feat(profile): update sbin list and ensure the profiles use the good variable (sbin or bin).

apparmor.d/groups/apt/apt-listchanges

@@ -30,7 +30,7 @@ profile apt-listchanges @{exec_path} {
 
   @{pager_path}          Cx -> pager,
   @{bin}/dpkg            Px -> child-dpkg,
-  @{bin}/exim4           Px,  # Send results using email
+  @{sbin}/exim4          Px,  # Send results using email
 
   /usr/share/apt-listchanges/{,**} r,
 

apparmor.d/groups/apt/debsecan

@@ -27,7 +27,7 @@ profile debsecan @{exec_path} {
   @{sh_path}        rix,
 
   # Send results using email
-  @{bin}/exim4  rPx,
+  @{sbin}/exim4  rPx,
 
   /etc/apt/apt.conf.d/{,*} r,
   /etc/apt/apt.conf r,

apparmor.d/groups/apt/reportbug

@@ -40,7 +40,7 @@ profile reportbug @{exec_path} {
   @{bin}/stty             rix,
   /usr/share/reportbug/handle_bugscript rix,
 
-  @{bin}/exim4            rPx,
+  @{sbin}/exim4           rPx,
   @{bin}/apt-cache        rPx,
   @{bin}/debconf-show     rPx,
   @{bin}/debsums          rPx,

apparmor.d/groups/cron/anacron

@@ -17,7 +17,7 @@ profile anacron @{exec_path} {
 
   @{sh_path}         rix,
   @{bin}/run-parts   rCx -> run-parts,
-  @{bin}/exim4       rPx,
+  @{sbin}/exim4      rPx,
 
   / r,
   /etc/anacrontab r,

apparmor.d/groups/cron/cron

@@ -28,7 +28,7 @@ profile cron @{exec_path} flags=(attach_disconnected) {
   @{exec_path} mr,
 
   @{sh_path}                 rix,
-  @{bin}/exim4               rPx,
+  @{sbin}/exim4              rPx,
   @{bin}/ionice              rix,
   @{bin}/nice                rix,
   @{bin}/run-parts           rCx -> run-parts,

apparmor.d/groups/cron/cron-apt

@@ -7,7 +7,7 @@ abi <abi/4.0>,
 
 include <tunables/global>
 
-@{exec_path} = @{sbin}/cron-apt
+@{exec_path} = @{bin}/cron-apt
 profile cron-apt @{exec_path} {
   include <abstractions/base>
   include <abstractions/nameservice-strict>
@@ -46,7 +46,7 @@ profile cron-apt @{exec_path} {
   @{bin}/apt-get     rPx,
   @{bin}/apt-file    rPx,
   @{bin}/aptitude{,-curses} rPx,
-  @{bin}/exim4      rPx,
+  @{sbin}/exim4      rPx,
 
   /usr/share/cron-apt/{,*} r,
 

apparmor.d/groups/cron/cron-exim4-base

@@ -34,10 +34,10 @@ profile cron-exim4-base @{exec_path} {
   @{bin}/hostname   rix,
   @{bin}/xargs      rix,
   @{bin}/find       rix,
-  @{bin}/eximstats rix,
+  @{sbin}/eximstats rix,
 
-  @{bin}/exim4     rPx,
-  @{bin}/exim_tidydb       rix,
+  @{sbin}/exim4             rPx,
+  @{sbin}/exim_tidydb       rix,
 
   @{sbin}/start-stop-daemon rix,
   @{sbin}/runuser           rix,

apparmor.d/groups/cron/crontab

@@ -7,7 +7,7 @@ abi <abi/4.0>,
 
 include <tunables/global>
 
-@{exec_path} = @{sbin}/crontab
+@{exec_path} = @{bin}/crontab
 profile crontab @{exec_path} {
   include <abstractions/base>
   include <abstractions/authentication>

apparmor.d/groups/cups/cupsd

@@ -54,7 +54,7 @@ profile cupsd @{exec_path} flags=(attach_disconnected) {
   @{bin}/gs                  rix,
   @{bin}/gsc                 rix,
   @{bin}/hostname            rix,
-  @{sbin}/ippfind            rix,
+  @{bin}/ippfind             rix,
   @{bin}/mktemp              rix,
   @{bin}/printenv            rix,
   @{python_path}             rix,

apparmor.d/groups/filesystem/btrfs-find-root

@@ -7,7 +7,7 @@ abi <abi/4.0>,
 
 include <tunables/global>
 
-@{exec_path} = @{bin}/btrfs-find-root
+@{exec_path} = @{sbin}/btrfs-find-root
 profile btrfs-find-root @{exec_path} {
   include <abstractions/base>
   include <abstractions/disks-read>

apparmor.d/groups/firewall/firewalld

@@ -35,8 +35,8 @@ profile firewalld @{exec_path} flags=(attach_disconnected) {
   @{bin}/alts                      ix,
   @{bin}/false                     ix,
   @{bin}/kmod                      Cx -> kmod,
-  @{sbin}/ebtables-legacy          ix,
-  @{sbin}/ebtables-legacy-restore  ix,
+  @{bin}/ebtables-legacy           ix,
+  @{bin}/ebtables-legacy-restore   ix,
   @{sbin}/ipset                    ix,
   @{sbin}/xtables-legacy-multi     ix,
   @{sbin}/xtables-nft-multi       mix,

apparmor.d/groups/grub/grub-bios-setup

@@ -6,7 +6,7 @@ abi <abi/4.0>,
 
 include <tunables/global>
 
-@{exec_path} = @{sbin}/grub-bios-setup
+@{exec_path} = @{bin}/grub-bios-setup
 profile grub-bios-setup @{exec_path} {
   include <abstractions/base>
   include <abstractions/consoles>

apparmor.d/groups/grub/update-grub

@@ -6,7 +6,7 @@ abi <abi/4.0>,
 
 include <tunables/global>
 
-@{exec_path} = @{sbin}/update-grub{2,}
+@{exec_path} = @{sbin}/update-grub
 profile update-grub @{exec_path} {
   include <abstractions/base>
   include <abstractions/consoles>

apparmor.d/groups/kde/sddm-xsession

@@ -37,7 +37,7 @@ profile sddm-xsession @{exec_path} {
   @{bin}/sed        rix,
   @{bin}/stat       rix,
   @{bin}/tail       rix,
-  @{sbin}/tcsh      rix,
+  @{bin}/tcsh       rix,
   @{bin}/tempfile   rix,
   @{bin}/touch      rix,
   @{bin}/which{,.*} rix,

apparmor.d/groups/network/iwctl

@@ -6,7 +6,7 @@ abi <abi/4.0>,
 
 include <tunables/global>
 
-@{exec_path} = @{sbin}/iwctl
+@{exec_path} = @{bin}/iwctl
 profile iwctl @{exec_path} {
   include <abstractions/base>
 

apparmor.d/groups/network/mullvad-daemon

@@ -33,7 +33,7 @@ profile mullvad-daemon @{exec_path} flags=(attach_disconnected) {
 
   @{exec_path} mr,
 
-  @{sbin}/ip  rix,
+  @{bin}/ip  rix,
 
   "/opt/Mullvad VPN/resources/openvpn" rix,
   "/opt/Mullvad VPN/resources/*.so*" mr,

apparmor.d/groups/network/openvpn

@@ -61,7 +61,7 @@ profile openvpn @{exec_path} flags=(attach_disconnected) {
   @{run}/openvpn/*.{pid,status} rw,
   @{run}/systemd/journal/dev-log r,
 
-  @{sbin}/ip                               rix,
+  @{bin}/ip                                rix,
   @{bin}/systemd-ask-password              rPx,
   @{lib}/nm-openvpn-service-openvpn-helper rPx,
   /etc/openvpn/force-user-traffic-via-vpn.sh    rCx -> force-user-traffic-via-vpn,
@@ -83,7 +83,7 @@ profile openvpn @{exec_path} flags=(attach_disconnected) {
 
     @{sh_path}                rix,
     @{bin}/cut                rix,
-    @{sbin}/ip                rix,
+    @{bin}/ip                 rix,
     @{bin}/which              rix,
     @{sbin}/xtables-nft-multi rix,
 
@@ -110,7 +110,7 @@ profile openvpn @{exec_path} flags=(attach_disconnected) {
     @{bin}/{,e}grep   rix,
     @{bin}/cut        rix,
     @{bin}/env        rix,
-    @{sbin}/ip        rix,
+    @{bin}/ip         rix,
     @{sbin}/nft       rix,
     @{bin}/sed        rix,
 

apparmor.d/groups/network/tailscale

@@ -23,7 +23,7 @@ profile tailscale @{exec_path} {
 
   @{exec_path} mr,
 
-  @{sbin}/ip rPx,
+  @{bin}/ip rPx,
 
   owner @{run}/tailscale/tailscaled.sock rw,
 

apparmor.d/groups/network/tailscaled

@@ -35,7 +35,7 @@ profile tailscaled @{exec_path} flags=(attach_disconnected) {
 
   @{exec_path} mr,
 
-  @{sbin}/ip                rix,
+  @{bin}/ip                 rix,
   @{bin}/resolvectl         rPx,
   @{sbin}/xtables-nft-multi rix,
 

apparmor.d/groups/network/wg-quick

@@ -21,7 +21,7 @@ profile wg-quick @{exec_path} flags=(attach_disconnected) {
 
   @{sh_path}                rix,
   @{bin}/cat                rix,
-  @{sbin}/ip                rPx,
+  @{bin}/ip                 rPx,
   @{bin}/mv                 rix,
   @{sbin}/nft               rix,
   @{bin}/readlink           rix,

apparmor.d/groups/pacman/mkinitcpio

@@ -42,10 +42,7 @@ profile mkinitcpio @{exec_path} flags=(attach_disconnected) {
   @{bin}/zcat                rix,
   @{bin}/zstd                rix,
 
-  @{bin}/{depmod,insmod}     rPx,
-  @{bin}/{kmod,lsmod}        rPx,
-  @{bin}/{modinfo,rmmod}     rPx,
-  @{sbin}/modprobe           rPx,
+  @{bin}/kmod                rPx,
   @{bin}/plymouth            rPx,
   @{sbin}/plymouth-set-default-theme rPx,
   @{bin}/sbctl               rPx,

apparmor.d/groups/pacman/pacman

@@ -97,7 +97,7 @@ profile pacman @{exec_path} flags=(attach_disconnected) {
   @{bin}/update-ca-trust             rPx,
   @{bin}/update-desktop-database     rPx,
   @{sbin}/update-grub                rPx,
-  @{sbin}/update-mime-database       rPx,
+  @{bin}/update-mime-database        rPx,
   @{bin}/vercmp                      rix,
   @{bin}/which                       rix,
   @{bin}/xmlcatalog                  rix,

apparmor.d/groups/pacman/pacman-hook-depmod

@@ -16,7 +16,6 @@ profile pacman-hook-depmod @{exec_path} {
 
   @{bin}/basename  rix,
   @{bin}/bash      rix,
-  @{sbin}/depmod   rPx,
   @{bin}/kmod      rPx,
   @{bin}/rm        rix,
   @{bin}/rmdir     rix,

apparmor.d/groups/ubuntu/cron-ubuntu-fan

@@ -17,7 +17,7 @@ profile cron-ubuntu-fan @{exec_path} {
   @{sh_path}         rix,
   @{sbin}/fanctl     rPx,
   @{bin}/grep        rix,
-  @{sbin}/ip         rix,
+  @{bin}/ip          rix,
   @{bin}/mkdir       rix,
   @{bin}/sed         rix,
 

apparmor.d/groups/ubuntu/subiquity-console-conf

@@ -25,7 +25,7 @@ profile subiquity-console-conf @{exec_path} {
   @{sh_path}         rix,
   @{bin}/cat         rix,
   @{bin}/grep        rix,
-  @{sbin}/ip         rix,
+  @{bin}/ip          rix,
   @{bin}/mkdir       rix,
   @{bin}/mv          rix,
   @{bin}/sleep       rix,

apparmor.d/groups/virt/cockpit-bridge

@@ -38,7 +38,7 @@ profile cockpit-bridge @{exec_path} {
   @{bin}/cat                  ix,
   @{bin}/date                 ix,
   @{bin}/find                 ix,
-  @{sbin}/ip                  ix,
+  @{bin}/ip                   ix,
   @{python_path}              ix,
   @{bin}/test                 ix,
   @{bin}/file                 ix,

apparmor.d/groups/virt/cockpit-update-motd

@@ -15,7 +15,7 @@ profile cockpit-update-motd @{exec_path} {
 
   @{sh_path}        rix,
   @{bin}/hostname   rix,
-  @{sbin}/ip        rPx,
+  @{bin}/ip         rPx,
   @{bin}/sed        rix,
   @{bin}/systemctl  rCx -> systemctl,
 

apparmor.d/groups/virt/libvirtd

@@ -116,7 +116,7 @@ profile libvirtd @{exec_path} flags=(attach_disconnected) {
   @{sbin}/virtlogd                            rPx,
 
   @{sh_path}                    rix,
-  @{sbin}/ip                    rix,
+  @{bin}/ip                     rix,
   @{sbin}/nft                   rix,
   @{bin}/qemu-img               rUx, # TODO: Integration with virt-aa-helper
   @{bin}/qemu-system*           rUx, # TODO: Integration with virt-aa-helper