile xdg-desktop-portal-gnome @{exec_path} { include include diff --git a/apparmor.d/profiles-s-z/xdg-desktop-portal-gtk b/apparmor.d/profiles-s-z/xdg-desktop-portal-gtk index 19fddd719..09bd2b382 100644 --- a/apparmor.d/profiles-s-z/xdg-desktop-portal-gtk +++ b/apparmor.d/profiles-s-z/xdg-desktop-portal-gtk @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/xdg-desktop-portal-gtk +@{exec_path} = @{libexec}/xdg-desktop-portal-gtk profile xdg-desktop-portal-gtk @{exec_path} { include include diff --git a/apparmor.d/profiles-s-z/xdg-document-portal b/apparmor.d/profiles-s-z/xdg-document-portal index be91d0372..fbfbc5421 100644 --- a/apparmor.d/profiles-s-z/xdg-document-portal +++ b/apparmor.d/profiles-s-z/xdg-document-portal @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/xdg-document-portal +@{exec_path} = @{libexec}/xdg-document-portal profile xdg-document-portal @{exec_path} { include diff --git a/apparmor.d/profiles-s-z/xdg-permission-store b/apparmor.d/profiles-s-z/xdg-permission-store index a2e0277cf..d8dce5fd6 100644 --- a/apparmor.d/profiles-s-z/xdg-permission-store +++ b/apparmor.d/profiles-s-z/xdg-permission-store @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/xdg-permission-store +@{exec_path} = @{libexec}/xdg-permission-store profile xdg-permission-store @{exec_path} flags=(attach_disconnected) { include