diff --git a/apparmor.d/groups/network/mullvad-daemon b/apparmor.d/groups/network/mullvad-daemon index dcdb1738a..a57213481 100644 --- a/apparmor.d/groups/network/mullvad-daemon +++ b/apparmor.d/groups/network/mullvad-daemon @@ -55,7 +55,6 @@ profile mullvad-daemon @{exec_path} flags=(attach_disconnected) { @{sys}/fs/cgroup/net_cls/ w, @{sys}/fs/cgroup/net_cls/mullvad-exclusions/ w, @{sys}/fs/cgroup/net_cls/mullvad-exclusions/net_cls.classid rw, - @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, owner @{tmp}/@{uuid} rw, owner @{tmp}/talpid-openvpn-@{uuid} rw, diff --git a/apparmor.d/groups/network/tailscale b/apparmor.d/groups/network/tailscale index 5c3b62211..37029973b 100644 --- a/apparmor.d/groups/network/tailscale +++ b/apparmor.d/groups/network/tailscale @@ -27,8 +27,6 @@ profile tailscale @{exec_path} { owner @{run}/tailscale/tailscaled.sock rw, - @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, - @{PROC}/ r, @{PROC}/@{pids}/stat r, @{PROC}/sys/net/core/somaxconn r, diff --git a/apparmor.d/groups/network/tailscaled b/apparmor.d/groups/network/tailscaled index 121697da6..dd3f253db 100644 --- a/apparmor.d/groups/network/tailscaled +++ b/apparmor.d/groups/network/tailscaled @@ -69,7 +69,6 @@ profile tailscaled @{exec_path} flags=(attach_disconnected) { owner @{run}/tailscale/{,**} rw, @{sys}/devices/virtual/dmi/id/{bios_vendor,product_name} r, - @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, @{PROC}/ r, @{PROC}/@{pid}/mounts r, diff --git a/apparmor.d/groups/ubuntu/apt-esm-json-hook b/apparmor.d/groups/ubuntu/apt-esm-json-hook index 54c116677..4ce754d65 100644 --- a/apparmor.d/groups/ubuntu/apt-esm-json-hook +++ b/apparmor.d/groups/ubuntu/apt-esm-json-hook @@ -21,8 +21,6 @@ profile apt-esm-json-hook @{exec_path} { /var/lib/ubuntu-advantage/{,**} r, /var/lib/ubuntu-advantage/apt-esm/{,**} rw, - @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, - @{run}/cloud-init/cloud-id-nocloud r, owner @{PROC}/@{pid}/fd/ r, diff --git a/apparmor.d/groups/ubuntu/ubuntu-report b/apparmor.d/groups/ubuntu/ubuntu-report index 5edc9ebd2..54e444532 100644 --- a/apparmor.d/groups/ubuntu/ubuntu-report +++ b/apparmor.d/groups/ubuntu/ubuntu-report @@ -23,8 +23,6 @@ profile ubuntu-report @{exec_path} { owner @{user_cache_dirs}/ubuntu-report/{,*} r, - @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, - include if exists } diff --git a/apparmor.d/groups/virt/cni-bandwidth b/apparmor.d/groups/virt/cni-bandwidth index 21914faf8..0159f603e 100644 --- a/apparmor.d/groups/virt/cni-bandwidth +++ b/apparmor.d/groups/virt/cni-bandwidth @@ -18,8 +18,6 @@ profile cni-bandwidth @{exec_path} { @{exec_path} mr, - @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, - include if exists } diff --git a/apparmor.d/groups/virt/cni-bridge b/apparmor.d/groups/virt/cni-bridge index 37de32ae0..70347fe59 100644 --- a/apparmor.d/groups/virt/cni-bridge +++ b/apparmor.d/groups/virt/cni-bridge @@ -12,8 +12,6 @@ profile cni-bridge @{exec_path} { @{exec_path} mr, - @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, - include if exists } diff --git a/apparmor.d/groups/virt/cni-calico b/apparmor.d/groups/virt/cni-calico index 7c39a7ad2..47d5590a2 100644 --- a/apparmor.d/groups/virt/cni-calico +++ b/apparmor.d/groups/virt/cni-calico @@ -41,8 +41,6 @@ profile cni-calico @{exec_path} flags=(attach_disconnected) { @{PROC}/sys/net/ipv{4,6}/ip_forward rw, @{PROC}/sys/net/ipv{4,6}/{conf,neigh}/cali[0-9a-z]*/* rw, - @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, - include if exists } diff --git a/apparmor.d/groups/virt/cni-firewall b/apparmor.d/groups/virt/cni-firewall index 866b9dc96..028f5bd6f 100644 --- a/apparmor.d/groups/virt/cni-firewall +++ b/apparmor.d/groups/virt/cni-firewall @@ -12,8 +12,6 @@ profile cni-firewall @{exec_path} { @{exec_path} mr, - @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, - include if exists } diff --git a/apparmor.d/groups/virt/cni-flannel b/apparmor.d/groups/virt/cni-flannel index 05929a64c..ac473fbcb 100644 --- a/apparmor.d/groups/virt/cni-flannel +++ b/apparmor.d/groups/virt/cni-flannel @@ -12,8 +12,6 @@ profile cni-flannel @{exec_path} flags=(complain,attach_disconnected){ @{exec_path} mr, - @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, - include if exists } diff --git a/apparmor.d/groups/virt/cni-host-local b/apparmor.d/groups/virt/cni-host-local index bf555cfd8..50b8f315b 100644 --- a/apparmor.d/groups/virt/cni-host-local +++ b/apparmor.d/groups/virt/cni-host-local @@ -12,8 +12,6 @@ profile cni-host-local @{exec_path} flags=(complain,attach_disconnected){ @{exec_path} mr, - @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, - include if exists } diff --git a/apparmor.d/groups/virt/cni-loopback b/apparmor.d/groups/virt/cni-loopback index d05a303de..a7d24e306 100644 --- a/apparmor.d/groups/virt/cni-loopback +++ b/apparmor.d/groups/virt/cni-loopback @@ -22,8 +22,6 @@ profile cni-loopback @{exec_path} flags=(attach_disconnected) { @{run}/netns/ r, @{run}/netns/cni-@{uuid} rw, - @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, - include if exists } diff --git a/apparmor.d/groups/virt/cni-portmap b/apparmor.d/groups/virt/cni-portmap index db29f252c..bc4a00fa2 100644 --- a/apparmor.d/groups/virt/cni-portmap +++ b/apparmor.d/groups/virt/cni-portmap @@ -19,8 +19,6 @@ profile cni-portmap @{exec_path} { @{PROC}/sys/net/ipv{4,6}/conf/cali[0-9a-z]*/route_localnet rw, - @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, - include if exists } diff --git a/apparmor.d/groups/virt/cni-tuning b/apparmor.d/groups/virt/cni-tuning index ee7133b31..c0e3a3fd2 100644 --- a/apparmor.d/groups/virt/cni-tuning +++ b/apparmor.d/groups/virt/cni-tuning @@ -12,8 +12,6 @@ profile cni-tuning @{exec_path} { @{exec_path} mr, - @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, - include if exists } diff --git a/apparmor.d/groups/virt/containerd b/apparmor.d/groups/virt/containerd index f85a3571c..9ae6596ee 100644 --- a/apparmor.d/groups/virt/containerd +++ b/apparmor.d/groups/virt/containerd @@ -92,7 +92,6 @@ profile containerd @{exec_path} flags=(attach_disconnected) { owner /var/tmp/** rwkl, @{sys}/fs/cgroup/kubepods/** r, - @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, @{sys}/kernel/security/apparmor/profiles r, @{sys}/module/apparmor/parameters/enabled r, diff --git a/apparmor.d/groups/virt/containerd-shim-runc-v2 b/apparmor.d/groups/virt/containerd-shim-runc-v2 index c705c0cc8..428473f5d 100644 --- a/apparmor.d/groups/virt/containerd-shim-runc-v2 +++ b/apparmor.d/groups/virt/containerd-shim-runc-v2 @@ -49,7 +49,6 @@ profile containerd-shim-runc-v2 @{exec_path} flags=(attach_disconnected) { @{sys}/fs/cgroup/{,**} rw, @{sys}/fs/cgroup/kubepods/{,**} rw, @{sys}/kernel/mm/hugepages/ r, - @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, @{PROC}/@{pids}/cgroup r, @{PROC}/@{pids}/mountinfo r, diff --git a/apparmor.d/groups/virt/docker-proxy b/apparmor.d/groups/virt/docker-proxy index d549168ee..4bb1d9497 100644 --- a/apparmor.d/groups/virt/docker-proxy +++ b/apparmor.d/groups/virt/docker-proxy @@ -20,8 +20,6 @@ profile docker-proxy @{exec_path} { @{exec_path} mr, - @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, - @{PROC}/sys/net/core/somaxconn r, include if exists diff --git a/apparmor.d/groups/virt/dockerd b/apparmor.d/groups/virt/dockerd index f552c5289..64bba083d 100644 --- a/apparmor.d/groups/virt/dockerd +++ b/apparmor.d/groups/virt/dockerd @@ -75,7 +75,6 @@ profile dockerd @{exec_path} flags=(attach_disconnected) { @{sys}/fs/cgroup/cgroup.controllers r, @{sys}/fs/cgroup/cpuset.cpus.effective r, @{sys}/fs/cgroup/cpuset.mems.effective r, - @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, @{sys}/kernel/security/apparmor/profiles r, @{sys}/module/apparmor/parameters/enabled r, diff --git a/apparmor.d/groups/virt/k3s b/apparmor.d/groups/virt/k3s index 5905d4895..e1cded61d 100644 --- a/apparmor.d/groups/virt/k3s +++ b/apparmor.d/groups/virt/k3s @@ -163,7 +163,6 @@ profile k3s @{exec_path} flags=(attach_disconnected) { @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/session-@{int}.scope/{,**/} r, @{sys}/kernel/mm/hugepages/ r, - @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, @{sys}/kernel/mm/hugepages/hugepages-*/nr_hugepages r, @{sys}/kernel/security/apparmor/profiles r, diff --git a/apparmor.d/profiles-a-f/aa-log b/apparmor.d/profiles-a-f/aa-log index 6d1f690f6..74fbebcb1 100644 --- a/apparmor.d/profiles-a-f/aa-log +++ b/apparmor.d/profiles-a-f/aa-log @@ -27,8 +27,6 @@ profile aa-log @{exec_path} { /{run,var}/log/journal/ r, /{run,var}/log/journal/@{hex32}/{,*} r, - @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, - @{PROC}/sys/kernel/cap_last_cap r, /dev/tty@{int} rw, diff --git a/apparmor.d/profiles-a-f/arduino-builder b/apparmor.d/profiles-a-f/arduino-builder index 23f8628e5..d35004e35 100644 --- a/apparmor.d/profiles-a-f/arduino-builder +++ b/apparmor.d/profiles-a-f/arduino-builder @@ -39,8 +39,6 @@ profile arduino-builder @{exec_path} { owner @{HOME}/Arduino/{,**} r, - @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, - /tmp/ r, owner @{tmp}/cc* rw, owner @{tmp}/untitled[0-9]*.tmp/{,**} rw, diff --git a/apparmor.d/profiles-a-f/browserpass b/apparmor.d/profiles-a-f/browserpass index cfc5d3b0b..f35e0c640 100644 --- a/apparmor.d/profiles-a-f/browserpass +++ b/apparmor.d/profiles-a-f/browserpass @@ -25,8 +25,6 @@ profile browserpass @{exec_path} flags=(attach_disconnected) { owner @{user_cache_dirs}/mozilla/firefox/@{rand8}.*/safebrowsing-updating/google[0-9]/goog-phish-proto-@{int}.vlpset rw, owner @{tmp}/mozilla-temp-@{int} r, - @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, - owner @{PROC}/@{pid}/mountinfo r, # Inherit Silencer diff --git a/apparmor.d/profiles-a-f/dnscrypt-proxy b/apparmor.d/profiles-a-f/dnscrypt-proxy index 03d47e395..6727b8201 100644 --- a/apparmor.d/profiles-a-f/dnscrypt-proxy +++ b/apparmor.d/profiles-a-f/dnscrypt-proxy @@ -52,8 +52,6 @@ profile dnscrypt-proxy @{exec_path} { @{PROC}/sys/kernel/hostname r, @{PROC}/sys/net/core/somaxconn r, - @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, - include if exists } diff --git a/apparmor.d/profiles-g-l/hugo b/apparmor.d/profiles-g-l/hugo index fcb585020..9cf73dc49 100644 --- a/apparmor.d/profiles-g-l/hugo +++ b/apparmor.d/profiles-g-l/hugo @@ -40,8 +40,6 @@ profile hugo @{exec_path} { owner @{tmp}/hugo_cache/{,**} rwkl, owner @{tmp}/go-codehost-@{int} rw, - @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, - @{PROC}/sys/net/core/somaxconn r, include if exists diff --git a/apparmor.d/profiles-s-z/sbctl b/apparmor.d/profiles-s-z/sbctl index 938ecb638..57d8fb5e6 100644 --- a/apparmor.d/profiles-s-z/sbctl +++ b/apparmor.d/profiles-s-z/sbctl @@ -30,8 +30,6 @@ profile sbctl @{exec_path} { @{sys}/firmware/efi/efivars/SecureBoot-@{uuid} r, @{sys}/firmware/efi/efivars/SetupMode-@{uuid} r, - @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, - /dev/pts/@{int} rw, # File Inherit diff --git a/apparmor.d/profiles-s-z/sing-box b/apparmor.d/profiles-s-z/sing-box index eb9866b53..221da9617 100644 --- a/apparmor.d/profiles-s-z/sing-box +++ b/apparmor.d/profiles-s-z/sing-box @@ -31,8 +31,6 @@ profile sing-box @{exec_path} { owner @{user_share_dirs}/certmagic/** rw, - @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, - include if exists } diff --git a/apparmor.d/profiles-s-z/snap b/apparmor.d/profiles-s-z/snap index f59fd9226..158744d0c 100644 --- a/apparmor.d/profiles-s-z/snap +++ b/apparmor.d/profiles-s-z/snap @@ -70,7 +70,6 @@ profile snap @{exec_path} { @{run}/mount/utab r, @{run}/snapd.socket rw, - @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, @{sys}/kernel/security/apparmor/features/{,**} r, @{PROC}/@{pids}/cgroup r, diff --git a/apparmor.d/profiles-s-z/snap-failure b/apparmor.d/profiles-s-z/snap-failure index df8fe47fb..61372b169 100644 --- a/apparmor.d/profiles-s-z/snap-failure +++ b/apparmor.d/profiles-s-z/snap-failure @@ -19,8 +19,6 @@ profile snap-failure @{exec_path} { /var/lib/snapd/sequence/snapd.json r, - @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, - @{PROC}/cmdline r, profile systemctl { diff --git a/apparmor.d/profiles-s-z/snap-seccomp b/apparmor.d/profiles-s-z/snap-seccomp index 0da410bca..4c34746ed 100644 --- a/apparmor.d/profiles-s-z/snap-seccomp +++ b/apparmor.d/profiles-s-z/snap-seccomp @@ -20,8 +20,6 @@ profile snap-seccomp @{exec_path} { /var/lib/snapd/seccomp/bpf/{,**} rw, - @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, - owner @{PROC}/@{pids}/mountinfo r, deny @{user_share_dirs}/gvfs-metadata/* r, diff --git a/apparmor.d/profiles-s-z/snap-update-ns b/apparmor.d/profiles-s-z/snap-update-ns index e9315f5c7..2092ab1c9 100644 --- a/apparmor.d/profiles-s-z/snap-update-ns +++ b/apparmor.d/profiles-s-z/snap-update-ns @@ -47,7 +47,6 @@ profile snap-update-ns @{exec_path} { @{sys}/fs/cgroup/{,**/} r, @{sys}/fs/cgroup/system.slice/snap.*.service/cgroup.freeze rw, @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/user@@{uid}.service/app.slice/snap*.service/cgroup.freeze rw, - @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, @{PROC}/@{pids}/cgroup r, @{PROC}/cmdline r, diff --git a/apparmor.d/profiles-s-z/snapd b/apparmor.d/profiles-s-z/snapd index fa5ef1956..672ae2f7b 100644 --- a/apparmor.d/profiles-s-z/snapd +++ b/apparmor.d/profiles-s-z/snapd @@ -153,7 +153,6 @@ profile snapd @{exec_path} { @{sys}/fs/cgroup/user.slice/ r, @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/{,**/} r, @{sys}/kernel/kexec_loaded r, - @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, @{sys}/kernel/security/apparmor/features/{,**} r, @{sys}/kernel/security/apparmor/profiles r, diff --git a/apparmor.d/profiles-s-z/snapd-aa-prompt-listener b/apparmor.d/profiles-s-z/snapd-aa-prompt-listener index 3e3045b80..6cc8801aa 100644 --- a/apparmor.d/profiles-s-z/snapd-aa-prompt-listener +++ b/apparmor.d/profiles-s-z/snapd-aa-prompt-listener @@ -16,8 +16,6 @@ profile snapd-aa-prompt-listener @{exec_path} { @{lib_dirs}/snapd/info r, - @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, - @{PROC}/cmdline r, include if exists diff --git a/apparmor.d/profiles-s-z/snapd-apparmor b/apparmor.d/profiles-s-z/snapd-apparmor index 22a9c5faa..edd266c20 100644 --- a/apparmor.d/profiles-s-z/snapd-apparmor +++ b/apparmor.d/profiles-s-z/snapd-apparmor @@ -22,8 +22,6 @@ profile snapd-apparmor @{exec_path} { /var/lib/snapd/apparmor/profiles/ r, - @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, - @{PROC}/cmdline r, include if exists diff --git a/apparmor.d/profiles-s-z/syncthing b/apparmor.d/profiles-s-z/syncthing index 50b04668b..b65a56145 100644 --- a/apparmor.d/profiles-s-z/syncthing +++ b/apparmor.d/profiles-s-z/syncthing @@ -36,8 +36,6 @@ profile syncthing @{exec_path} { /home/ r, @{user_sync_dirs}/{,**} rw, - @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, - @{PROC}/@{pids}/net/route r, @{PROC}/sys/net/core/somaxconn r, owner @{PROC}/@{pid}/cgroup r, diff --git a/apparmor.d/profiles-s-z/zsysd b/apparmor.d/profiles-s-z/zsysd index c325e216d..eabe2d62c 100644 --- a/apparmor.d/profiles-s-z/zsysd +++ b/apparmor.d/profiles-s-z/zsysd @@ -37,8 +37,6 @@ profile zsysd @{exec_path} flags=(complain) { @{PROC}/cmdline r, @{PROC}/sys/kernel/spl/hostid r, - @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r, - /dev/pts/@{int} rw, /dev/zfs rw,