child-lsb_release -> lsb_release.

2021-09-15 16:30:28 +01:00 · 2021-09-15 16:30:28 +01:00 · 6c0ae4ddc1
commit 6c0ae4ddc1
parent 2a6b2bd189
32 changed files with 36 additions and 91 deletions
--- a/apparmor.d/groups/apps/atom
+++ b/apparmor.d/groups/apps/atom
@ -27,7 +27,7 @@ profile atom @{exec_path} {
  include <abstractions/deny-dconf>
  include <abstractions/deny-root-dir-access>

-  ptrace (read) peer=child-lsb_release,
+  ptrace (read) peer=lsb_release,
  ptrace (read) peer=xdg-settings,

  @{exec_path} mrix,
@ -65,7 +65,7 @@ profile atom @{exec_path} {
  /{usr/,}bin/nohup       rix,
  /{usr/,}bin/cat         rix,

-  /{usr/,}bin/lsb_release   rPx -> child-lsb_release,
+  /{usr/,}bin/lsb_release   rPx -> lsb_release,
  /{usr/,}bin/xdg-open      rCx -> open,

  /{usr/,}bin/xdg-settings rPUx,
--- a/apparmor.d/groups/apps/code
+++ b/apparmor.d/groups/apps/code
@ -25,7 +25,7 @@ profile code @{exec_path} {
  include <abstractions/deny-dconf>
  include <abstractions/deny-root-dir-access>

-  ptrace (read) peer=child-lsb_release,
+  ptrace (read) peer=lsb_release,

  @{exec_path} mrix,

@ -47,7 +47,7 @@ profile code @{exec_path} {
  #/{usr/,}bin/which{,.debianutils}       rix,
  #/{usr/,}sbin/ifconfig   rix,

-  /{usr/,}bin/lsb_release rPx -> child-lsb_release,
+  /{usr/,}bin/lsb_release rPx -> lsb_release,

  /{usr/,}bin/git        rPUx,

--- a/apparmor.d/groups/apps/dropbox
+++ b/apparmor.d/groups/apps/dropbox
@ -117,7 +117,7 @@ profile dropbox @{exec_path} {

  # External apps
  /{usr/,}bin/xdg-open                                  rCx -> open,
-  /{usr/,}bin/lsb_release                               rPx -> child-lsb_release,
+  /{usr/,}bin/lsb_release                               rPx -> lsb_release,

  # Allowed apps to open
  /{usr/,}lib/firefox/firefox rPUx,
--- a/apparmor.d/groups/apps/filezilla
+++ b/apparmor.d/groups/apps/filezilla
@ -27,7 +27,7 @@ profile filezilla @{exec_path} {
  # When using SFTP protocol
  /{usr/,}bin/fzsftp      rPx,

-  /{usr/,}bin/lsb_release rPx -> child-lsb_release,
+  /{usr/,}bin/lsb_release rPx -> lsb_release,

  owner @{HOME}/ r,
  owner @{user_config_dirs}/filezilla/ rw,
--- a/apparmor.d/groups/apps/thunderbird
+++ b/apparmor.d/groups/apps/thunderbird
@ -166,7 +166,7 @@ profile thunderbird @{exec_path} {
  # Silencer
  deny /{usr/,}lib/thunderbird/** w,

-  /{usr/,}bin/lsb_release                                 rPx -> child-lsb_release,
+  /{usr/,}bin/lsb_release                                 rPx -> lsb_release,
  /{usr/,}bin/xdg-open                                    rCx -> open,
  /{usr/,}bin/exo-open                                    rCx -> open,
  /{usr/,}lib/@{multiarch}/glib-[0-9]*/gio-launch-desktop rCx -> open,
--- a/apparmor.d/groups/apt/apt-listbugs
+++ b/apparmor.d/groups/apt/apt-listbugs
@ -49,7 +49,7 @@ profile apt-listbugs @{exec_path} {
  include <abstractions/fontconfig-cache-read>
  include <abstractions/freedesktop.org>
  capability dac_read_search,
-  /{usr/,}bin/lsb_release rPx -> child-lsb_release,
+  /{usr/,}bin/lsb_release rPx -> lsb_release,
  /{usr/,}bin/hostname    rix,
  owner @{PROC}/@{pid}/mounts r,
  @{HOME}/.Xauthority r,
--- a/apparmor.d/groups/apt/apt-listchanges
+++ b/apparmor.d/groups/apt/apt-listchanges
@ -68,7 +68,7 @@ profile apt-listchanges @{exec_path} {
  include <abstractions/fontconfig-cache-read>
  include <abstractions/freedesktop.org>
  capability dac_read_search,
-  /{usr/,}bin/lsb_release rPx -> child-lsb_release,
+  /{usr/,}bin/lsb_release rPx -> lsb_release,
  /{usr/,}bin/hostname    rix,
  owner @{PROC}/@{pid}/mounts r,
  @{HOME}/.Xauthority r,
--- a/apparmor.d/groups/apt/command-not-found
+++ b/apparmor.d/groups/apt/command-not-found
@ -17,7 +17,7 @@ profile command-not-found @{exec_path} {
  @{exec_path} r,
  /{usr/,}bin/python3.[0-9]* r,

-  /{usr/,}bin/lsb_release rPx -> child-lsb_release,
+  /{usr/,}bin/lsb_release rPx -> lsb_release,

  /var/lib/command-not-found/commands.db rwk,

--- a/apparmor.d/groups/apt/dpkg-preconfigure
+++ b/apparmor.d/groups/apt/dpkg-preconfigure
@ -42,7 +42,7 @@ profile dpkg-preconfigure @{exec_path} {
  include <abstractions/fontconfig-cache-read>
  include <abstractions/freedesktop.org>
  capability dac_read_search,
-  /{usr/,}bin/lsb_release rPx -> child-lsb_release,
+  /{usr/,}bin/lsb_release rPx -> lsb_release,
  /{usr/,}bin/hostname    rix,
  owner @{PROC}/@{pid}/mounts r,
  @{HOME}/.Xauthority r,
--- a/apparmor.d/groups/apt/reportbug
+++ b/apparmor.d/groups/apt/reportbug
@ -54,7 +54,7 @@ profile reportbug @{exec_path} {
  #
  /{usr/,}{s,}bin/exim4           rPx,

-  /{usr/,}bin/lsb_release      rPx -> child-lsb_release,
+  /{usr/,}bin/lsb_release      rPx -> lsb_release,
  /{usr/,}bin/dpkg             rPx -> child-dpkg,
  /{usr/,}bin/systemctl        rPx -> child-systemctl,
  /{usr/,}bin/pager            rPx -> child-pager,
--- a/apparmor.d/groups/apt/synaptic
+++ b/apparmor.d/groups/apt/synaptic
@ -96,7 +96,7 @@ profile synaptic @{exec_path} {
  /{usr/,}sbin/update-command-not-found      rPx,
  /usr/share/command-not-found/cnf-update-db rPx,
  /{usr/,}sbin/update-apt-xapian-index       rPx,
-  /{usr/,}bin/lsb_release        rPx -> child-lsb_release,
+  /{usr/,}bin/lsb_release        rPx -> lsb_release,
  /{usr/,}bin/deborphan          rPx,
  /{usr/,}bin/tasksel            rPx,
  /{usr/,}bin/pkexec             rPx,
--- a/apparmor.d/groups/browsers/brave
+++ b/apparmor.d/groups/browsers/brave
@ -67,7 +67,7 @@ profile brave @{exec_path} {
  # For storing passwords externally
  /{usr/,}bin/keepassxc-proxy   rPUx,

-  /{usr/,}bin/lsb_release        rPx -> child-lsb_release,
+  /{usr/,}bin/lsb_release        rPx -> lsb_release,

  # no new privs
  #deny /{usr/,}bin/xdg-desktop-menu  rx,
--- a/apparmor.d/groups/browsers/chromium-chromium
+++ b/apparmor.d/groups/browsers/chromium-chromium
@ -40,7 +40,7 @@ profile chromium-chromium @{exec_path} {
  ptrace (trace) peer=@{profile_name},
  ptrace (read) peer=xdg-settings,
  ptrace (read) peer=keepassxc-proxy,
-  ptrace (read) peer=child-lsb_release,
+  ptrace (read) peer=lsb_release,

  signal (send) set=(term, kill) peer=keepassxc-proxy,

@ -59,7 +59,7 @@ profile chromium-chromium @{exec_path} {
  /{usr/,}bin/keepassxc-proxy   rPUx,
  /{usr/,}bin/browserpass       rPx,

-  /{usr/,}bin/lsb_release        rPx -> child-lsb_release,
+  /{usr/,}bin/lsb_release        rPx -> lsb_release,
  /{usr/,}bin/xdg-mime          rPUx,
  /{usr/,}bin/xdg-open           rCx -> open,
  /{usr/,}bin/xdg-settings      rPUx,
--- a/apparmor.d/groups/browsers/firefox
+++ b/apparmor.d/groups/browsers/firefox
@ -179,7 +179,7 @@ profile firefox @{exec_path} flags=(attach_disconnected) {
  /{usr/,}bin/keepassxc-proxy  rPUx, # For storing passwords externally
  /{usr/,}bin/browserpass       rPx,

-  /{usr/,}bin/lsb_release       rPx -> child-lsb_release,
+  /{usr/,}bin/lsb_release       rPx -> lsb_release,

  /{usr/,}bin/xdg-open                                    rCx -> open,
  /{usr/,}bin/exo-open                                    rCx -> open,
--- a/apparmor.d/groups/browsers/google-chrome-chrome
+++ b/apparmor.d/groups/browsers/google-chrome-chrome
@ -59,7 +59,7 @@ profile google-chrome-chrome @{exec_path} {
  # For storing passwords externally
  /{usr/,}bin/keepassxc-proxy   rPUx,

-  /{usr/,}bin/lsb_release        rPx -> child-lsb_release,
+  /{usr/,}bin/lsb_release        rPx -> lsb_release,
  /{usr/,}bin/xdg-open           rCx -> open,

  # no new privs
--- a/apparmor.d/groups/browsers/opera
+++ b/apparmor.d/groups/browsers/opera
@ -55,7 +55,7 @@ profile opera @{exec_path} {
  @{OPERA_INSTALLDIR}/opera_crashreporter  rPx,
  @{OPERA_INSTALLDIR}/opera_autoupdate    krix,

-  /{usr/,}bin/lsb_release        rPx -> child-lsb_release,
+  /{usr/,}bin/lsb_release        rPx -> lsb_release,
  /{usr/,}bin/xdg-mime          rPUx,
  /{usr/,}bin/xdg-open           rCx -> open,
  /{usr/,}bin/xdg-settings      rPUx,