From 9f02bd0ab9067a76f6dfd515fd4b8f59cf7d7240 Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Thu, 1 Apr 2021 23:36:58 +0100 Subject: [PATCH] Archlinux has no libexec. /usr/libexec ->{lib,libexec} --- apparmor.d/groups/desktop/accounts-daemon | 2 +- apparmor.d/groups/desktop/at-spi-bus-launcher | 2 +- apparmor.d/groups/desktop/at-spi2-registryd | 2 +- apparmor.d/groups/desktop/blueman-mechanism | 11 ++++++----- apparmor.d/groups/desktop/blueman-rfcomm-watcher | 4 ++-- apparmor.d/groups/desktop/bluetoothd | 2 +- apparmor.d/groups/desktop/colord | 8 ++++---- apparmor.d/groups/desktop/colord-sane | 2 +- apparmor.d/groups/desktop/colord-session | 2 +- apparmor.d/groups/desktop/dconf-service | 2 +- apparmor.d/groups/gvfs/gvfs-afc-volume-monitor | 2 +- apparmor.d/groups/gvfs/gvfs-goa-volume-monitor | 2 +- apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor | 2 +- apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor | 2 +- apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor | 2 +- apparmor.d/groups/gvfs/gvfsd | 6 +++--- apparmor.d/groups/gvfs/gvfsd-admin | 2 +- apparmor.d/groups/gvfs/gvfsd-afc | 2 +- apparmor.d/groups/gvfs/gvfsd-afp | 2 +- apparmor.d/groups/gvfs/gvfsd-afp-browse | 2 +- apparmor.d/groups/gvfs/gvfsd-archive | 2 +- apparmor.d/groups/gvfs/gvfsd-burn | 2 +- apparmor.d/groups/gvfs/gvfsd-cdda | 2 +- apparmor.d/groups/gvfs/gvfsd-computer | 2 +- apparmor.d/groups/gvfs/gvfsd-dav | 2 +- apparmor.d/groups/gvfs/gvfsd-dnssd | 2 +- apparmor.d/groups/gvfs/gvfsd-ftp | 2 +- apparmor.d/groups/gvfs/gvfsd-fuse | 2 +- apparmor.d/groups/gvfs/gvfsd-google | 2 +- apparmor.d/groups/gvfs/gvfsd-gphoto2 | 2 +- apparmor.d/groups/gvfs/gvfsd-http | 2 +- apparmor.d/groups/gvfs/gvfsd-localtest | 2 +- apparmor.d/groups/gvfs/gvfsd-metadata | 2 +- apparmor.d/groups/gvfs/gvfsd-mtp | 2 +- apparmor.d/groups/gvfs/gvfsd-network | 2 +- apparmor.d/groups/gvfs/gvfsd-nfs | 2 +- apparmor.d/groups/gvfs/gvfsd-recent | 2 +- apparmor.d/groups/gvfs/gvfsd-sftp | 2 +- apparmor.d/groups/gvfs/gvfsd-smb | 2 +- apparmor.d/groups/gvfs/gvfsd-smb-browse | 2 +- apparmor.d/groups/gvfs/gvfsd-trash | 2 +- apparmor.d/groups/network/openvpn | 6 +++--- apparmor.d/groups/systemd/systemd-fsck | 4 ++-- apparmor.d/profiles-a-l/iwconfig | 2 +- apparmor.d/profiles-a-l/lightdm | 2 +- apparmor.d/profiles-a-l/lightdm-gtk-greeter | 2 +- apparmor.d/profiles-m-z/obexd | 2 +- apparmor.d/profiles-m-z/openbox | 4 ++-- apparmor.d/profiles-m-z/rfkill | 2 +- apparmor.d/profiles-m-z/rtkit-daemon | 2 +- apparmor.d/profiles-m-z/udisksd | 4 ++-- apparmor.d/profiles-m-z/upowerd | 4 ++-- 52 files changed, 69 insertions(+), 68 deletions(-) diff --git a/apparmor.d/groups/desktop/accounts-daemon b/apparmor.d/groups/desktop/accounts-daemon index a3dfed9d3..0553f4107 100644 --- a/apparmor.d/groups/desktop/accounts-daemon +++ b/apparmor.d/groups/desktop/accounts-daemon @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/accountsservice/accounts-daemon -@{exec_path} += /usr/libexec/accounts-daemon +@{exec_path} += /usr/{lib,libexec}/accounts-daemon profile accounts-daemon @{exec_path} { include include diff --git a/apparmor.d/groups/desktop/at-spi-bus-launcher b/apparmor.d/groups/desktop/at-spi-bus-launcher index 11813a6d9..36bd53425 100644 --- a/apparmor.d/groups/desktop/at-spi-bus-launcher +++ b/apparmor.d/groups/desktop/at-spi-bus-launcher @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/at-spi2-core/at-spi-bus-launcher -@{exec_path} += /usr/libexec/at-spi-bus-launcher +@{exec_path} += /usr/{lib,libexec}/at-spi-bus-launcher profile at-spi-bus-launcher @{exec_path} { include include diff --git a/apparmor.d/groups/desktop/at-spi2-registryd b/apparmor.d/groups/desktop/at-spi2-registryd index a23e990be..566c46cb2 100644 --- a/apparmor.d/groups/desktop/at-spi2-registryd +++ b/apparmor.d/groups/desktop/at-spi2-registryd @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/at-spi2-core/at-spi2-registryd -@{exec_path} += /usr/libexec/at-spi2-registryd +@{exec_path} += /usr/{lib,libexec}/at-spi2-registryd profile at-spi2-registryd @{exec_path} { include include diff --git a/apparmor.d/groups/desktop/blueman-mechanism b/apparmor.d/groups/desktop/blueman-mechanism index dff136594..355803480 100644 --- a/apparmor.d/groups/desktop/blueman-mechanism +++ b/apparmor.d/groups/desktop/blueman-mechanism @@ -6,7 +6,8 @@ abi , include -@{exec_path} = /usr/libexec/blueman-mechanism +@{exec_path} = /usr/{lib,libexec}/blueman-mechanism +@{exec_path} += /{usr/,}lib/blueman/blueman-mechanism profile blueman-mechanism @{exec_path} { include include @@ -22,7 +23,7 @@ profile blueman-mechanism @{exec_path} { @{exec_path} r, /{usr/,}bin/python3.[0-9]* r, - /usr/libexec/ r, + /usr/{lib,libexec}/ r, /var/lib/blueman/network.state rw, @@ -33,9 +34,9 @@ profile blueman-mechanism @{exec_path} { # For network AP #/{usr/,}bin/ip rix, - #/{usr/,}sbin/xtables-nft-multi rix, - #/{usr/,}sbin/dnsmasq rPx, - #/{usr/,}sbin/dhclient rPx, + #/{usr/,}{s,}bin/xtables-nft-multi rix, + #/{usr/,}{s,}bin/dnsmasq rPx, + #/{usr/,}{s,}bin/dhclient rPx, # @{PROC}/sys/net/ipv4/ip_forward w, # @{PROC}/sys/net/ipv4/conf/ r, # @{PROC}/sys/net/ipv4/conf/*/forwarding w, diff --git a/apparmor.d/groups/desktop/blueman-rfcomm-watcher b/apparmor.d/groups/desktop/blueman-rfcomm-watcher index 729df7755..a52a9ba0e 100644 --- a/apparmor.d/groups/desktop/blueman-rfcomm-watcher +++ b/apparmor.d/groups/desktop/blueman-rfcomm-watcher @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /usr/libexec/blueman-rfcomm-watcher +@{exec_path} = /usr/{lib,libexec}/blueman-rfcomm-watcher profile blueman-rfcomm-watcher @{exec_path} { include include @@ -14,7 +14,7 @@ profile blueman-rfcomm-watcher @{exec_path} { @{exec_path} r, /{usr/,}bin/python3.[0-9]* r, - /usr/libexec/ r, + /usr/{lib,libexec}/ r, owner @{PROC}/@{pid}/mounts r, diff --git a/apparmor.d/groups/desktop/bluetoothd b/apparmor.d/groups/desktop/bluetoothd index 660f24f2d..8209d16de 100644 --- a/apparmor.d/groups/desktop/bluetoothd +++ b/apparmor.d/groups/desktop/bluetoothd @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/bluetooth/bluetoothd -@{exec_path} += /usr/libexec/bluetooth/bluetoothd +@{exec_path} += /usr/{lib,libexec}/bluetooth/bluetoothd profile bluetoothd @{exec_path} { include diff --git a/apparmor.d/groups/desktop/colord b/apparmor.d/groups/desktop/colord index 375c94938..88a48d631 100644 --- a/apparmor.d/groups/desktop/colord +++ b/apparmor.d/groups/desktop/colord @@ -6,8 +6,8 @@ abi , include -@{exec_path} = /{usr/,}lib/colord/colord /usr/libexec/colord -profile colord @{exec_path} { +@{exec_path} = /{usr/,}lib/colord/colord /usr/lib/colord +profile colord @{exec_path} flags=(attach_disconnected) { include include include @@ -16,8 +16,8 @@ profile colord @{exec_path} { @{exec_path} mr, - /{usr/,}lib/colord/colord-sane rPx, - /usr/libexec/colord-sane rPx, + /{usr/,}lib/colord/colord-sane rPx, + /usr/{lib,libexec}/colord-sane rPx, owner /var/lib/colord/** r, owner /var/lib/colord/.cache/ rw, diff --git a/apparmor.d/groups/desktop/colord-sane b/apparmor.d/groups/desktop/colord-sane index c6f66fe8f..9488de01d 100644 --- a/apparmor.d/groups/desktop/colord-sane +++ b/apparmor.d/groups/desktop/colord-sane @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/colord/colord-sane -@{exec_path} += /usr/libexec/colord-sane +@{exec_path} += /usr/{lib,libexec}/colord-sane profile colord-sane @{exec_path} flags=(complain) { include include diff --git a/apparmor.d/groups/desktop/colord-session b/apparmor.d/groups/desktop/colord-session index 72e38c55b..624d63a03 100644 --- a/apparmor.d/groups/desktop/colord-session +++ b/apparmor.d/groups/desktop/colord-session @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/colord/colord-session /usr/libexec/colord-session +@{exec_path} = /{usr/,}lib/colord/colord-session /usr/{lib,libexec}/colord-session profile colord-session @{exec_path} flags=(complain) { include diff --git a/apparmor.d/groups/desktop/dconf-service b/apparmor.d/groups/desktop/dconf-service index a20573b22..c7d72bd2d 100644 --- a/apparmor.d/groups/desktop/dconf-service +++ b/apparmor.d/groups/desktop/dconf-service @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}lib/dconf/dconf-service /usr/libexec/dconf-service +@{exec_path} = /{usr/,}lib/dconf/dconf-service /usr/{lib,libexec}/dconf-service profile dconf-service @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfs-afc-volume-monitor b/apparmor.d/groups/gvfs/gvfs-afc-volume-monitor index 080be9d74..a41fcea34 100644 --- a/apparmor.d/groups/gvfs/gvfs-afc-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-afc-volume-monitor @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfs-afc-volume-monitor -@{exec_path} += /usr/libexec/gvfs-afc-volume-monitor +@{exec_path} += /usr/{lib,libexec}/gvfs-afc-volume-monitor profile gvfs-afc-volume-monitor @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfs-goa-volume-monitor b/apparmor.d/groups/gvfs/gvfs-goa-volume-monitor index 42d19cd68..172715a79 100644 --- a/apparmor.d/groups/gvfs/gvfs-goa-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-goa-volume-monitor @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfs-goa-volume-monitor -@{exec_path} += /usr/libexec/gvfs-goa-volume-monitor +@{exec_path} += /usr/{lib,libexec}/gvfs-goa-volume-monitor profile gvfs-goa-volume-monitor @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor b/apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor index 103e0afb9..61712fff3 100644 --- a/apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-gphoto2-volume-monitor @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfs-gphoto2-volume-monitor -@{exec_path} += /usr/libexec/gvfs-gphoto2-volume-monitor +@{exec_path} += /usr/{lib,libexec}/gvfs-gphoto2-volume-monitor profile gvfs-gphoto2-volume-monitor @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor b/apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor index a4a1b0cef..eac62d54e 100644 --- a/apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-mtp-volume-monitor @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfs-mtp-volume-monitor -@{exec_path} += /usr/libexec/gvfs-mtp-volume-monitor +@{exec_path} += /usr/{lib,libexec}/gvfs-mtp-volume-monitor profile gvfs-mtp-volume-monitor @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor b/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor index 3ba42c32b..fd5521b5f 100644 --- a/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor +++ b/apparmor.d/groups/gvfs/gvfs-udisks2-volume-monitor @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfs-udisks2-volume-monitor -@{exec_path} += /usr/libexec/gvfs-udisks2-volume-monitor +@{exec_path} += /usr/{lib,libexec}/gvfs-udisks2-volume-monitor profile gvfs-udisks2-volume-monitor @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfsd b/apparmor.d/groups/gvfs/gvfsd index 716b2ffeb..64d5ad273 100644 --- a/apparmor.d/groups/gvfs/gvfsd +++ b/apparmor.d/groups/gvfs/gvfsd @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd -@{exec_path} += /usr/libexec/gvfsd +@{exec_path} += /usr/{lib,libexec}/gvfsd profile gvfsd @{exec_path} { include @@ -16,8 +16,8 @@ profile gvfsd @{exec_path} { /{usr/,}bin/{,ba,da}sh rix, # Don't strip env here. - /{usr/,}lib/gvfs/gvfsd-* rPx, - /usr/libexec/gvfsd-* rPx, + /{usr/,}lib/gvfs/gvfsd-* rPx, + /usr/{lib,libexec}/gvfsd-* rPx, /usr/share/gvfs/{,**} r, diff --git a/apparmor.d/groups/gvfs/gvfsd-admin b/apparmor.d/groups/gvfs/gvfsd-admin index a3726b83e..7a67acee6 100644 --- a/apparmor.d/groups/gvfs/gvfsd-admin +++ b/apparmor.d/groups/gvfs/gvfsd-admin @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-admin -@{exec_path} += /usr/libexec/gvfsd-admin +@{exec_path} += /usr/{lib,libexec}/gvfsd-admin profile gvfsd-admin @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-afc b/apparmor.d/groups/gvfs/gvfsd-afc index 1ed38657c..624c062d9 100644 --- a/apparmor.d/groups/gvfs/gvfsd-afc +++ b/apparmor.d/groups/gvfs/gvfsd-afc @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-afc -@{exec_path} += /usr/libexec/gvfsd-afc +@{exec_path} += /usr/{lib,libexec}/gvfsd-afc profile gvfsd-afc @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-afp b/apparmor.d/groups/gvfs/gvfsd-afp index 8869db27b..d1a29b240 100644 --- a/apparmor.d/groups/gvfs/gvfsd-afp +++ b/apparmor.d/groups/gvfs/gvfsd-afp @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-afp -@{exec_path} += /usr/libexec/gvfsd-afp +@{exec_path} += /usr/{lib,libexec}/gvfsd-afp profile gvfsd-afp @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-afp-browse b/apparmor.d/groups/gvfs/gvfsd-afp-browse index 525ddb2bf..b114de57a 100644 --- a/apparmor.d/groups/gvfs/gvfsd-afp-browse +++ b/apparmor.d/groups/gvfs/gvfsd-afp-browse @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-afp-browse -@{exec_path} += /usr/libexec/gvfsd-afp-browse +@{exec_path} += /usr/{lib,libexec}/gvfsd-afp-browse profile gvfsd-afp-browse @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-archive b/apparmor.d/groups/gvfs/gvfsd-archive index 73d781356..11b577410 100644 --- a/apparmor.d/groups/gvfs/gvfsd-archive +++ b/apparmor.d/groups/gvfs/gvfsd-archive @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-archive -@{exec_path} += /usr/libexec/gvfsd-archive +@{exec_path} += /usr/{lib,libexec}/gvfsd-archive profile gvfsd-archive @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfsd-burn b/apparmor.d/groups/gvfs/gvfsd-burn index 6d60f65e5..bdff2011e 100644 --- a/apparmor.d/groups/gvfs/gvfsd-burn +++ b/apparmor.d/groups/gvfs/gvfsd-burn @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-burn -@{exec_path} += /usr/libexec/gvfsd-burn +@{exec_path} += /usr/{lib,libexec}/gvfsd-burn profile gvfsd-burn @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-cdda b/apparmor.d/groups/gvfs/gvfsd-cdda index 6debb2751..3a592ac21 100644 --- a/apparmor.d/groups/gvfs/gvfsd-cdda +++ b/apparmor.d/groups/gvfs/gvfsd-cdda @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-cdda -@{exec_path} += /usr/libexec/gvfsd-cdda +@{exec_path} += /usr/{lib,libexec}/gvfsd-cdda profile gvfsd-cdda @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-computer b/apparmor.d/groups/gvfs/gvfsd-computer index 0b839ce8e..6e685bb46 100644 --- a/apparmor.d/groups/gvfs/gvfsd-computer +++ b/apparmor.d/groups/gvfs/gvfsd-computer @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-computer -@{exec_path} += /usr/libexec/gvfsd-computer +@{exec_path} += /usr/{lib,libexec}/gvfsd-computer profile gvfsd-computer @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-dav b/apparmor.d/groups/gvfs/gvfsd-dav index c831603bf..0963b5521 100644 --- a/apparmor.d/groups/gvfs/gvfsd-dav +++ b/apparmor.d/groups/gvfs/gvfsd-dav @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-dav -@{exec_path} += /usr/libexec/gvfsd-dav +@{exec_path} += /usr/{lib,libexec}/gvfsd-dav profile gvfsd-dav @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-dnssd b/apparmor.d/groups/gvfs/gvfsd-dnssd index b356c6bda..ce3e09b87 100644 --- a/apparmor.d/groups/gvfs/gvfsd-dnssd +++ b/apparmor.d/groups/gvfs/gvfsd-dnssd @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-dnssd -@{exec_path} += /usr/libexec/gvfsd-dnssd +@{exec_path} += /usr/{lib,libexec}/gvfsd-dnssd profile gvfsd-dnssd @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-ftp b/apparmor.d/groups/gvfs/gvfsd-ftp index 939d59082..9c3e8e8f2 100644 --- a/apparmor.d/groups/gvfs/gvfsd-ftp +++ b/apparmor.d/groups/gvfs/gvfsd-ftp @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-ftp -@{exec_path} += /usr/libexec/gvfsd-ftp +@{exec_path} += /usr/{lib,libexec}/gvfsd-ftp profile gvfsd-ftp @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfsd-fuse b/apparmor.d/groups/gvfs/gvfsd-fuse index 0f0f749e4..0094e54b7 100644 --- a/apparmor.d/groups/gvfs/gvfsd-fuse +++ b/apparmor.d/groups/gvfs/gvfsd-fuse @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-fuse -@{exec_path} += /usr/libexec/gvfsd-fuse +@{exec_path} += /usr/{lib,libexec}/gvfsd-fuse profile gvfsd-fuse @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-google b/apparmor.d/groups/gvfs/gvfsd-google index 8ffbce34a..0da9033f7 100644 --- a/apparmor.d/groups/gvfs/gvfsd-google +++ b/apparmor.d/groups/gvfs/gvfsd-google @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-google -@{exec_path} += /usr/libexec/gvfsd-google +@{exec_path} += /usr/{lib,libexec}/gvfsd-google profile gvfsd-google @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-gphoto2 b/apparmor.d/groups/gvfs/gvfsd-gphoto2 index 7a6948d23..c22aa2732 100644 --- a/apparmor.d/groups/gvfs/gvfsd-gphoto2 +++ b/apparmor.d/groups/gvfs/gvfsd-gphoto2 @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-gphoto2 -@{exec_path} += /usr/libexec/gvfsd-gphoto2 +@{exec_path} += /usr/{lib,libexec}/gvfsd-gphoto2 profile gvfsd-gphoto2 @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-http b/apparmor.d/groups/gvfs/gvfsd-http index 21c28ceb1..428265256 100644 --- a/apparmor.d/groups/gvfs/gvfsd-http +++ b/apparmor.d/groups/gvfs/gvfsd-http @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-http -@{exec_path} += /usr/libexec/gvfsd-http +@{exec_path} += /usr/{lib,libexec}/gvfsd-http profile gvfsd-http @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfsd-localtest b/apparmor.d/groups/gvfs/gvfsd-localtest index 8ad2f9d5b..fb7dd151d 100644 --- a/apparmor.d/groups/gvfs/gvfsd-localtest +++ b/apparmor.d/groups/gvfs/gvfsd-localtest @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-localtest -@{exec_path} += /usr/libexec/gvfsd-localtest +@{exec_path} += /usr/{lib,libexec}/gvfsd-localtest profile gvfsd-localtest @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-metadata b/apparmor.d/groups/gvfs/gvfsd-metadata index c57bb99fa..b727142d7 100644 --- a/apparmor.d/groups/gvfs/gvfsd-metadata +++ b/apparmor.d/groups/gvfs/gvfsd-metadata @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-metadata -@{exec_path} += /usr/libexec/gvfsd-metadata +@{exec_path} += /usr/{lib,libexec}/gvfsd-metadata profile gvfsd-metadata @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfsd-mtp b/apparmor.d/groups/gvfs/gvfsd-mtp index 0ed77575b..7840dffdd 100644 --- a/apparmor.d/groups/gvfs/gvfsd-mtp +++ b/apparmor.d/groups/gvfs/gvfsd-mtp @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-mtp -@{exec_path} += /usr/libexec/gvfsd-mtp +@{exec_path} += /usr/{lib,libexec}/gvfsd-mtp profile gvfsd-mtp @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfsd-network b/apparmor.d/groups/gvfs/gvfsd-network index ac3c06b23..a501165da 100644 --- a/apparmor.d/groups/gvfs/gvfsd-network +++ b/apparmor.d/groups/gvfs/gvfsd-network @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-network -@{exec_path} += /usr/libexec/gvfsd-network +@{exec_path} += /usr/{lib,libexec}/gvfsd-network profile gvfsd-network @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-nfs b/apparmor.d/groups/gvfs/gvfsd-nfs index b386a6d39..e6f48a993 100644 --- a/apparmor.d/groups/gvfs/gvfsd-nfs +++ b/apparmor.d/groups/gvfs/gvfsd-nfs @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-nfs -@{exec_path} += /usr/libexec/gvfsd-nfs +@{exec_path} += /usr/{lib,libexec}/gvfsd-nfs profile gvfsd-nfs @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfsd-recent b/apparmor.d/groups/gvfs/gvfsd-recent index 58e61473d..0a3d059d9 100644 --- a/apparmor.d/groups/gvfs/gvfsd-recent +++ b/apparmor.d/groups/gvfs/gvfsd-recent @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-recent -@{exec_path} += /usr/libexec/gvfsd-recent +@{exec_path} += /usr/{lib,libexec}/gvfsd-recent profile gvfsd-recent @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-sftp b/apparmor.d/groups/gvfs/gvfsd-sftp index 9296d2d37..62d6d026c 100644 --- a/apparmor.d/groups/gvfs/gvfsd-sftp +++ b/apparmor.d/groups/gvfs/gvfsd-sftp @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-sftp -@{exec_path} += /usr/libexec/gvfsd-sftp +@{exec_path} += /usr/{lib,libexec}/gvfsd-sftp profile gvfsd-sftp @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfsd-smb b/apparmor.d/groups/gvfs/gvfsd-smb index d0cb263a1..ca9d62a85 100644 --- a/apparmor.d/groups/gvfs/gvfsd-smb +++ b/apparmor.d/groups/gvfs/gvfsd-smb @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-smb -@{exec_path} += /usr/libexec/gvfsd-smb +@{exec_path} += /usr/{lib,libexec}/gvfsd-smb profile gvfsd-smb @{exec_path} { include include diff --git a/apparmor.d/groups/gvfs/gvfsd-smb-browse b/apparmor.d/groups/gvfs/gvfsd-smb-browse index 696926aa3..56565252f 100644 --- a/apparmor.d/groups/gvfs/gvfsd-smb-browse +++ b/apparmor.d/groups/gvfs/gvfsd-smb-browse @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-smb-browse -@{exec_path} += /usr/libexec/gvfsd-smb-browse +@{exec_path} += /usr/{lib,libexec}/gvfsd-smb-browse profile gvfsd-smb-browse @{exec_path} { include diff --git a/apparmor.d/groups/gvfs/gvfsd-trash b/apparmor.d/groups/gvfs/gvfsd-trash index 39b8fe4fb..8eaaca3f2 100644 --- a/apparmor.d/groups/gvfs/gvfsd-trash +++ b/apparmor.d/groups/gvfs/gvfsd-trash @@ -7,7 +7,7 @@ abi , include @{exec_path} = /{usr/,}lib/gvfs/gvfsd-trash -@{exec_path} += /usr/libexec/gvfsd-trash +@{exec_path} += /usr/{lib,libexec}/gvfsd-trash profile gvfsd-trash @{exec_path} { include include diff --git a/apparmor.d/groups/network/openvpn b/apparmor.d/groups/network/openvpn index 0fa2d220c..082c7fd3b 100644 --- a/apparmor.d/groups/network/openvpn +++ b/apparmor.d/groups/network/openvpn @@ -16,7 +16,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/openvpn +@{exec_path} = /{usr/,}{s,}bin/openvpn profile openvpn @{exec_path} { include include @@ -81,7 +81,7 @@ profile openvpn @{exec_path} { /{usr/,}bin/cut rix, /{usr/,}bin/which rix, /{usr/,}bin/ip rix, - /{usr/,}sbin/xtables-nft-multi rix, + /{usr/,}{s,}bin/xtables-nft-multi rix, /etc/iproute2/rt_tables r, /etc/iproute2/rt_tables.d/ r, @@ -106,7 +106,7 @@ profile openvpn @{exec_path} { /{usr/,}bin/cut rix, /{usr/,}bin/{,e}grep rix, /{usr/,}bin/ip rix, - /{usr/,}sbin/nft rix, + /{usr/,}{s,}bin/nft rix, /{usr/,}bin/env rix, /etc/iproute2/rt_realms r, diff --git a/apparmor.d/groups/systemd/systemd-fsck b/apparmor.d/groups/systemd/systemd-fsck index 03f21fc6f..ec06fdf86 100644 --- a/apparmor.d/groups/systemd/systemd-fsck +++ b/apparmor.d/groups/systemd/systemd-fsck @@ -20,8 +20,8 @@ profile systemd-fsck @{exec_path} { @{exec_path} mr, - /{usr/,}sbin/fsck rPx, - /{usr/,}sbin/e2fsck rPx, + /{usr/,}{s,}bin/fsck rPx, + /{usr/,}{s,}bin/e2fsck rPx, owner @{run}/systemd/quotacheck w, diff --git a/apparmor.d/profiles-a-l/iwconfig b/apparmor.d/profiles-a-l/iwconfig index 1f2d89d48..aa636c589 100644 --- a/apparmor.d/profiles-a-l/iwconfig +++ b/apparmor.d/profiles-a-l/iwconfig @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/iwconfig +@{exec_path} = /{usr/,}{s,}bin/iwconfig profile iwconfig @{exec_path} { include diff --git a/apparmor.d/profiles-a-l/lightdm b/apparmor.d/profiles-a-l/lightdm index ace96c0a0..5da3f7787 100644 --- a/apparmor.d/profiles-a-l/lightdm +++ b/apparmor.d/profiles-a-l/lightdm @@ -116,7 +116,7 @@ profile lightdm @{exec_path} { /var/cache/lightdm/dmrc/*.dmrc* rw, /{usr/,}lib/at-spi2-core/at-spi-bus-launcher rPUx, - /usr/libexec/at-spi-bus-launcher rPUx, + /usr/{lib,libexec}/at-spi-bus-launcher rPUx, include if exists } diff --git a/apparmor.d/profiles-a-l/lightdm-gtk-greeter b/apparmor.d/profiles-a-l/lightdm-gtk-greeter index f05f3737f..476afcc75 100644 --- a/apparmor.d/profiles-a-l/lightdm-gtk-greeter +++ b/apparmor.d/profiles-a-l/lightdm-gtk-greeter @@ -51,7 +51,7 @@ profile lightdm-gtk-greeter @{exec_path} { @{HOME}/.face r, /{usr/,}lib/at-spi2-core/at-spi-bus-launcher rPUx, - /usr/libexec/at-spi-bus-launcher rPUx, + /usr/{lib,libexec}/at-spi-bus-launcher rPUx, profile systemd { diff --git a/apparmor.d/profiles-m-z/obexd b/apparmor.d/profiles-m-z/obexd index 549a67c48..95d016aeb 100644 --- a/apparmor.d/profiles-m-z/obexd +++ b/apparmor.d/profiles-m-z/obexd @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /usr/libexec/bluetooth/obexd +@{exec_path} = /usr/{lib,libexec}/bluetooth/obexd profile obexd @{exec_path} { include include diff --git a/apparmor.d/profiles-m-z/openbox b/apparmor.d/profiles-m-z/openbox index d659eeda7..ba9764179 100644 --- a/apparmor.d/profiles-m-z/openbox +++ b/apparmor.d/profiles-m-z/openbox @@ -24,7 +24,7 @@ profile openbox @{exec_path} { # Apps allowed to run /{usr/,}{s,}bin/* rPUx, /{usr/,}bin/* rPUx, - /usr/libexec/* rPUx, + /usr/{lib,libexec}/* rPUx, /usr/share/themes/*/openbox-3/themerc r, @@ -61,7 +61,7 @@ profile openbox @{exec_path} { # Apps allowed to run /{usr/,}bin/* rPUx, - /usr/libexec/* rPUx, + /usr/{lib,libexec}/* rPUx, /{usr/,}lib/@{multiarch}/*/** rPUx, /usr/local/lib/python*/dist-packages/ r, diff --git a/apparmor.d/profiles-m-z/rfkill b/apparmor.d/profiles-m-z/rfkill index 16a592ce3..b87cdb027 100644 --- a/apparmor.d/profiles-m-z/rfkill +++ b/apparmor.d/profiles-m-z/rfkill @@ -6,7 +6,7 @@ abi , include -@{exec_path} = /{usr/,}sbin/rfkill +@{exec_path} = /{usr/,}{s,}bin/rfkill profile rfkill @{exec_path} { include diff --git a/apparmor.d/profiles-m-z/rtkit-daemon b/apparmor.d/profiles-m-z/rtkit-daemon index b6e957223..31347b7e7 100644 --- a/apparmor.d/profiles-m-z/rtkit-daemon +++ b/apparmor.d/profiles-m-z/rtkit-daemon @@ -7,7 +7,7 @@ abi , include -@{exec_path} = /usr/libexec/rtkit-daemon +@{exec_path} = /usr/{lib,libexec}/rtkit-daemon profile rtkit-daemon @{exec_path} { include include diff --git a/apparmor.d/profiles-m-z/udisksd b/apparmor.d/profiles-m-z/udisksd index 8fc2b4499..f2f519f14 100644 --- a/apparmor.d/profiles-m-z/udisksd +++ b/apparmor.d/profiles-m-z/udisksd @@ -7,8 +7,8 @@ abi , include @{exec_path} = /{usr/,}lib/udisks2/udisksd -@{exec_path} += /usr/libexec/udisks2/udisksd -profile udisksd @{exec_path} { +@{exec_path} += /usr/{lib,libexec}/udisks2/udisksd +profile udisksd @{exec_path} flags=(attach_disconnected) { include include include diff --git a/apparmor.d/profiles-m-z/upowerd b/apparmor.d/profiles-m-z/upowerd index ce648a4f9..73f119d3c 100644 --- a/apparmor.d/profiles-m-z/upowerd +++ b/apparmor.d/profiles-m-z/upowerd @@ -7,8 +7,8 @@ abi , include @{exec_path} = /{usr/,}lib/upower/upowerd -@{exec_path} += /usr/libexec/upowerd -profile upowerd @{exec_path} { +@{exec_path} += /usr/{lib,libexec}/upowerd +profile upowerd @{exec_path} flags=(attach_disconnected) { include include