diff --git a/apparmor.d/groups/firewall/ufw b/apparmor.d/groups/firewall/ufw index 09f4f06f2..b7f133641 100644 --- a/apparmor.d/groups/firewall/ufw +++ b/apparmor.d/groups/firewall/ufw @@ -7,7 +7,7 @@ abi , include -@{exec_path} = @{bin}/ufw +@{exec_path} = @{sbin}/ufw profile ufw @{exec_path} flags=(attach_disconnected) { include include diff --git a/apparmor.d/groups/grub/grub-bios-setup b/apparmor.d/groups/grub/grub-bios-setup index b0d606701..9ccd02275 100644 --- a/apparmor.d/groups/grub/grub-bios-setup +++ b/apparmor.d/groups/grub/grub-bios-setup @@ -6,7 +6,7 @@ abi , include -@{exec_path} = @{bin}/grub-bios-setup +@{exec_path} = @{sbin}/grub-bios-setup profile grub-bios-setup @{exec_path} { include include diff --git a/apparmor.d/groups/pacman/pacman b/apparmor.d/groups/pacman/pacman index ada70feec..2d80b673a 100644 --- a/apparmor.d/groups/pacman/pacman +++ b/apparmor.d/groups/pacman/pacman @@ -75,7 +75,7 @@ profile pacman @{exec_path} flags=(attach_disconnected) { @{sbin}/iconvconfig rix, @{bin}/install-catalog rPx, @{bin}/install-info rPx, - @{bin}/iscsi-iname rix, + @{sbin}/iscsi-iname rix, @{bin}/journalctl rPx, @{bin}/killall rix, @{sbin}/ldconfig rix, diff --git a/apparmor.d/groups/systemd/systemd-sleep-tlp b/apparmor.d/groups/systemd/systemd-sleep-tlp index 60a28d4af..fc9a51067 100644 --- a/apparmor.d/groups/systemd/systemd-sleep-tlp +++ b/apparmor.d/groups/systemd/systemd-sleep-tlp @@ -13,7 +13,7 @@ profile systemd-sleep-tlp @{exec_path} { @{exec_path} mr, @{sh_path} rix, - @{bin}/tlp rPUx, + @{sbin}/tlp rPUx, include if exists } diff --git a/apparmor.d/groups/systemd/systemd-udevd b/apparmor.d/groups/systemd/systemd-udevd index 03bfd6000..1a9d51b35 100644 --- a/apparmor.d/groups/systemd/systemd-udevd +++ b/apparmor.d/groups/systemd/systemd-udevd @@ -46,12 +46,13 @@ profile systemd-udevd @{exec_path} flags=(attach_disconnected) { @{sbin}/dmsetup rPx, @{sbin}/ethtool rix, @{bin}/issue-generator rPx, + @{sbin}/kdump-config rPUx, @{bin}/kmod rPx, @{bin}/logger rix, @{bin}/ls rix, @{sbin}/lvm rPx, @{bin}/mknod rix, - @{bin}/multipath rPx, + @{sbin}/multipath rPx, @{bin}/nfsrahead rix, @{bin}/nvidia-modprobe rPx -> child-modprobe-nvidia, @{bin}/setfacl rix, diff --git a/apparmor.d/profiles-a-f/atd b/apparmor.d/profiles-a-f/atd index 3a0669c76..8d94da3db 100644 --- a/apparmor.d/profiles-a-f/atd +++ b/apparmor.d/profiles-a-f/atd @@ -6,7 +6,7 @@ abi , include -@{exec_path} = @{bin}/atd +@{exec_path} = @{sbin}/atd profile atd @{exec_path} { include include diff --git a/apparmor.d/profiles-a-f/blkdeactivate b/apparmor.d/profiles-a-f/blkdeactivate index f864a605b..d56782267 100644 --- a/apparmor.d/profiles-a-f/blkdeactivate +++ b/apparmor.d/profiles-a-f/blkdeactivate @@ -20,7 +20,7 @@ profile blkdeactivate @{exec_path} flags=(complain) { @{bin}/touch rix, @{bin}/lsblk rPx, @{sbin}/lvm rPx, - @{bin}/multipathd rPx, + @{sbin}/multipathd rPx, @{bin}/sort rix, @{bin}/umount rPx, diff --git a/apparmor.d/profiles-g-l/kerneloops b/apparmor.d/profiles-g-l/kerneloops index 815fa4e38..70c8b9460 100644 --- a/apparmor.d/profiles-g-l/kerneloops +++ b/apparmor.d/profiles-g-l/kerneloops @@ -7,7 +7,7 @@ abi , include -@{exec_path} = @{bin}/kerneloops +@{exec_path} = @{sbin}/kerneloops profile kerneloops @{exec_path} { include include diff --git a/apparmor.d/profiles-m-r/multipath b/apparmor.d/profiles-m-r/multipath index 409834fbc..588f4b6b1 100644 --- a/apparmor.d/profiles-m-r/multipath +++ b/apparmor.d/profiles-m-r/multipath @@ -6,7 +6,7 @@ abi , include -@{exec_path} = @{bin}/multipath +@{exec_path} = @{sbin}/multipath profile multipath @{exec_path} flags=(attach_disconnected) { include include diff --git a/apparmor.d/profiles-m-r/multipathd b/apparmor.d/profiles-m-r/multipathd index 14bb16caf..a07691a5c 100644 --- a/apparmor.d/profiles-m-r/multipathd +++ b/apparmor.d/profiles-m-r/multipathd @@ -6,7 +6,7 @@ abi , include -@{exec_path} = @{bin}/multipathd +@{exec_path} = @{sbin}/multipathd profile multipathd @{exec_path} { include include diff --git a/apparmor.d/profiles-m-r/os-prober b/apparmor.d/profiles-m-r/os-prober index 263fab8bb..fc071d80f 100644 --- a/apparmor.d/profiles-m-r/os-prober +++ b/apparmor.d/profiles-m-r/os-prober @@ -43,7 +43,7 @@ profile os-prober @{exec_path} flags=(attach_disconnected) { @{bin}/mkdir rix, @{bin}/mktemp rix, @{bin}/mount rix, - @{bin}/multipath rPx, + @{sbin}/multipath rPx, @{bin}/readlink rix, @{bin}/rm rix, @{bin}/rmdir rix, diff --git a/apparmor.d/profiles-m-r/qemu-ga b/apparmor.d/profiles-m-r/qemu-ga index 461d27c61..c6e6ca54e 100644 --- a/apparmor.d/profiles-m-r/qemu-ga +++ b/apparmor.d/profiles-m-r/qemu-ga @@ -6,7 +6,7 @@ abi , include -@{exec_path} = @{bin}/qemu-ga +@{exec_path} = @{sbin}/qemu-ga profile qemu-ga @{exec_path} { include diff --git a/apparmor.d/profiles-s-z/tlp b/apparmor.d/profiles-s-z/tlp index 52fe2af61..c01edd9ec 100644 --- a/apparmor.d/profiles-s-z/tlp +++ b/apparmor.d/profiles-s-z/tlp @@ -7,7 +7,7 @@ abi , include -@{exec_path} = @{bin}/tlp +@{exec_path} = @{sbin}/tlp profile tlp @{exec_path} flags=(attach_disconnected) { include include