diff --git a/apparmor.d/abstractions/apt-common b/apparmor.d/abstractions/apt-common index 3207391df..089b39013 100644 --- a/apparmor.d/abstractions/apt-common +++ b/apparmor.d/abstractions/apt-common @@ -27,6 +27,6 @@ /var/lib/ubuntu-advantage/apt-esm/{,**} r, owner /tmp/clearsigned.message.* rw, - owner /tmp/#[0-9]*[0-9] rw, + owner /tmp/#@{int} rw, include if exists \ No newline at end of file diff --git a/apparmor.d/abstractions/kde5-plasma5 b/apparmor.d/abstractions/kde5-plasma5 index e45c72e4a..5c592178e 100644 --- a/apparmor.d/abstractions/kde5-plasma5 +++ b/apparmor.d/abstractions/kde5-plasma5 @@ -19,14 +19,14 @@ # For app config (in order to work the KDE_APP_NAME variable has to be set in profile which # includes this abstraction) - #owner @{user_config_dirs}/#[0-9]*[0-9] rwk, - #owner @{user_config_dirs}/@{KDE_APP_NAME}rc* rwlk -> @{user_config_dirs}/#[0-9]*[0-9], - #owner @{run}/user/@{uid}/#[0-9]*[0-9] rw, - #owner @{run}/user/@{uid}/@{KDE_APP_NAME}*.slave-socket rwl -> @{run}/user/@{uid}/#[0-9]*[0-9], + #owner @{user_config_dirs}/#@{int} rwk, + #owner @{user_config_dirs}/@{KDE_APP_NAME}rc* rwlk -> @{user_config_dirs}/#@{int}, + #owner @{run}/user/@{uid}/#@{int} rw, + #owner @{run}/user/@{uid}/@{KDE_APP_NAME}*.slave-socket rwl -> @{run}/user/@{uid}/#@{int}, # Common KDE config files - #owner @{user_config_dirs}/#[0-9]*[0-9] rw, - #owner @{user_config_dirs}/kdeglobals* rwkl -> @{user_config_dirs}/#[0-9]*[0-9], + #owner @{user_config_dirs}/#@{int} rw, + #owner @{user_config_dirs}/kdeglobals* rwkl -> @{user_config_dirs}/#@{int}, #owner @{user_config_dirs}/baloofilerc r, #owner @{user_config_dirs}/dolphinrc r, #owner @{user_config_dirs}/trashrc r, @@ -36,8 +36,8 @@ # For bookmarks #@{bin}/keditbookmarks rPUx, #owner @{user_share_dirs}/kfile/ rw, - #owner @{user_share_dirs}/kfile/#[0-9]*[0-9] rw, - #owner @{user_share_dirs}/kfile/bookmarks.xml* rwl -> @{user_share_dirs}/kfile/#[0-9]*[0-9], + #owner @{user_share_dirs}/kfile/#@{int} rw, + #owner @{user_share_dirs}/kfile/bookmarks.xml* rwl -> @{user_share_dirs}/kfile/#@{int}, # Common cache files #owner @{user_cache_dirs}/icon-cache.kcache rw, diff --git a/apparmor.d/abstractions/qt5-shader-cache b/apparmor.d/abstractions/qt5-shader-cache index 81b9d5d0e..d89b89b85 100644 --- a/apparmor.d/abstractions/qt5-shader-cache +++ b/apparmor.d/abstractions/qt5-shader-cache @@ -6,10 +6,10 @@ abi , owner @{user_cache_dirs}/qtshadercache/ rw, - owner @{user_cache_dirs}/qtshadercache/#@{number} rw, - owner @{user_cache_dirs}/qtshadercache/@{hex} rwl -> @{user_cache_dirs}/qtshadercache/#@{number}, + owner @{user_cache_dirs}/qtshadercache/#@{int} rw, + owner @{user_cache_dirs}/qtshadercache/@{hex} rwl -> @{user_cache_dirs}/qtshadercache/#@{int}, owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/ rw, - owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/#@{number} rw, - owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/@{hex}* rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#@{number}, + owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/#@{int} rw, + owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/@{hex}* rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#@{int}, include if exists diff --git a/apparmor.d/abstractions/thumbnails-cache-write b/apparmor.d/abstractions/thumbnails-cache-write index e136d08de..199446491 100644 --- a/apparmor.d/abstractions/thumbnails-cache-write +++ b/apparmor.d/abstractions/thumbnails-cache-write @@ -6,12 +6,12 @@ owner @{HOME}/thumbnails/ rw, owner @{HOME}/thumbnails/{large,normal}/ rw, - owner @{HOME}/thumbnails/{large,normal}/#[0-9]*[0-9] rw, - owner @{HOME}/thumbnails/{large,normal}/[a-f0-9]*.png rwl -> @{user_cache_dirs}/thumbnails/{large,normal}/#[0-9]*[0-9], + owner @{HOME}/thumbnails/{large,normal}/#@{int} rw, + owner @{HOME}/thumbnails/{large,normal}/[a-f0-9]*.png rwl -> @{user_cache_dirs}/thumbnails/{large,normal}/#@{int}, owner @{user_cache_dirs}/thumbnails/ rw, owner @{user_cache_dirs}/thumbnails/{large,normal}/ rw, - owner @{user_cache_dirs}/thumbnails/{large,normal}/#[0-9]*[0-9] rw, - owner @{user_cache_dirs}/thumbnails/{large,normal}/[a-f0-9]*.png rwl -> @{user_cache_dirs}/thumbnails/{large,normal}/#[0-9]*[0-9], + owner @{user_cache_dirs}/thumbnails/{large,normal}/#@{int} rw, + owner @{user_cache_dirs}/thumbnails/{large,normal}/[a-f0-9]*.png rwl -> @{user_cache_dirs}/thumbnails/{large,normal}/#@{int}, include if exists \ No newline at end of file diff --git a/apparmor.d/abstractions/trash.d/complete b/apparmor.d/abstractions/trash.d/complete index db23f93a2..c15fc1ae4 100644 --- a/apparmor.d/abstractions/trash.d/complete +++ b/apparmor.d/abstractions/trash.d/complete @@ -5,11 +5,11 @@ owner @{user_config_dirs}/trashrc rw, owner @{user_config_dirs}/trashrc.lock rwk, - owner @{user_config_dirs}/#[0-9]*[0-9] rwk, - owner @{user_config_dirs}/trashrc.* rwl -> @{user_config_dirs}/#[0-9]*[0-9], + owner @{user_config_dirs}/#@{int} rwk, + owner @{user_config_dirs}/trashrc.* rwl -> @{user_config_dirs}/#@{int}, - owner @{run}/user/@{uid}/#[0-9]*[0-9] rw, - owner @{run}/user/@{uid}/trash.so*.[0-9].slave-socket rwl -> @{run}/user/@{uid}/#[0-9]*[0-9], + owner @{run}/user/@{uid}/#@{int} rw, + owner @{run}/user/@{uid}/trash.so*.[0-9].slave-socket rwl -> @{run}/user/@{uid}/#@{int}, # Home trash location owner @{user_share_dirs}/Trash/{,**} rwl, diff --git a/apparmor.d/groups/akonadi/akonadi_archivemail_agent b/apparmor.d/groups/akonadi/akonadi_archivemail_agent index 482430550..bbc76ba82 100644 --- a/apparmor.d/groups/akonadi/akonadi_archivemail_agent +++ b/apparmor.d/groups/akonadi/akonadi_archivemail_agent @@ -31,7 +31,7 @@ profile akonadi_archivemail_agent @{exec_path} { owner @{user_cache_dirs}/icon-cache.kcache rw, - owner @{user_config_dirs}/#@{number} rw, + owner @{user_config_dirs}/#@{int} rw, owner @{user_config_dirs}/akonadi_archivemail_agentrc r, owner @{user_config_dirs}/akonadi/agent_config_akonadi_archivemail_agent r, owner @{user_config_dirs}/akonadi/agent_config_akonadi_archivemail_agent_changes{,.dat} rw, diff --git a/apparmor.d/groups/akonadi/akonadi_indexing_agent b/apparmor.d/groups/akonadi/akonadi_indexing_agent index 968e255e3..72feebf24 100644 --- a/apparmor.d/groups/akonadi/akonadi_indexing_agent +++ b/apparmor.d/groups/akonadi/akonadi_indexing_agent @@ -34,7 +34,7 @@ profile akonadi_indexing_agent @{exec_path} { owner @{user_cache_dirs}/icon-cache.kcache rw, owner @{user_config_dirs}/akonadi_indexing_agentrc r, - owner @{user_config_dirs}/akonadi/#[0-9]* rw, + owner @{user_config_dirs}/akonadi/#@{int} rw, owner @{user_config_dirs}/akonadi/agent_config_akonadi_indexing_agent{,.*} rwlk, owner @{user_config_dirs}/akonadi/akonadiconnectionrc r, owner @{user_config_dirs}/kdedefaults/kdeglobals r, diff --git a/apparmor.d/groups/akonadi/akonadi_maildispatcher_agent b/apparmor.d/groups/akonadi/akonadi_maildispatcher_agent index 4e0965f3c..0c830f299 100644 --- a/apparmor.d/groups/akonadi/akonadi_maildispatcher_agent +++ b/apparmor.d/groups/akonadi/akonadi_maildispatcher_agent @@ -37,7 +37,7 @@ profile akonadi_maildispatcher_agent @{exec_path} { owner @{user_cache_dirs}/icon-cache.kcache rw, - owner @{user_config_dirs}/akonadi/#[0-9]* rw, + owner @{user_config_dirs}/akonadi/#@{int} rw, owner @{user_config_dirs}/akonadi/agent_config_akonadi_maildispatcher_agent* rwkl, owner @{user_config_dirs}/akonadi/akonadiconnectionrc r, owner @{user_config_dirs}/kdedefaults/kdeglobals r, diff --git a/apparmor.d/groups/akonadi/akonadi_mailfilter_agent b/apparmor.d/groups/akonadi/akonadi_mailfilter_agent index 8a91f5943..d7061798b 100644 --- a/apparmor.d/groups/akonadi/akonadi_mailfilter_agent +++ b/apparmor.d/groups/akonadi/akonadi_mailfilter_agent @@ -36,7 +36,7 @@ profile akonadi_mailfilter_agent @{exec_path} { owner @{user_cache_dirs}/icon-cache.kcache rw, - owner @{user_config_dirs}/#@{number} rw, + owner @{user_config_dirs}/#@{int} rw, owner @{user_config_dirs}/agent_config_akonadi_mailfilter_agent r, owner @{user_config_dirs}/akonadi_*_resource_*rc r, owner @{user_config_dirs}/akonadi_mailfilter_agentrc r, @@ -54,7 +54,7 @@ profile akonadi_mailfilter_agent @{exec_path} { owner @{user_config_dirs}/kmail2rc r, owner @{user_config_dirs}/kwinrc r, - owner /tmp/#[0-9]* rw, + owner /tmp/#@{int} rw, owner /tmp/akonadi_mailfilter_agent.* rwl, owner @{user_config_dirs}/specialmailcollectionsrc r, diff --git a/apparmor.d/groups/akonadi/akonadi_newmailnotifier_agent b/apparmor.d/groups/akonadi/akonadi_newmailnotifier_agent index c4f16840d..c60394784 100644 --- a/apparmor.d/groups/akonadi/akonadi_newmailnotifier_agent +++ b/apparmor.d/groups/akonadi/akonadi_newmailnotifier_agent @@ -33,7 +33,7 @@ profile akonadi_newmailnotifier_agent @{exec_path} { owner @{user_cache_dirs}/icon-cache.kcache rw, - owner @{user_config_dirs}/#@{number} rw, + owner @{user_config_dirs}/#@{int} rw, owner @{user_config_dirs}/akonadi_newmailnotifier_agentrc r, owner @{user_config_dirs}/akonadi/agent_config_akonadi_newmailnotifier_agent_changes{,_changes.dat,.dat} rw, owner @{user_config_dirs}/akonadi/akonadiconnectionrc r, diff --git a/apparmor.d/groups/apps/calibre b/apparmor.d/groups/apps/calibre index 6696f90ac..6f8fe7836 100644 --- a/apparmor.d/groups/apps/calibre +++ b/apparmor.d/groups/apps/calibre @@ -128,11 +128,11 @@ profile calibre @{exec_path} { owner @{user_cache_dirs}/calibre/ rw, owner @{user_cache_dirs}/calibre/** rwkl -> @{user_cache_dirs}/calibre/**, - owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/@{hex} rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9], - owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw, + owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/@{hex} rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#@{int}, + owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/#@{int} rw, owner @{user_cache_dirs}/qtshadercache/ rw, - owner @{user_cache_dirs}/qtshadercache/@{hex} rwl -> @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9], - owner @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9] rw, + owner @{user_cache_dirs}/qtshadercache/@{hex} rwl -> @{user_cache_dirs}/qtshadercache/#@{int}, + owner @{user_cache_dirs}/qtshadercache/#@{int} rw, owner @{user_cache_dirs}/gstreamer-[0-9]*/ rw, owner @{user_cache_dirs}/gstreamer-[0-9]*/registry.*.bin{,.tmp*} rw, @@ -146,7 +146,7 @@ profile calibre @{exec_path} { # owner /tmp/[0-9]*-*/** rwl -> /tmp/[0-9]*-*/**, # newer AA version owner /tmp/* rw, - owner /dev/shm/#[0-9]*[0-9] rw, + owner /dev/shm/#@{int} rw, @{sys}/devices/pci[0-9]*/**/irq r, diff --git a/apparmor.d/groups/apps/dropbox b/apparmor.d/groups/apps/dropbox index 47bb83ec9..9c7321f61 100644 --- a/apparmor.d/groups/apps/dropbox +++ b/apparmor.d/groups/apps/dropbox @@ -107,7 +107,7 @@ profile dropbox @{exec_path} { # Dropbox first tries the /tmp/ dir, and if it's denied it uses the /var/tmp/ dir instead owner /tmp/dropbox-antifreeze-* rw, owner /tmp/[a-zA-z0-9]* rw, - owner /tmp/#[0-9]*[0-9] rw, + owner /tmp/#@{int} rw, owner /var/tmp/etilqs_* rw, @{run}/systemd/users/@{uid} r, diff --git a/apparmor.d/groups/apps/flameshot b/apparmor.d/groups/apps/flameshot index 3c0054bcf..645934f4d 100644 --- a/apparmor.d/groups/apps/flameshot +++ b/apparmor.d/groups/apps/flameshot @@ -40,8 +40,8 @@ profile flameshot @{exec_path} { # Flameshot home files owner @{user_config_dirs}/flameshot/ rw, owner @{user_config_dirs}/flameshot/flameshot.ini rw, - owner @{user_config_dirs}/flameshot/#[0-9]*[0-9] rw, - owner @{user_config_dirs}/flameshot/flameshot.ini* rwl -> @{user_config_dirs}/flameshot/#[0-9]*[0-9], + owner @{user_config_dirs}/flameshot/#@{int} rw, + owner @{user_config_dirs}/flameshot/flameshot.ini* rwl -> @{user_config_dirs}/flameshot/#@{int}, owner @{user_config_dirs}/flameshot/flameshot.ini.lock rwk, owner @{user_config_dirs}/qt5ct/{,**} r, @@ -63,7 +63,7 @@ profile flameshot @{exec_path} { /etc/fstab r, - /dev/shm/#[0-9]*[0-9] rw, + /dev/shm/#@{int} rw, # file_inherit owner /dev/tty[0-9]* rw, diff --git a/apparmor.d/groups/apps/okular b/apparmor.d/groups/apps/okular index c4aba3b77..ffc8473ef 100644 --- a/apparmor.d/groups/apps/okular +++ b/apparmor.d/groups/apps/okular @@ -39,15 +39,15 @@ profile okular @{exec_path} { /tmp/mozilla_*/ r, owner /{home,media,tmp/mozilla_*}/**.@{okular_ext} rw, - owner @{user_config_dirs}/#[0-9]*[0-9] rw, + owner @{user_config_dirs}/#@{int} rw, owner @{user_config_dirs}/okularrc rw, owner @{user_config_dirs}/okularrc.lock rwk, - owner @{user_config_dirs}/okularrc.* rwl -> @{user_config_dirs}/#[0-9]*[0-9], + owner @{user_config_dirs}/okularrc.* rwl -> @{user_config_dirs}/#@{int}, owner @{user_config_dirs}/okularpartrc rw, owner @{user_config_dirs}/okularpartrc.lock rwk, - owner @{user_config_dirs}/okularpartrc.* rwl -> @{user_config_dirs}/#[0-9]*[0-9], + owner @{user_config_dirs}/okularpartrc.* rwl -> @{user_config_dirs}/#@{int}, owner @{user_config_dirs}/kdeglobals r, owner @{user_config_dirs}/kwalletrc r, @@ -72,7 +72,7 @@ profile okular @{exec_path} { deny @{PROC}/sys/kernel/random/boot_id r, deny owner @{PROC}/@{pid}/cmdline r, - /dev/shm/#[0-9]*[0-9] rw, + /dev/shm/#@{int} rw, /var/lib/dbus/machine-id r, /etc/machine-id r, @@ -86,8 +86,8 @@ profile okular @{exec_path} { # Print to pdf @{bin}/ps2pdf rPUx, owner /tmp/@{hex} rw, - owner /tmp/#[0-9]*[0-9] rw, - owner /tmp/okular_*.ps rwl -> /tmp/#[0-9]*[0-9], + owner /tmp/#@{int} rw, + owner /tmp/okular_*.ps rwl -> /tmp/#@{int}, # About /usr/share/kf5/licenses/GPL_V2 r, diff --git a/apparmor.d/groups/apps/telegram-desktop b/apparmor.d/groups/apps/telegram-desktop index 69292d575..96260592d 100644 --- a/apparmor.d/groups/apps/telegram-desktop +++ b/apparmor.d/groups/apps/telegram-desktop @@ -51,7 +51,7 @@ profile telegram-desktop @{exec_path} { # Download dir owner @{TELEGRAM_WORK_DIR}/ rw, - owner @{TELEGRAM_WORK_DIR}/** rwkl -> @{TELEGRAM_WORK_DIR}/#[0-9]*[0-9], + owner @{TELEGRAM_WORK_DIR}/** rwkl -> @{TELEGRAM_WORK_DIR}/#@{int}, # Telegram's profile (via telegram -many -workdir ~/some/dir/) #owner @{TELEGRAM_WORK_DIR}/{,**} rw, @@ -62,7 +62,7 @@ profile telegram-desktop @{exec_path} { owner /tmp/@{hex}-* rwk, owner @{run}/user/@{uid}/@{hex}-* rwk, - /dev/shm/#[0-9]*[0-9] rw, + /dev/shm/#@{int} rw, owner @{PROC}/@{pid}/fd/ r, deny owner @{PROC}/@{pid}/cmdline r, diff --git a/apparmor.d/groups/apps/vlc b/apparmor.d/groups/apps/vlc index c80f106f5..44e0b4c95 100644 --- a/apparmor.d/groups/apps/vlc +++ b/apparmor.d/groups/apps/vlc @@ -161,13 +161,13 @@ profile vlc @{exec_path} { owner @{user_cache_dirs}/ rw, owner @{user_cache_dirs}/ rw, - owner @{user_cache_dirs}/#[0-9]*[0-9] rw, + owner @{user_cache_dirs}/#@{int} rw, owner @{user_cache_dirs}/vlc/ rw, owner @{user_cache_dirs}/vlc/{,**} rw, owner @{user_config_dirs}/qt5ct/{,**} r, owner @{user_config_dirs}/vlc/ rw, - owner @{user_config_dirs}/vlc/* rwkl -> @{user_config_dirs}/vlc/#[0-9]*[0-9], + owner @{user_config_dirs}/vlc/* rwkl -> @{user_config_dirs}/vlc/#@{int}, owner @{user_share_dirs}/vlc/{,**} rw, @@ -193,7 +193,7 @@ profile vlc @{exec_path} { audit @{PROC}/sys/kernel/random/boot_id r, audit owner @{PROC}/@{pid}/cmdline r, - /dev/shm/#[0-9]*[0-9] rw, + /dev/shm/#@{int} rw, owner /dev/tty[0-9]* rw, # Silencer diff --git a/apparmor.d/groups/apt/debsecan b/apparmor.d/groups/apt/debsecan index f09a49f8d..96e84736e 100644 --- a/apparmor.d/groups/apt/debsecan +++ b/apparmor.d/groups/apt/debsecan @@ -44,7 +44,7 @@ profile debsecan @{exec_path} { owner @{PROC}/@{pid}/fd/ r, # file_inherit - /tmp/#[0-9]*[0-9] rw, + /tmp/#@{int} rw, include if exists } diff --git a/apparmor.d/groups/apt/dpkg-query b/apparmor.d/groups/apt/dpkg-query index 165114126..ec5fcaf1e 100644 --- a/apparmor.d/groups/apt/dpkg-query +++ b/apparmor.d/groups/apt/dpkg-query @@ -22,7 +22,7 @@ profile dpkg-query @{exec_path} { /var/lib/dpkg/** r, # file_inherit - /tmp/#@{number} rw, + /tmp/#@{int} rw, /dev/tty[0-9]* rw, include if exists diff --git a/apparmor.d/groups/browsers/firefox b/apparmor.d/groups/browsers/firefox index 6a0f0156d..e69934ede 100644 --- a/apparmor.d/groups/browsers/firefox +++ b/apparmor.d/groups/browsers/firefox @@ -190,7 +190,7 @@ profile firefox @{exec_path} flags=(attach_disconnected) { owner @{user_config_dirs}/ r, owner @{user_config_dirs}/gtk-{3,4}.0/assets/*.svg r, owner @{user_config_dirs}/ibus/bus/ r, - owner @{user_config_dirs}/ibus/bus/@{md5}-unix-{,wayland-}@{number} r, + owner @{user_config_dirs}/ibus/bus/@{md5}-unix-{,wayland-}@{int} r, owner @{user_config_dirs}/mimeapps.list{,.*} rw, owner @{user_share_dirs}/ r, diff --git a/apparmor.d/groups/bus/ibus-dconf b/apparmor.d/groups/bus/ibus-dconf index 0d7706ca2..16fc32304 100644 --- a/apparmor.d/groups/bus/ibus-dconf +++ b/apparmor.d/groups/bus/ibus-dconf @@ -34,7 +34,7 @@ profile ibus-dconf @{exec_path} flags=(attach_disconnected) { /etc/dconf/profile/ibus r, /var/lib/gdm{3,}/.config/ibus/bus/ r, - /var/lib/gdm{3,}/.config/ibus/bus/@{md5}-unix-{,wayland-}@{number} r, + /var/lib/gdm{3,}/.config/ibus/bus/@{md5}-unix-{,wayland-}@{int} r, /var/lib/gdm{3,}/.cache/dconf/ w, /var/lib/gdm{3,}/.cache/dconf/user rw, /var/lib/gdm{3,}/.config/dconf/ w, @@ -42,7 +42,7 @@ profile ibus-dconf @{exec_path} flags=(attach_disconnected) { /var/lib/gdm{3,}/greeter-dconf-defaults r, owner @{user_config_dirs}/ibus/bus/ r, - owner @{user_config_dirs}/ibus/bus/@{md5}-unix-{,wayland-}@{number} r, + owner @{user_config_dirs}/ibus/bus/@{md5}-unix-{,wayland-}@{int} r, owner /dev/tty[0-9]* rw, diff --git a/apparmor.d/groups/bus/ibus-engine-simple b/apparmor.d/groups/bus/ibus-engine-simple index 719b77c16..6eade0525 100644 --- a/apparmor.d/groups/bus/ibus-engine-simple +++ b/apparmor.d/groups/bus/ibus-engine-simple @@ -22,7 +22,7 @@ profile ibus-engine-simple @{exec_path} flags=(attach_disconnected) { /var/lib/dbus/machine-id r, /var/lib/gdm{3,}/.config/ibus/bus/ r, - /var/lib/gdm{3,}/.config/ibus/bus/@{md5}-unix-{,wayland-}@{number} r, + /var/lib/gdm{3,}/.config/ibus/bus/@{md5}-unix-{,wayland-}@{int} r, owner /dev/tty[0-9]* rw, diff --git a/apparmor.d/groups/bus/ibus-extension-gtk3 b/apparmor.d/groups/bus/ibus-extension-gtk3 index 10b4bb401..be9c97ddc 100644 --- a/apparmor.d/groups/bus/ibus-extension-gtk3 +++ b/apparmor.d/groups/bus/ibus-extension-gtk3 @@ -76,7 +76,7 @@ profile ibus-extension-gtk3 @{exec_path} flags=(attach_disconnected) { owner @{run}/user/@{uid}/.mutter-Xwaylandauth.@{rand6} r, owner @{run}/user/@{uid}/gdm/Xauthority r, - /var/lib/gdm{3,}/.config/ibus/bus/@{md5}-unix-{,wayland-}@{number} r, + /var/lib/gdm{3,}/.config/ibus/bus/@{md5}-unix-{,wayland-}@{int} r, /var/lib/gdm{3,}/.config/dconf/user r, /var/lib/gdm{3,}/greeter-dconf-defaults r, diff --git a/apparmor.d/groups/bus/ibus-memconf b/apparmor.d/groups/bus/ibus-memconf index 8285b6300..b4a9cecf2 100644 --- a/apparmor.d/groups/bus/ibus-memconf +++ b/apparmor.d/groups/bus/ibus-memconf @@ -17,7 +17,7 @@ profile ibus-memconf @{exec_path} { /etc/machine-id r, /var/lib/gdm{3,}/.config/ibus/bus/ r, - /var/lib/gdm{3,}/.config/ibus/bus/@{md5}-unix-{,wayland-}@{number} r, + /var/lib/gdm{3,}/.config/ibus/bus/@{md5}-unix-{,wayland-}@{int} r, include if exists } diff --git a/apparmor.d/groups/bus/ibus-portal b/apparmor.d/groups/bus/ibus-portal index 065b6952a..4a6e86b55 100644 --- a/apparmor.d/groups/bus/ibus-portal +++ b/apparmor.d/groups/bus/ibus-portal @@ -38,7 +38,7 @@ profile ibus-portal @{exec_path} flags=(attach_disconnected) { /var/lib/dbus/machine-id r, /var/lib/gdm{3,}/.config/ibus/bus/ r, - /var/lib/gdm{3,}/.config/ibus/bus/@{md5}-unix-{,wayland-}@{number} r, + /var/lib/gdm{3,}/.config/ibus/bus/@{md5}-unix-{,wayland-}@{int} r, owner /dev/tty[0-9]* rw, diff --git a/apparmor.d/groups/bus/ibus-x11 b/apparmor.d/groups/bus/ibus-x11 index a8fc59baf..f0440c68b 100644 --- a/apparmor.d/groups/bus/ibus-x11 +++ b/apparmor.d/groups/bus/ibus-x11 @@ -45,11 +45,11 @@ profile ibus-x11 @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, /var/lib/gdm{3,}/.config/ibus/bus/ r, - /var/lib/gdm{3,}/.config/ibus/bus/@{md5}-unix-{,wayland-}@{number} r, + /var/lib/gdm{3,}/.config/ibus/bus/@{md5}-unix-{,wayland-}@{int} r, /var/lib/gdm{3,}/.cache/mesa_shader_cache/index rw, owner @{user_config_dirs}/ibus/bus/ r, - owner @{user_config_dirs}/ibus/bus/@{md5}-unix-{,wayland-}@{number} r, + owner @{user_config_dirs}/ibus/bus/@{md5}-unix-{,wayland-}@{int} r, owner @{run}/user/@{uid}/.mutter-Xwaylandauth.@{rand6} r, owner @{run}/user/@{uid}/gdm/Xauthority r, diff --git a/apparmor.d/groups/children/child-dpkg b/apparmor.d/groups/children/child-dpkg index ae86121b5..e3a251629 100644 --- a/apparmor.d/groups/children/child-dpkg +++ b/apparmor.d/groups/children/child-dpkg @@ -45,7 +45,7 @@ profile child-dpkg { /var/log/dpkg.log ra, # file_inherit - /tmp/#@{number} rw, + /tmp/#@{int} rw, include if exists } diff --git a/apparmor.d/groups/children/child-dpkg-divert b/apparmor.d/groups/children/child-dpkg-divert index 12948535a..ebcc6ae31 100644 --- a/apparmor.d/groups/children/child-dpkg-divert +++ b/apparmor.d/groups/children/child-dpkg-divert @@ -26,7 +26,7 @@ profile child-dpkg-divert { /var/lib/dpkg/diversions r, # file_inherit - /tmp/#@{number} rw, + /tmp/#@{int} rw, include if exists } diff --git a/apparmor.d/groups/cron/cron b/apparmor.d/groups/cron/cron index 04fb6606f..b751d9107 100644 --- a/apparmor.d/groups/cron/cron +++ b/apparmor.d/groups/cron/cron @@ -53,7 +53,7 @@ profile cron @{exec_path} flags=(attach_disconnected) { @{run}/systemd/sessions/*.ref rw, - owner /tmp/#@{number} rw, + owner /tmp/#@{int} rw, owner @{PROC}/@{pid}/uid_map r, owner @{PROC}/@{pid}/loginuid rw, diff --git a/apparmor.d/groups/cron/cron-apt b/apparmor.d/groups/cron/cron-apt index 41f5f9311..e874f15aa 100644 --- a/apparmor.d/groups/cron/cron-apt +++ b/apparmor.d/groups/cron/cron-apt @@ -83,7 +83,7 @@ profile cron-apt @{exec_path} { owner /tmp/cron-apt.*/action{log,error,mail,syslog} rw, # file_inherit - owner /tmp/#[0-9]*[0-9] rw, + owner /tmp/#@{int} rw, include if exists } diff --git a/apparmor.d/groups/cron/cron-popularity-contest b/apparmor.d/groups/cron/cron-popularity-contest index ee488945d..ab56a7cb0 100644 --- a/apparmor.d/groups/cron/cron-popularity-contest +++ b/apparmor.d/groups/cron/cron-popularity-contest @@ -56,7 +56,7 @@ profile cron-popularity-contest @{exec_path} { owner /tmp/tmp.*/random_seed w, # file_inherit - owner /tmp/#[0-9]*[0-9] rw, + owner /tmp/#@{int} rw, profile savelog { @@ -81,7 +81,7 @@ profile cron-popularity-contest @{exec_path} { /var/log/popularity-contest rw, # file_inherit - owner /tmp/#[0-9]*[0-9] rw, + owner /tmp/#@{int} rw, } @@ -105,7 +105,7 @@ profile cron-popularity-contest @{exec_path} { /var/log/popularity-contest.new w, # file_inherit - owner /tmp/#[0-9]*[0-9] rw, + owner /tmp/#@{int} rw, } @@ -125,7 +125,7 @@ profile cron-popularity-contest @{exec_path} { owner /tmp/tmp.*/** rwkl -> /tmp/tmp.*/**, # file_inherit - owner /tmp/#[0-9]*[0-9] rw, + owner /tmp/#@{int} rw, } @@ -150,7 +150,7 @@ profile cron-popularity-contest @{exec_path} { /var/log/popularity-contest.[0-9]*.gpg r, # file_inherit - owner /tmp/#[0-9]*[0-9] rw, + owner /tmp/#@{int} rw, } diff --git a/apparmor.d/groups/freedesktop/polkit-kde-authentication-agent b/apparmor.d/groups/freedesktop/polkit-kde-authentication-agent index 41fb4a401..fa533ceac 100644 --- a/apparmor.d/groups/freedesktop/polkit-kde-authentication-agent +++ b/apparmor.d/groups/freedesktop/polkit-kde-authentication-agent @@ -48,8 +48,8 @@ profile polkit-kde-authentication-agent @{exec_path} { owner @{user_config_dirs}/kwinrc r, owner @{user_config_dirs}/qt5ct/{,**} r, - owner /tmp/#[0-9]*[0-9] rw, - owner /tmp/polkit-kde-authentication-agent-[0-9].* rwl -> /tmp/#[0-9]*[0-9], + owner /tmp/#@{int} rw, + owner /tmp/polkit-kde-authentication-agent-[0-9].* rwl -> /tmp/#@{int}, @{run}/systemd/users/@{uid} r, @@ -58,7 +58,7 @@ profile polkit-kde-authentication-agent @{exec_path} { @{PROC}/@{pid}/fd/ r, @{PROC}/sys/kernel/core_pattern r, - /dev/shm/#[0-9]*[0-9] rw, + /dev/shm/#@{int} rw, include if exists } diff --git a/apparmor.d/groups/freedesktop/xorg b/apparmor.d/groups/freedesktop/xorg index 16f5efae5..6cbcd6530 100644 --- a/apparmor.d/groups/freedesktop/xorg +++ b/apparmor.d/groups/freedesktop/xorg @@ -141,7 +141,7 @@ profile xorg @{exec_path} flags=(attach_disconnected) { /dev/fb[0-9] rw, /dev/input/event[0-9]* rw, - /dev/shm/#@{number} rw, + /dev/shm/#@{int} rw, /dev/shm/shmfd-* rw, /dev/tty rw, /dev/tty[0-9]* rw, diff --git a/apparmor.d/groups/gnome/gnome-control-center b/apparmor.d/groups/gnome/gnome-control-center index 52b9822c9..cb0cd819d 100644 --- a/apparmor.d/groups/gnome/gnome-control-center +++ b/apparmor.d/groups/gnome/gnome-control-center @@ -136,7 +136,7 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) { owner @{user_cache_dirs}/thumbnails/{,**} rw, owner @{user_config_dirs}/gnome-control-center/{,**} rw, owner @{user_config_dirs}/ibus/bus/ r, - owner @{user_config_dirs}/ibus/bus/@{md5}-unix-{,wayland-}@{number} r, + owner @{user_config_dirs}/ibus/bus/@{md5}-unix-{,wayland-}@{int} r, owner @{user_config_dirs}/mimeapps.list* rw, owner @{user_config_dirs}/rygel.conf{,.??????} rw, owner @{user_share_dirs}/backgrounds/{,**} rw, @@ -155,7 +155,7 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) { owner @{run}/user/@{uid}/webkitgtk-wayland-compositor-@{uuid}.lock rwk, owner @{run}/user/@{uid}/webkitgtk/{,**} rw, owner @{run}/user/@{uid}/gvfsd/socket-@{rand8} rw, - owner @{run}/user/@{uid}/wayland-@{number} rw, + owner @{run}/user/@{uid}/wayland-@{int} rw, @{run}/cups/cups.sock rw, @{run}/samba/ rw, @{run}/systemd/sessions/ r, diff --git a/apparmor.d/groups/gnome/gnome-remote-desktop-daemon b/apparmor.d/groups/gnome/gnome-remote-desktop-daemon index a28f8a3a1..46cff0c0b 100644 --- a/apparmor.d/groups/gnome/gnome-remote-desktop-daemon +++ b/apparmor.d/groups/gnome/gnome-remote-desktop-daemon @@ -23,7 +23,7 @@ profile gnome-remote-desktop-daemon @{exec_path} { /usr/share/glib-2.0/schemas/gschemas.compiled r, - owner @{run}/user/@{uid}/wayland-@{number} rw, + owner @{run}/user/@{uid}/wayland-@{int} rw, @{sys}/devices/system/node/ r, @{sys}/devices/system/node/node[0-9]*/meminfo r, diff --git a/apparmor.d/groups/gnome/gnome-shell b/apparmor.d/groups/gnome/gnome-shell index 2bf249d38..201622859 100644 --- a/apparmor.d/groups/gnome/gnome-shell +++ b/apparmor.d/groups/gnome/gnome-shell @@ -527,7 +527,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) { /var/lib/gdm{3,}/.config/dconf/user r, /var/lib/gdm{3,}/.config/ibus/ rw, /var/lib/gdm{3,}/.config/ibus/bus/ rw, - /var/lib/gdm{3,}/.config/ibus/bus/@{md5}-unix-{,wayland-}@{number} r, + /var/lib/gdm{3,}/.config/ibus/bus/@{md5}-unix-{,wayland-}@{int} r, /var/lib/gdm{3,}/.config/pulse/ r, /var/lib/gdm{3,}/.config/pulse/client.conf r, /var/lib/gdm{3,}/.config/pulse/cookie rwk, @@ -581,7 +581,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) { owner @{run}/user/@{uid}/gvfsd/socket-@{rand8} rw, owner @{run}/user/@{uid}/snap.snap*/wayland-cursor-shared-* rw, owner @{run}/user/@{uid}/systemd/notify rw, - owner @{run}/user/@{uid}/wayland-@{number} rwk, + owner @{run}/user/@{uid}/wayland-@{int} rwk, owner /dev/shm/.org.chromium.Chromium.* rw, owner /dev/shm/wayland.mozilla.ipc.[0-9]* rw, diff --git a/apparmor.d/groups/gnome/gnome-software b/apparmor.d/groups/gnome/gnome-software index 254d8c7d2..b15d1bd6f 100644 --- a/apparmor.d/groups/gnome/gnome-software +++ b/apparmor.d/groups/gnome/gnome-software @@ -71,7 +71,7 @@ profile gnome-software @{exec_path} { /var/tmp/flatpak-cache-*/ rw, /var/tmp/flatpak-cache-*/** rwkl, - /var/tmp/#[0-9]* rw, + /var/tmp/#@{int} rw, owner @{HOME}/.var/app/{,**} rw, @@ -86,7 +86,7 @@ profile gnome-software @{exec_path} { owner /tmp/ostree-gpg-*/ rw, owner /tmp/ostree-gpg-*/** rwkl -> /tmp/ostree-gpg-*/**, - owner /tmp/#[0-9]* rw, + owner /tmp/#@{int} rw, owner @{run}/user/@{uid}/.dbus-proxy/ rw, owner @{run}/user/@{uid}/.dbus-proxy/a11y-bus-proxy-[0-9A-Z]* rw, diff --git a/apparmor.d/groups/gnome/gnome-terminal-server b/apparmor.d/groups/gnome/gnome-terminal-server index 257b3fdf7..c4141bd65 100644 --- a/apparmor.d/groups/gnome/gnome-terminal-server +++ b/apparmor.d/groups/gnome/gnome-terminal-server @@ -49,7 +49,7 @@ profile gnome-terminal-server @{exec_path} { owner @{run}/user/@{uid}/gdm/Xauthority r, - owner /tmp/#[0-9]* rw, + owner /tmp/#@{int} rw, @{PROC}/@{pids}/cmdline r, @{PROC}/@{pids}/cgroup r, diff --git a/apparmor.d/groups/gnome/kgx b/apparmor.d/groups/gnome/kgx index 193e7eeea..fae7c2229 100644 --- a/apparmor.d/groups/gnome/kgx +++ b/apparmor.d/groups/gnome/kgx @@ -40,7 +40,7 @@ profile kgx @{exec_path} { /usr/share/themes/{,**} r, /usr/share/X11/xkb/{,**} r, - owner /tmp/#[0-9]* rw, + owner /tmp/#@{int} rw, @{PROC}/ r, @{PROC}/@{pids}/cmdline r, diff --git a/apparmor.d/groups/kde/baloo b/apparmor.d/groups/kde/baloo index 0a7962989..284a26bf4 100644 --- a/apparmor.d/groups/kde/baloo +++ b/apparmor.d/groups/kde/baloo @@ -38,7 +38,7 @@ profile baloo @{exec_path} { owner @{MOUNTS}/{,**} r, owner /tmp/*/{,**} r, - owner @{user_config_dirs}/#@{number} rw, + owner @{user_config_dirs}/#@{int} rw, owner @{user_config_dirs}/baloofilerc rwl, owner @{user_config_dirs}/baloofilerc.lock rwkl, diff --git a/apparmor.d/groups/kde/gmenudbusmenuproxy b/apparmor.d/groups/kde/gmenudbusmenuproxy index e99cb5ecd..b88ed47d3 100644 --- a/apparmor.d/groups/kde/gmenudbusmenuproxy +++ b/apparmor.d/groups/kde/gmenudbusmenuproxy @@ -23,7 +23,7 @@ profile gmenudbusmenuproxy @{exec_path} { /etc/machine-id r, owner @{HOME}/.gtkrc-2.0 rw, - owner @{user_config_dirs}/gtk-{2,3}.0/#[0-9]* rw, + owner @{user_config_dirs}/gtk-{2,3}.0/#@{int} rw, owner @{user_config_dirs}/gtk-{2,3}.0/settings.ini{,.??????} rwl, owner @{user_config_dirs}/gtk-{2,3}.0/settings.ini.lock rwk, diff --git a/apparmor.d/groups/kde/kalendarac b/apparmor.d/groups/kde/kalendarac index 46ef5ccc5..594f025cf 100644 --- a/apparmor.d/groups/kde/kalendarac +++ b/apparmor.d/groups/kde/kalendarac @@ -31,7 +31,7 @@ profile kalendarac @{exec_path} { owner @{user_cache_dirs}/icon-cache.kcache rw, - owner @{user_config_dirs}/#@{number} rw, + owner @{user_config_dirs}/#@{int} rw, owner @{user_config_dirs}/akonadi-firstrunrc r, owner @{user_config_dirs}/akonadi/akonadiconnectionrc r, owner @{user_config_dirs}/emaildefaults r, diff --git a/apparmor.d/groups/kde/kcminit b/apparmor.d/groups/kde/kcminit index 61375cd1c..9ed371c9a 100644 --- a/apparmor.d/groups/kde/kcminit +++ b/apparmor.d/groups/kde/kcminit @@ -27,7 +27,7 @@ profile kcminit @{exec_path} { owner @{HOME}/.Xdefaults r, - owner @{user_config_dirs}/#@{number} rw, + owner @{user_config_dirs}/#@{int} rw, owner @{user_config_dirs}/gtkrc-2.0{,.??????} rwl, owner @{user_config_dirs}/gtkrc{,.??????} rwl, owner @{user_config_dirs}/kcminputrc r, @@ -42,7 +42,7 @@ profile kcminit @{exec_path} { owner @{user_config_dirs}/Trolltech.conf{,.??????} rwl, owner /tmp/kcminit.?????? rwl, - owner /tmp/#[0-9]* rw, + owner /tmp/#@{int} rw, @{run}/user/@{uid}/xauth_* rl, diff --git a/apparmor.d/groups/kde/kconf_update b/apparmor.d/groups/kde/kconf_update index 5e0345f32..522b0b8c1 100644 --- a/apparmor.d/groups/kde/kconf_update +++ b/apparmor.d/groups/kde/kconf_update @@ -32,13 +32,13 @@ profile kconf_update @{exec_path} { /etc/xdg/kdeglobals r, - owner @{user_config_dirs}/#@{number} rw, + owner @{user_config_dirs}/#@{int} rw, owner @{user_config_dirs}/kconf_updaterc r, owner @{user_config_dirs}/kconf_updaterc* rwl, owner @{user_config_dirs}/kdedefaults/kdeglobals r, owner @{user_config_dirs}/kdeglobals* rwl, - owner /tmp/#[0-9]* rw, + owner /tmp/#@{int} rw, owner /tmp/kconf_update.?????? rw, include if exists diff --git a/apparmor.d/groups/kde/kde-powerdevil b/apparmor.d/groups/kde/kde-powerdevil index 723720455..7592ce706 100644 --- a/apparmor.d/groups/kde/kde-powerdevil +++ b/apparmor.d/groups/kde/kde-powerdevil @@ -29,7 +29,7 @@ profile kde-powerdevil @{exec_path} flags=(attach_disconnected) { owner @{user_cache_dirs}/kcrash-metadata/{,*} rw, - owner @{user_config_dirs}/#@{number} rw, + owner @{user_config_dirs}/#@{int} rw, owner @{user_config_dirs}/kdedefaults/kdeglobals r, owner @{user_config_dirs}/kdeglobals r, owner @{user_config_dirs}/powerdevilrc rwl, diff --git a/apparmor.d/groups/kde/kded5 b/apparmor.d/groups/kde/kded5 index ad4d3bfa4..dae61f09a 100644 --- a/apparmor.d/groups/kde/kded5 +++ b/apparmor.d/groups/kde/kded5 @@ -68,7 +68,7 @@ profile kded5 @{exec_path} { owner @{user_cache_dirs}/icon-cache.kcache rw, owner @{user_cache_dirs}/ksycoca5_* r, - owner @{user_config_dirs}/#@{number} rw, + owner @{user_config_dirs}/#@{int} rw, owner @{user_config_dirs}/bluedevilglobalrc rk, owner @{user_config_dirs}/bluedevilglobalrc* rwkl, owner @{user_config_dirs}/gtk-{3,4}.0/{,**} rwl, @@ -95,7 +95,7 @@ profile kded5 @{exec_path} { owner @{user_share_dirs}/kcookiejar/#@{hex}* rw, owner @{user_share_dirs}/kcookiejar/cookies.* rwkl, - owner @{run}/user/@{uid}/#[0-9]* rw, + owner @{run}/user/@{uid}/#@{int} rw, owner @{run}/user/@{uid}/kded5*kioworker.socket rwl, owner /tmp/plasma-csd-generator.??????/{,**} rw, diff --git a/apparmor.d/groups/kde/kglobalaccel5 b/apparmor.d/groups/kde/kglobalaccel5 index d9d0c6c05..323d252da 100644 --- a/apparmor.d/groups/kde/kglobalaccel5 +++ b/apparmor.d/groups/kde/kglobalaccel5 @@ -22,7 +22,7 @@ profile kglobalaccel5 @{exec_path} { /etc/machine-id r, - owner @{user_config_dirs}/#@{number} rw, + owner @{user_config_dirs}/#@{int} rw, owner @{user_config_dirs}/kglobalshortcutsrc* rwl, owner @{user_config_dirs}/kglobalshortcutsrc.lock rwk, diff --git a/apparmor.d/groups/kde/kioslave5 b/apparmor.d/groups/kde/kioslave5 index 7c0bbd7d7..6d1df7ac9 100644 --- a/apparmor.d/groups/kde/kioslave5 +++ b/apparmor.d/groups/kde/kioslave5 @@ -57,7 +57,7 @@ profile kioslave5 @{exec_path} { owner @{user_share_dirs}/baloo/index-lock rwk, owner @{user_share_dirs}/baloo/index rw, - owner @{run}/user/@{uid}/#[0-9]* rw, + owner @{run}/user/@{uid}/#@{int} rw, owner @{run}/user/@{uid}/kio_desktop*kioworker.socket rwl, owner @{run}/user/@{uid}/xauth_* rl, diff --git a/apparmor.d/groups/kde/kscreenlocker-greet b/apparmor.d/groups/kde/kscreenlocker-greet index ac67f910d..8b260dcde 100644 --- a/apparmor.d/groups/kde/kscreenlocker-greet +++ b/apparmor.d/groups/kde/kscreenlocker-greet @@ -72,11 +72,11 @@ profile kscreenlocker-greet @{exec_path} { owner @{user_cache_dirs}/plasma-svgelements-default_v* r, owner @{user_cache_dirs}/plasma-svgelements.lock rwk, owner @{user_cache_dirs}/plasma-svgelements{,.??????} rwl, - owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/@{hex} rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9], - owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw, + owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/@{hex} rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#@{int}, + owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/#@{int} rw, owner @{user_cache_dirs}/qtshadercache/ rw, - owner @{user_cache_dirs}/qtshadercache/@{hex} rwl -> @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9], - owner @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9] rw, + owner @{user_cache_dirs}/qtshadercache/@{hex} rwl -> @{user_cache_dirs}/qtshadercache/#@{int}, + owner @{user_cache_dirs}/qtshadercache/#@{int} rw, owner @{user_config_dirs}/kdedefaults/* r, owner @{user_config_dirs}/kdeglobals r, @@ -85,7 +85,7 @@ profile kscreenlocker-greet @{exec_path} { owner @{user_config_dirs}/plasmarc r, # If one is blocked, the others are probed. - deny owner @{HOME}/#[0-9]*[0-9] mrw, + deny owner @{HOME}/#@{int} mrw, owner @{HOME}/.glvnd* mrw, owner /tmp/*-cover-*.{jpg,png} r, diff --git a/apparmor.d/groups/kde/ksmserver b/apparmor.d/groups/kde/ksmserver index 23c101363..bdb16c943 100644 --- a/apparmor.d/groups/kde/ksmserver +++ b/apparmor.d/groups/kde/ksmserver @@ -47,7 +47,7 @@ profile ksmserver @{exec_path} flags=(attach_disconnected,mediate_deleted) { owner @{HOME}/?????? rw, owner @{HOME}/.Xauthority rw, - owner @{user_cache_dirs}/#[0-9]* rw, + owner @{user_cache_dirs}/#@{int} rw, owner @{user_cache_dirs}/icon-cache.kcache rw, owner @{user_cache_dirs}/fontconfig/*-le64.cache-* r, owner @{user_cache_dirs}/ksycoca5_* rl, @@ -58,7 +58,7 @@ profile ksmserver @{exec_path} flags=(attach_disconnected,mediate_deleted) { owner @{user_config_dirs}/kscreenlockerrc r, owner @{user_config_dirs}/ksmserverrc.?????? rwl, owner @{user_config_dirs}/ksmserverrc r, - owner @{user_config_dirs}/#[0-9]* rw, + owner @{user_config_dirs}/#@{int} rw, owner @{user_config_dirs}/ksmserverrc.lock rwk, owner @{user_config_dirs}/kwinrc r, owner @{user_config_dirs}/session/*_[0-9]*_[0-9]*_[0-9]* rw, diff --git a/apparmor.d/groups/kde/kwalletd5 b/apparmor.d/groups/kde/kwalletd5 index e74af2a86..eb1c16ccc 100644 --- a/apparmor.d/groups/kde/kwalletd5 +++ b/apparmor.d/groups/kde/kwalletd5 @@ -55,9 +55,9 @@ profile kwalletd5 @{exec_path} { owner @{user_share_dirs}/kwalletd/ rw, owner @{user_share_dirs}/kwalletd/kdewallet_attributes.json r, owner @{user_share_dirs}/kwalletd/*.kwl rw, - owner @{user_share_dirs}/kwalletd/*.kwl.* rwl -> @{user_share_dirs}/kwalletd/#[0-9]*[0-9], + owner @{user_share_dirs}/kwalletd/*.kwl.* rwl -> @{user_share_dirs}/kwalletd/#@{int}, owner @{user_share_dirs}/kwalletd/*.salt rw, - owner @{user_share_dirs}/kwalletd/#[0-9]*[0-9] rw, + owner @{user_share_dirs}/kwalletd/#@{int} rw, owner /tmp/kwalletd5.* rw, owner /tmp/runtime-*/xauth_?????? r, @@ -66,7 +66,7 @@ profile kwalletd5 @{exec_path} { owner @{PROC}/@{pid}/cmdline r, owner @{PROC}/@{pid}/fd/ r, - /dev/shm/#[0-9]*[0-9] rw, + /dev/shm/#@{int} rw, profile gpg { include diff --git a/apparmor.d/groups/kde/kwalletmanager5 b/apparmor.d/groups/kde/kwalletmanager5 index b177e3988..1a723f182 100644 --- a/apparmor.d/groups/kde/kwalletmanager5 +++ b/apparmor.d/groups/kde/kwalletmanager5 @@ -37,16 +37,16 @@ profile kwalletmanager5 @{exec_path} { /var/lib/dbus/machine-id r, owner @{user_cache_dirs}/icon-cache.kcache rw, + owner @{user_config_dirs}/#@{int} rw, owner @{user_config_dirs}/qt5ct/{,**} r, - owner @{user_config_dirs}/#@{number} rw, owner @{user_config_dirs}/kwalletmanager5rc rw, - owner @{user_config_dirs}/kwalletmanager5rc.* rwl -> @{user_config_dirs}/#@{number}, + owner @{user_config_dirs}/kwalletmanager5rc.* rwl -> @{user_config_dirs}/#@{int}, owner @{user_config_dirs}/kwalletmanager5rc.lock rwk, owner @{user_config_dirs}/kwalletrc rw, - owner @{user_config_dirs}/kwalletrc.* rwl -> @{user_config_dirs}/#@{number}, + owner @{user_config_dirs}/kwalletrc.* rwl -> @{user_config_dirs}/#@{int}, owner @{user_config_dirs}/kwalletrc.lock rwk, - owner @{user_config_dirs}/session/#[0-9]*[0-9] rw, - owner @{user_config_dirs}/session/kwalletmanager5_* rwl -> @{user_config_dirs}/session/#[0-9]*[0-9], + owner @{user_config_dirs}/session/#@{int} rw, + owner @{user_config_dirs}/session/kwalletmanager5_* rwl -> @{user_config_dirs}/session/#@{int}, owner @{user_config_dirs}/session/kwalletmanager5_*.lock rwk, owner @{user_config_dirs}/kdeglobals r, @@ -60,7 +60,7 @@ profile kwalletmanager5 @{exec_path} { @{PROC}/@{pid}/mounts r, /dev/shm/ r, - /dev/shm/#[0-9]*[0-9] rw, + /dev/shm/#@{int} rw, include if exists } diff --git a/apparmor.d/groups/kde/kwin_x11 b/apparmor.d/groups/kde/kwin_x11 index 7358b6404..ad15ffecc 100644 --- a/apparmor.d/groups/kde/kwin_x11 +++ b/apparmor.d/groups/kde/kwin_x11 @@ -46,7 +46,7 @@ profile kwin_x11 @{exec_path} { owner @{HOME}/.Xauthority r, owner @{user_cache_dirs}/ r, - owner @{user_cache_dirs}/#[0-9]* rw, + owner @{user_cache_dirs}/#@{int} rw, owner @{user_cache_dirs}/icon-cache.kcache rw, owner @{user_cache_dirs}/kcrash-metadata/*.ini rw, owner @{user_cache_dirs}/kwin/{,**} rwl, @@ -55,9 +55,9 @@ profile kwin_x11 @{exec_path} { owner @{user_cache_dirs}/plasma-svgelements.lock rwk, owner @{user_cache_dirs}/plasma-svgelements{,.??????} rwl, owner @{user_cache_dirs}/qtshadercache-*/@{hex} r, - owner @{user_cache_dirs}/session/#[0-9]* rw, + owner @{user_cache_dirs}/session/#@{int} rw, - owner @{user_config_dirs}/#@{number} rw, + owner @{user_config_dirs}/#@{int} rw, owner @{user_config_dirs}/kcminputrc r, owner @{user_config_dirs}/kdedefaults/* r, owner @{user_config_dirs}/kdeglobals r, @@ -68,7 +68,7 @@ profile kwin_x11 @{exec_path} { owner @{user_config_dirs}/session/kwin_* rwk, owner @{user_config_dirs}/plasmarc r, - owner /tmp/#[0-9]* rw, + owner /tmp/#@{int} rw, owner /tmp/kwin.?????? rwl, owner @{run}/user/@{uid}/kcrash_[0-9]* rw, diff --git a/apparmor.d/groups/kde/plasma-discover b/apparmor.d/groups/kde/plasma-discover index 143a833fd..a453775c1 100644 --- a/apparmor.d/groups/kde/plasma-discover +++ b/apparmor.d/groups/kde/plasma-discover @@ -44,7 +44,7 @@ profile plasma-discover @{exec_path} { /var/tmp/flatpak-cache-*/ rw, /var/tmp/flatpak-cache-*/** rwkl, - /var/tmp/#[0-9]* rw, + /var/tmp/#@{int} rw, /var/cache/swcatalog/ rw, @@ -56,7 +56,7 @@ profile plasma-discover @{exec_path} { owner @{user_cache_dirs}/appstream/ r, owner @{user_config_dirs}/ r, - owner @{user_config_dirs}/#[0-9]* rwl, + owner @{user_config_dirs}/#@{int} rwl, owner @{user_config_dirs}/discoverrc rwl, owner @{user_config_dirs}/discoverrc.lock rwk, owner @{user_config_dirs}/kde.org/{,**} rwlk, diff --git a/apparmor.d/groups/kde/plasmashell b/apparmor.d/groups/kde/plasmashell index 87e7754c0..e3462f963 100644 --- a/apparmor.d/groups/kde/plasmashell +++ b/apparmor.d/groups/kde/plasmashell @@ -91,7 +91,7 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) { owner @{user_templates_dirs}/ r, owner @{user_cache_dirs}/ r, - owner @{user_cache_dirs}/#[0-9]* rwk, + owner @{user_cache_dirs}/#@{int} rwk, owner @{user_cache_dirs}/event-sound-cache.tdb.@{md5}.x86_64-pc-linux-gnu rwk, owner @{user_cache_dirs}/icon-cache.kcache rw, owner @{user_cache_dirs}/ksycoca5_* rl, @@ -102,8 +102,8 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) { owner @{user_cache_dirs}/plasma-svgelements* rwl, owner @{user_cache_dirs}/plasmashell/qmlcache/{,**} rwl, + owner @{user_config_dirs}/#@{int} rwk, owner @{user_config_dirs}/*kde*.desktop* r, - owner @{user_config_dirs}/#@{number} rwk, owner @{user_config_dirs}/akonadi-firstrunrc r, owner @{user_config_dirs}/akonadi/akonadiconnectionrc r, owner @{user_config_dirs}/baloofilerc r, @@ -128,7 +128,7 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) { owner @{user_config_dirs}/pulse/cookie rwk, owner @{user_config_dirs}/trashrc r, - owner @{user_share_dirs}/#[0-9]* rw, + owner @{user_share_dirs}/#@{int} rw, owner @{user_share_dirs}/akonadi/search_db/{,**} r, owner @{user_share_dirs}/kactivitymanagerd/resources/database rk, owner @{user_share_dirs}/kactivitymanagerd/resources/database-shm rwk, @@ -145,7 +145,7 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) { owner @{user_share_dirs}/plasma/plasmoids/{,**} r, owner @{user_share_dirs}/user-places.xbel r, - owner @{run}/user/@{uid}/#[0-9]* rw, + owner @{run}/user/@{uid}/#@{int} rw, owner @{run}/user/@{uid}/kdesud_:1 w, owner @{run}/user/@{uid}/plasmashell??????.[0-9].kioworker.socket rwl, owner @{run}/user/@{uid}/gvfs/ r, diff --git a/apparmor.d/groups/kde/sddm b/apparmor.d/groups/kde/sddm index 299276135..0b19800ff 100644 --- a/apparmor.d/groups/kde/sddm +++ b/apparmor.d/groups/kde/sddm @@ -123,7 +123,7 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) { /tmp/sddm-* rw, owner /tmp/*/{,s} rw, - owner /tmp/#[0-9]* rw, + owner /tmp/#@{int} rw, owner /tmp/sddm-auth* rw, owner /tmp/xauth_?????? rw, @@ -134,7 +134,7 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) { @{run}/systemd/sessions/*.ref rw, @{run}/user/@{uid}/xauth_?????? rwl, owner @{run}/sddm/ rw, - owner @{run}/user/@{uid}/#[0-9]* rw, + owner @{run}/user/@{uid}/#@{int} rw, owner @{run}/user/@{uid}/kwallet5.socket rw, @{PROC}/ r, diff --git a/apparmor.d/groups/kde/sddm-greeter b/apparmor.d/groups/kde/sddm-greeter index 80cb20b73..a25bfce78 100644 --- a/apparmor.d/groups/kde/sddm-greeter +++ b/apparmor.d/groups/kde/sddm-greeter @@ -48,7 +48,7 @@ profile sddm-greeter @{exec_path} { /var/lib/dbus/machine-id r, owner /var/lib/sddm/** rw, - owner /var/lib/sddm/#[0-9]*[0-9] mrw, + owner /var/lib/sddm/#@{int} mrw, owner /var/lib/sddm/.cache/** mrwkl -> /var/lib/sddm/.cache/**, /var/lib/sddm/state.conf r, @@ -64,7 +64,7 @@ profile sddm-greeter @{exec_path} { owner @{user_config_dirs}/qt5ct/{,**} r, # If one is blocked, the others are probed. - deny owner @{HOME}/#[0-9]*[0-9] mrw, + deny owner @{HOME}/#@{int} mrw, owner @{HOME}/.glvnd* mrw, owner /tmp/runtime-sddm/ rw, diff --git a/apparmor.d/groups/kde/startplasma-x11 b/apparmor.d/groups/kde/startplasma-x11 index 3cf933336..97fb992ec 100644 --- a/apparmor.d/groups/kde/startplasma-x11 +++ b/apparmor.d/groups/kde/startplasma-x11 @@ -37,12 +37,12 @@ profile startplasma-x11 @{exec_path} { owner @{HOME}/.Xauthority r, owner @{user_cache_dirs}/ rw, - owner @{user_cache_dirs}/#[0-9]* rw, + owner @{user_cache_dirs}/#@{int} rw, owner @{user_cache_dirs}/kcrash-metadata/ rw, owner @{user_cache_dirs}/ksycoca5_* rwkl, owner @{user_cache_dirs}/plasma-svgelements rw, - owner @{user_config_dirs}/#@{number} rw, + owner @{user_config_dirs}/#@{int} rw, owner @{user_config_dirs}/gtkrc rl, owner @{user_config_dirs}/gtkrc-2.0 rl, owner @{user_config_dirs}/kcminputrc r, @@ -62,7 +62,7 @@ profile startplasma-x11 @{exec_path} { owner @{user_share_dirs}/sddm/xorg-session.log rw, - owner /tmp/#[0-9][0-9] rw, + owner /tmp/#@{int} rw, owner /tmp/startplasma-x11.?????? rwl, @{run}/user/@{uid}/xauth_* rl, diff --git a/apparmor.d/groups/systemd/journalctl b/apparmor.d/groups/systemd/journalctl index acc28048c..a655d6501 100644 --- a/apparmor.d/groups/systemd/journalctl +++ b/apparmor.d/groups/systemd/journalctl @@ -40,7 +40,7 @@ profile journalctl @{exec_path} flags=(attach_disconnected) { /{run,var}/log/journal/@{md5}/user-@{hex}.journal* rw, owner /{run,var}/log/journal/@{md5}/fss wl -> /var/log/journal/@{md5}/fss.tmp.*, owner /{run,var}/log/journal/@{md5}/fss.tmp.* rw, - owner /var/tmp/#[0-9]* rw, + owner /var/tmp/#@{int} rw, @{run}/host/container-manager r, @{run}/systemd/journal/io.systemd.journal rw, diff --git a/apparmor.d/groups/ubuntu/update-notifier b/apparmor.d/groups/ubuntu/update-notifier index 8827c23e4..39d97c160 100644 --- a/apparmor.d/groups/ubuntu/update-notifier +++ b/apparmor.d/groups/ubuntu/update-notifier @@ -72,7 +72,7 @@ profile update-notifier @{exec_path} { owner @{run}/user/@{uid}/bus rw, owner @{run}/user/@{uid}/update-notifier.pid rwk, - owner /tmp/#[0-9]* rw, + owner /tmp/#@{int} rw, owner @{PROC}/@{pid}/fd/ r, @{PROC}/@{pids}/mountinfo r, diff --git a/apparmor.d/profiles-a-f/anki b/apparmor.d/profiles-a-f/anki index 32b085032..ebb3c954b 100644 --- a/apparmor.d/profiles-a-f/anki +++ b/apparmor.d/profiles-a-f/anki @@ -54,10 +54,10 @@ profile anki @{exec_path} { owner @{HOME}/ r, owner @{user_cache_dirs}/ rw, owner @{user_cache_dirs}/qtshadercache/ rw, - owner @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9] rw, - owner @{user_cache_dirs}/qtshadercache/@{hex} rwl -> @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9], - owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw, - owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/@{hex} rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9], + owner @{user_cache_dirs}/qtshadercache/#@{int} rw, + owner @{user_cache_dirs}/qtshadercache/@{hex} rwl -> @{user_cache_dirs}/qtshadercache/#@{int}, + owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/#@{int} rw, + owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/@{hex} rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#@{int}, /usr/share/anki/{,**} r, @@ -81,9 +81,9 @@ profile anki @{exec_path} { owner @{HOME}/.pki/nssdb/{cert9,key4}.db-journal rw, # If one is blocked, the others are probed. - deny owner @{HOME}/#[0-9]*[0-9] mrw, + deny owner @{HOME}/#@{int} mrw, owner @{HOME}/.glvnd* mrw, - # owner /tmp/#[0-9]*[0-9] mrw, + # owner /tmp/#@{int} mrw, # owner /tmp/.glvnd* mrw, # The /proc/ dir is needed to avoid the following error: @@ -118,7 +118,7 @@ profile anki @{exec_path} { owner /tmp/mozilla_*/*.apkg r, owner /dev/shm/.org.chromium.Chromium.* rw, - /dev/shm/#[0-9]*[0-9] rw, + /dev/shm/#@{int} rw, @{sys}/devices/pci[0-9]*/**/irq r, @{sys}/devices/pci[0-9]*/**/{vendor,device} r, diff --git a/apparmor.d/profiles-a-f/birdtray b/apparmor.d/profiles-a-f/birdtray index e877660ae..d24940283 100644 --- a/apparmor.d/profiles-a-f/birdtray +++ b/apparmor.d/profiles-a-f/birdtray @@ -37,8 +37,8 @@ profile birdtray @{exec_path} { owner @{user_config_dirs}/ulduzsoft/ rw, owner @{user_config_dirs}/ulduzsoft/* rwkl -> /home/morfik/.config/ulduzsoft/*, - owner @{user_config_dirs}/birdtray-config.json rwl -> @{user_config_dirs}/#@{number}, - owner @{user_config_dirs}/birdtray-config.json.* rwl -> @{user_config_dirs}/#@{number}, + owner @{user_config_dirs}/birdtray-config.json rwl -> @{user_config_dirs}/#@{int}, + owner @{user_config_dirs}/birdtray-config.json.* rwl -> @{user_config_dirs}/#@{int}, owner /tmp/birdtray.ulduzsoft.single.instance.server.socket w, @@ -56,7 +56,7 @@ profile birdtray @{exec_path} { /usr/share/hwdata/pnp.ids r, - /dev/shm/#[0-9]*[0-9] rw, + /dev/shm/#@{int} rw, deny @{PROC}/sys/kernel/random/boot_id r, deny owner @{PROC}/@{pid}/cmdline r, diff --git a/apparmor.d/profiles-a-f/conky b/apparmor.d/profiles-a-f/conky index 4fbaba97b..9ea58f414 100644 --- a/apparmor.d/profiles-a-f/conky +++ b/apparmor.d/profiles-a-f/conky @@ -124,7 +124,7 @@ profile conky @{exec_path} { # Xserver auth cookie for clients owner @{HOME}/.Xauthority r, - /dev/shm/#[0-9]*[0-9] rw, + /dev/shm/#@{int} rw, # Temperatures and Fans @{bin}/sensors rPUx, diff --git a/apparmor.d/profiles-a-f/exim4 b/apparmor.d/profiles-a-f/exim4 index b85920b00..764c871c8 100644 --- a/apparmor.d/profiles-a-f/exim4 +++ b/apparmor.d/profiles-a-f/exim4 @@ -71,7 +71,7 @@ profile exim4 @{exec_path} { owner @{run}/dbus/system_bus_socket rw, # file_inherit - /tmp/#[0-9]*[0-9] rw, + /tmp/#@{int} rw, /var/lib/dpkg/status r, /var/log/cron-apt/lastfullmessage r, diff --git a/apparmor.d/profiles-a-f/flatpak-system-helper b/apparmor.d/profiles-a-f/flatpak-system-helper index 3d342ce95..87cd64a01 100644 --- a/apparmor.d/profiles-a-f/flatpak-system-helper +++ b/apparmor.d/profiles-a-f/flatpak-system-helper @@ -41,7 +41,7 @@ profile flatpak-system-helper @{exec_path} { /var/lib/flatpak/{,**} rwkl, /var/tmp/flatpak-cache-*/{,**} rw, - owner /{var/,}tmp/#[0-9]* rw, + owner /{var/,}tmp/#@{int} rw, owner /{var/,}tmp/ostree-gpg-*/ rw, owner /tmp/ostree-gpg-*/** rwkl -> /tmp/ostree-gpg-*/**, @@ -66,4 +66,4 @@ profile flatpak-system-helper @{exec_path} { } include if exists -} \ No newline at end of file +} diff --git a/apparmor.d/profiles-g-l/hardinfo b/apparmor.d/profiles-g-l/hardinfo index 360eb1ad5..adc91951d 100644 --- a/apparmor.d/profiles-g-l/hardinfo +++ b/apparmor.d/profiles-g-l/hardinfo @@ -109,7 +109,7 @@ profile hardinfo @{exec_path} { owner @{HOME}/.hardinfo/ rw, - owner /tmp/#[0-9]*[0-9] rw, + owner /tmp/#@{int} rw, # Allowed apps to open @{lib}/firefox/firefox rPUx, diff --git a/apparmor.d/profiles-g-l/ioping b/apparmor.d/profiles-g-l/ioping index 112046b40..4c6367f96 100644 --- a/apparmor.d/profiles-g-l/ioping +++ b/apparmor.d/profiles-g-l/ioping @@ -23,9 +23,9 @@ profile ioping @{exec_path} { # case of files, this write operation can damage files, so we allow only to read the files. When # pinging dirs, a file similar to "#1573619" is created in that dir, so it's allowed as well. / rw, - /#[0-9]*[0-9] rw, + /#@{int} rw, /**/ rw, - /**/#[0-9]*[0-9] rw, + /**/#@{int} rw, # Allow pinging files, but without write operation. Like in the case of dirs, when pinging dirs # there's also created the file similar to "#1573619" . diff --git a/apparmor.d/profiles-g-l/jmtpfs b/apparmor.d/profiles-g-l/jmtpfs index 3de4f8ea7..2b52492ff 100644 --- a/apparmor.d/profiles-g-l/jmtpfs +++ b/apparmor.d/profiles-g-l/jmtpfs @@ -18,7 +18,7 @@ profile jmtpfs @{exec_path} { @{bin}/fusermount{,3} rCx -> fusermount, owner /tmp/tmp* rw, - owner /tmp/#[0-9]* rw, + owner /tmp/#@{int} rw, # Mount points owner @{HOME}/*/ r, diff --git a/apparmor.d/profiles-g-l/kanyremote b/apparmor.d/profiles-g-l/kanyremote index 1e73b4a49..9a083c81e 100644 --- a/apparmor.d/profiles-g-l/kanyremote +++ b/apparmor.d/profiles-g-l/kanyremote @@ -67,7 +67,7 @@ profile kanyremote @{exec_path} { deny owner @{PROC}/@{pid}/cmdline r, deny @{PROC}/sys/kernel/random/boot_id r, - /dev/shm/#[0-9]*[0-9] rw, + /dev/shm/#@{int} rw, /usr/share/hwdata/pnp.ids r, diff --git a/apparmor.d/profiles-g-l/keepassxc b/apparmor.d/profiles-g-l/keepassxc index 09667bf1b..3d237cd9d 100644 --- a/apparmor.d/profiles-g-l/keepassxc +++ b/apparmor.d/profiles-g-l/keepassxc @@ -65,18 +65,18 @@ profile keepassxc @{exec_path} { # Database locations owner @{user_cache_dirs}/keepassxc/ rw, - owner @{user_cache_dirs}/keepassxc/* rwkl -> @{user_cache_dirs}/keepassxc/#[0-9]*[0-9], + owner @{user_cache_dirs}/keepassxc/* rwkl -> @{user_cache_dirs}/keepassxc/#@{int}, owner @{user_config_dirs}/keepassxc/ rw, - owner @{user_config_dirs}/keepassxc/* rwkl -> @{user_config_dirs}/keepassxc/#[0-9]*[0-9], + owner @{user_config_dirs}/keepassxc/* rwkl -> @{user_config_dirs}/keepassxc/#@{int}, owner @{user_password_store_dirs}/ r, owner @{user_password_store_dirs}/*.csv rw, - owner @{user_password_store_dirs}/*.kdbx* rwl -> @{KP_DB}/#[0-9]*[0-9], - owner @{user_password_store_dirs}/#[0-9]*[0-9] rw, + owner @{user_password_store_dirs}/*.kdbx* rwl -> @{KP_DB}/#@{int}, + owner @{user_password_store_dirs}/#@{int} rw, owner /tmp/.[a-zA-Z]*/{,s} rw, - owner /tmp/*.*.gpgkey rwl -> /tmp/#[0-9]*[0-9], - owner /tmp/*.*.settings rwl -> /tmp/#[0-9]*[0-9], - owner /tmp/#[0-9]*[0-9] rw, + owner /tmp/*.*.gpgkey rwl -> /tmp/#@{int}, + owner /tmp/*.*.settings rwl -> /tmp/#@{int}, + owner /tmp/#@{int} rw, owner /tmp/keepassxc-*.lock{,.rmlock} rwk, owner /tmp/keepassxc-*.socket rw, owner /tmp/keepassxc.lock rw, @@ -97,7 +97,7 @@ profile keepassxc @{exec_path} { owner @{run}/user/@{uid}/org.keepassxc.KeePassXC.BrowserServer w, owner @{run}/user/@{uid}/org.keepassxc.KeePassXC/ w, - /dev/shm/#[0-9]*[0-9] rw, + /dev/shm/#@{int} rw, /dev/tty rw, /dev/urandom rw, owner /dev/tty[0-9]* rw, diff --git a/apparmor.d/profiles-m-r/megasync b/apparmor.d/profiles-m-r/megasync index f946bddc3..e00f278b0 100644 --- a/apparmor.d/profiles-m-r/megasync +++ b/apparmor.d/profiles-m-r/megasync @@ -44,7 +44,7 @@ profile megasync @{exec_path} { # Megasync home files owner @{HOME}/ r, owner "@{user_share_dirs}/data/Mega Limited/" rw, - owner "@{user_share_dirs}/data/Mega Limited/**" rwkl -> "@{user_share_dirs}/data/Mega Limited/MEGAsync/#[0-9]*[0-9]", + owner "@{user_share_dirs}/data/Mega Limited/**" rwkl -> "@{user_share_dirs}/data/Mega Limited/MEGAsync/#@{int}", # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration owner @{user_config_dirs}/qt5ct/{,**} r, @@ -65,10 +65,10 @@ profile megasync @{exec_path} { /etc/fstab r, # Autostart - owner @{user_config_dirs}/autostart/#[0-9]*[0-9] rw, - owner @{user_config_dirs}/autostart/megasync.desktop rwl -> @{user_config_dirs}/autostart/#[0-9]*[0-9], + owner @{user_config_dirs}/autostart/#@{int} rw, + owner @{user_config_dirs}/autostart/megasync.desktop rwl -> @{user_config_dirs}/autostart/#@{int}, - /dev/shm/#[0-9]*[0-9] rw, + /dev/shm/#@{int} rw, /etc/machine-id r, /var/lib/dbus/machine-id r, diff --git a/apparmor.d/profiles-m-r/minitube b/apparmor.d/profiles-m-r/minitube index e1eba50a0..0e290fd3c 100644 --- a/apparmor.d/profiles-m-r/minitube +++ b/apparmor.d/profiles-m-r/minitube @@ -35,7 +35,7 @@ profile minitube @{exec_path} { # Minitube home files owner "@{user_config_dirs}/Flavio Tordini/" rw, - owner "@{user_config_dirs}/Flavio Tordini/*" rwkl -> "@{user_config_dirs}/Flavio Tordini/#[0-9]*[0-9]", + owner "@{user_config_dirs}/Flavio Tordini/*" rwkl -> "@{user_config_dirs}/Flavio Tordini/#@{int}", owner "@{user_share_dirs}/Flavio Tordini/" rw, owner "@{user_share_dirs}/Flavio Tordini/Minitube/" rw, owner "@{user_share_dirs}/Flavio Tordini/Minitube/*" rwk, @@ -47,9 +47,9 @@ profile minitube @{exec_path} { /usr/share/minitube/{,**} r, # If one is blocked, the others are probed. - deny owner @{HOME}/#[0-9]*[0-9] mrw, + deny owner @{HOME}/#@{int} mrw, owner @{HOME}/.glvnd* mrw, - # owner /tmp/#[0-9]*[0-9] mrw, + # owner /tmp/#@{int} mrw, # owner /tmp/.glvnd* mrw, # Cache @@ -59,17 +59,17 @@ profile minitube @{exec_path} { owner "@{user_cache_dirs}/Flavio Tordini/Minitube/**" rwl -> "@{user_cache_dirs}/Flavio Tordini/Minitube/**", owner @{user_cache_dirs}/qtshadercache/ rw, - owner @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9] rw, - owner @{user_cache_dirs}/qtshadercache/@{hex} rwl -> @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9], - owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw, - owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/@{hex} rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9], + owner @{user_cache_dirs}/qtshadercache/#@{int} rw, + owner @{user_cache_dirs}/qtshadercache/@{hex} rwl -> @{user_cache_dirs}/qtshadercache/#@{int}, + owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/#@{int} rw, + owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/@{hex} rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#@{int}, # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration owner @{user_config_dirs}/qt5ct/{,**} r, /usr/share/qt5ct/** r, deny /dev/ r, - /dev/shm/#[0-9]*[0-9] rw, + /dev/shm/#@{int} rw, /etc/vdpau_wrapper.cfg r, diff --git a/apparmor.d/profiles-m-r/mkvtoolnix-gui b/apparmor.d/profiles-m-r/mkvtoolnix-gui index 9d4abdbfa..51d71c50e 100644 --- a/apparmor.d/profiles-m-r/mkvtoolnix-gui +++ b/apparmor.d/profiles-m-r/mkvtoolnix-gui @@ -43,7 +43,7 @@ profile mkvtoolnix-gui @{exec_path} { owner @{user_config_dirs}/bunkus.org/ rw, owner @{user_config_dirs}/bunkus.org/mkvtoolnix-gui/ rw, - owner @{user_config_dirs}/bunkus.org/mkvtoolnix-gui/** rwkl -> @{user_config_dirs}/bunkus.org/mkvtoolnix-gui/#[0-9]*[0-9], + owner @{user_config_dirs}/bunkus.org/mkvtoolnix-gui/** rwkl -> @{user_config_dirs}/bunkus.org/mkvtoolnix-gui/#@{int}, owner @{user_cache_dirs}/ rw, owner @{user_cache_dirs}/bunkus.org/ rw, @@ -53,12 +53,12 @@ profile mkvtoolnix-gui @{exec_path} { owner @{user_config_dirs}/qt5ct/{,**} r, - owner /tmp/#[0-9]*[0-9] rw, - owner /tmp/MKVToolNix-GUI-MuxConfig-* rwl -> /tmp/#[0-9]*[0-9], - owner /tmp/MKVToolNix-process-*.json rwl -> /tmp/#[0-9]*[0-9], - owner /tmp/MKVToolNix-GUI-MuxJob-*.json rwl -> /tmp/#[0-9]*[0-9], + owner /tmp/#@{int} rw, + owner /tmp/MKVToolNix-GUI-MuxConfig-* rwl -> /tmp/#@{int}, + owner /tmp/MKVToolNix-process-*.json rwl -> /tmp/#@{int}, + owner /tmp/MKVToolNix-GUI-MuxJob-*.json rwl -> /tmp/#@{int}, owner /tmp/MKVToolNix-GUI-Instance-Communicator-* rw, - owner /dev/shm/#[0-9]*[0-9] rw, + owner /dev/shm/#@{int} rw, deny owner @{PROC}/@{pid}/cmdline r, deny @{PROC}/sys/kernel/random/boot_id r, diff --git a/apparmor.d/profiles-m-r/mumble b/apparmor.d/profiles-m-r/mumble index d27821f60..b417b073b 100644 --- a/apparmor.d/profiles-m-r/mumble +++ b/apparmor.d/profiles-m-r/mumble @@ -40,7 +40,7 @@ profile mumble @{exec_path} { # Mumble home files owner @{HOME}/ r, owner @{user_config_dirs}/Mumble/ rw, - owner @{user_config_dirs}/Mumble/** rwkl -> @{user_config_dirs}/Mumble/#[0-9]*[0-9], + owner @{user_config_dirs}/Mumble/** rwkl -> @{user_config_dirs}/Mumble/#@{int}, owner @{user_share_dirs}/Mumble/ rw, owner @{user_share_dirs}/Mumble/** rwk, owner @{HOME}/.MumbleOverlayPipe rw, @@ -51,8 +51,8 @@ profile mumble @{exec_path} { /etc/machine-id r, /var/lib/dbus/machine-id r, - /dev/shm/MumbleLink.[0-9]*[0-9] rw, - /dev/shm/#[0-9]*[0-9] rw, + /dev/shm/MumbleLink.@{int} rw, + /dev/shm/#@{int} rw, owner @{run}/user/@{uid}/MumbleSocket rw, owner @{run}/user/@{uid}/MumbleOverlayPipe rw, diff --git a/apparmor.d/profiles-m-r/pinentry-qt b/apparmor.d/profiles-m-r/pinentry-qt index 79e12aaab..2ee465d63 100644 --- a/apparmor.d/profiles-m-r/pinentry-qt +++ b/apparmor.d/profiles-m-r/pinentry-qt @@ -27,12 +27,12 @@ profile pinentry-qt @{exec_path} { owner @{user_config_dirs}/qt5ct/{,**} r, /usr/share/qt5ct/** r, - owner @{user_cache_dirs}/#[0-9]*[0-9] rw, + owner @{user_cache_dirs}/#@{int} rw, /var/lib/dbus/machine-id r, /etc/machine-id r, - /dev/shm/#[0-9]*[0-9] rw, + /dev/shm/#@{int} rw, /usr/share/hwdata/pnp.ids r, diff --git a/apparmor.d/profiles-m-r/plocate-build b/apparmor.d/profiles-m-r/plocate-build index b13c77047..6a6fbda69 100644 --- a/apparmor.d/profiles-m-r/plocate-build +++ b/apparmor.d/profiles-m-r/plocate-build @@ -14,8 +14,8 @@ profile plocate-build @{exec_path} { /var/lib/mlocate/mlocate.db r, - /var/lib/mlocate/#[0-9]* rw, - /var/lib/mlocate/plocate.db rwl -> /var/lib/mlocate/#[0-9]*, + /var/lib/mlocate/#@{int} rw, + /var/lib/mlocate/plocate.db rwl -> /var/lib/mlocate/#@{int}, include if exists } diff --git a/apparmor.d/profiles-m-r/popularity-contest b/apparmor.d/profiles-m-r/popularity-contest index e1671f2b2..b47ae3b30 100644 --- a/apparmor.d/profiles-m-r/popularity-contest +++ b/apparmor.d/profiles-m-r/popularity-contest @@ -54,7 +54,7 @@ profile popularity-contest @{exec_path} { /var/lib/ r, # file_inherit - /tmp/#[0-9]*[0-9] rw, + /tmp/#@{int} rw, /var/log/popularity-contest.[0-9]* w, include if exists diff --git a/apparmor.d/profiles-m-r/psi b/apparmor.d/profiles-m-r/psi index c385bbb9b..266d10d68 100644 --- a/apparmor.d/profiles-m-r/psi +++ b/apparmor.d/profiles-m-r/psi @@ -56,17 +56,17 @@ profile psi @{exec_path} { owner @{HOME}/ r, owner @{user_cache_dirs}/ rw, - owner @{user_cache_dirs}/#[0-9]*[0-9] rw, + owner @{user_cache_dirs}/#@{int} rw, owner @{user_cache_dirs}/psi/{,**} rw, owner @{user_config_dirs}/autostart/psi.desktop rw, owner @{user_config_dirs}/psi/ rw, - owner @{user_config_dirs}/psi/** rwkl -> @{user_config_dirs}/psi/#[0-9]*[0-9], + owner @{user_config_dirs}/psi/** rwkl -> @{user_config_dirs}/psi/#@{int}, owner @{user_config_dirs}/qt5ct/{,**} r, owner @{user_share_dirs}/psi/ rw, owner @{user_share_dirs}/psi/** rwk, - owner /tmp/#[0-9]*[0-9] rw, - owner /tmp/Psi.* rwl -> /tmp/#[0-9]*[0-9], + owner /tmp/#@{int} rw, + owner /tmp/Psi.* rwl -> /tmp/#@{int}, @{run}/systemd/inhibit/[0-9]*.ref rw, @@ -75,7 +75,7 @@ profile psi @{exec_path} { deny @{PROC}/sys/kernel/random/boot_id r, deny owner @{PROC}/@{pid}/cmdline r, - /dev/shm/#[0-9]*[0-9] rw, + /dev/shm/#@{int} rw, # file_inherit owner /dev/tty[0-9]* rw, diff --git a/apparmor.d/profiles-m-r/psi-plus b/apparmor.d/profiles-m-r/psi-plus index 6eac17223..57761905f 100644 --- a/apparmor.d/profiles-m-r/psi-plus +++ b/apparmor.d/profiles-m-r/psi-plus @@ -54,17 +54,17 @@ profile psi-plus @{exec_path} { owner @{HOME}/ r, owner @{user_cache_dirs}/ rw, - owner @{user_cache_dirs}/#[0-9]*[0-9] rw, + owner @{user_cache_dirs}/#@{int} rw, owner @{user_cache_dirs}/psi+/{,**} rw, owner @{user_config_dirs}/autostart/psi-plus.desktop rw, owner @{user_config_dirs}/psi+/ rw, - owner @{user_config_dirs}/psi+/** rwkl -> @{user_config_dirs}/psi+/#[0-9]*[0-9], + owner @{user_config_dirs}/psi+/** rwkl -> @{user_config_dirs}/psi+/#@{int}, owner @{user_config_dirs}/qt5ct/{,**} r, owner @{user_share_dirs}/psi+/ rw, owner @{user_share_dirs}/psi+/** rwk, - owner /tmp/#[0-9]*[0-9] rw, - owner /tmp/Psi+.* rwl -> /tmp/#[0-9]*[0-9], + owner /tmp/#@{int} rw, + owner /tmp/Psi+.* rwl -> /tmp/#@{int}, owner /var/tmp/etilqs_@{hex} rw, @{run}/systemd/inhibit/[0-9]*.ref rw, @@ -74,7 +74,7 @@ profile psi-plus @{exec_path} { deny @{PROC}/sys/kernel/random/boot_id r, deny owner @{PROC}/@{pid}/cmdline r, - /dev/shm/#[0-9]*[0-9] rw, + /dev/shm/#@{int} rw, # file_inherit owner /dev/tty[0-9]* rw, diff --git a/apparmor.d/profiles-m-r/qbittorrent b/apparmor.d/profiles-m-r/qbittorrent index 6a2829d00..f8907ed54 100644 --- a/apparmor.d/profiles-m-r/qbittorrent +++ b/apparmor.d/profiles-m-r/qbittorrent @@ -115,16 +115,16 @@ profile qbittorrent @{exec_path} { # Qbittorrent home dirs owner @{user_config_dirs}/qBittorrent/ rw, - owner @{user_config_dirs}/qBittorrent/** rwkl -> @{user_config_dirs}/qBittorrent/#[0-9]*[0-9], + owner @{user_config_dirs}/qBittorrent/** rwkl -> @{user_config_dirs}/qBittorrent/#@{int}, owner @{user_share_dirs}/data/ rw, owner @{user_share_dirs}/{,data/}qBittorrent/ rw, - owner @{user_share_dirs}/{,data/}qBittorrent/** rwl -> @{user_share_dirs}/{,data/}qBittorrent/**/#[0-9]*[0-9], + owner @{user_share_dirs}/{,data/}qBittorrent/** rwl -> @{user_share_dirs}/{,data/}qBittorrent/**/#@{int}, # Old dir, not recommended to use: # deny owner @{user_share_dirs}/data/qBittorrent/ rw, # Cache dir owner @{user_cache_dirs}/ rw, - owner @{user_cache_dirs}/#[0-9]*[0-9] rw, + owner @{user_cache_dirs}/#@{int} rw, owner @{user_cache_dirs}/qBittorrent/{,**} rw, # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration @@ -140,7 +140,7 @@ profile qbittorrent @{exec_path} { /dev/disk/by-label/ r, - /dev/shm/#[0-9]*[0-9] rw, + /dev/shm/#@{int} rw, owner @{PROC}/@{pids}/fd/ r, deny owner @{PROC}/@{pids}/cmdline r, @@ -260,11 +260,11 @@ profile qbittorrent @{exec_path} { owner @{user_share_dirs}/{,data/}qBittorrent/nova[0-9]/{,**} rw, # Used while searching for torrents - owner /dev/shm/sem.mp-* rwl -> /dev/shm/[0-9]*[0-9], + owner /dev/shm/sem.mp-* rwl -> /dev/shm/@{int}, owner /dev/shm/* rw, # To load/add torrents from the search engine - owner /tmp/[0-9]*[0-9] rw, + owner /tmp/@{int} rw, owner /tmp/tmp* rw, # file_inherit diff --git a/apparmor.d/profiles-m-r/qbittorrent-nox b/apparmor.d/profiles-m-r/qbittorrent-nox index ed803bf93..9fb2cc601 100644 --- a/apparmor.d/profiles-m-r/qbittorrent-nox +++ b/apparmor.d/profiles-m-r/qbittorrent-nox @@ -24,15 +24,15 @@ profile qbittorrent-nox @{exec_path} { # Qbittorrent home dirs owner @{user_config_dirs}/qBittorrent/ rw, - owner @{user_config_dirs}/qBittorrent/** rwkl -> @{user_config_dirs}/qBittorrent/#[0-9]*[0-9], + owner @{user_config_dirs}/qBittorrent/** rwkl -> @{user_config_dirs}/qBittorrent/#@{int}, owner @{user_share_dirs}/qBittorrent/ rw, - owner @{user_share_dirs}/qBittorrent/** rwl -> @{user_share_dirs}/data/qBittorrent/**/#[0-9]*[0-9], + owner @{user_share_dirs}/qBittorrent/** rwl -> @{user_share_dirs}/data/qBittorrent/**/#@{int}, # Old dir, not recommended to use: deny owner @{user_share_dirs}/data/qBittorrent/ rw, # Cache dir owner @{user_cache_dirs}/ rw, - owner @{user_cache_dirs}/#[0-9]*[0-9] rw, + owner @{user_cache_dirs}/#@{int} rw, owner @{user_cache_dirs}/qBittorrent/{,**} rw, # Torrent files @@ -41,7 +41,7 @@ profile qbittorrent-nox @{exec_path} { /dev/disk/by-label/ r, - /dev/shm/#[0-9]*[0-9] rw, + /dev/shm/#@{int} rw, owner @{PROC}/@{pid}/mountinfo r, owner @{PROC}/@{pid}/mounts r, diff --git a/apparmor.d/profiles-m-r/qnapi b/apparmor.d/profiles-m-r/qnapi index a2920fd5e..d42a38dd2 100644 --- a/apparmor.d/profiles-m-r/qnapi +++ b/apparmor.d/profiles-m-r/qnapi @@ -57,8 +57,8 @@ profile qnapi @{exec_path} { owner @{user_config_dirs}/qnapi.ini rw, owner @{user_config_dirs}/qnapi.ini.lock rwk, - owner @{user_config_dirs}/qnapi.ini.* rwl -> @{user_config_dirs}/#@{number}, - owner @{user_config_dirs}/qnapi.ini.mlXXXY rwl -> @{user_config_dirs}/#@{number}, + owner @{user_config_dirs}/qnapi.ini.* rwl -> @{user_config_dirs}/#@{int}, + owner @{user_config_dirs}/qnapi.ini.mlXXXY rwl -> @{user_config_dirs}/#@{int}, owner @{user_config_dirs}/qt5ct/{,**} r, owner @{user_cache_dirs}/ rw, @@ -66,15 +66,15 @@ profile qnapi @{exec_path} { /tmp/ r, owner /tmp/@{hex}.* rw, owner /tmp/** rw, - owner /tmp/#[0-9]*[0-9] rw, - owner /tmp/QNapi-*-rc wl -> /tmp/#[0-9]*[0-9], + owner /tmp/#@{int} rw, + owner /tmp/QNapi-*-rc wl -> /tmp/#@{int}, owner /tmp/QNapi-*-rc.lock rwk, owner /tmp/QNapi.[0-9]*.tmp rw, owner /tmp/QNapi.[0-9]*.tmp.* rw, - owner /tmp/QNapi.[0-9]*.tmp.* rwl -> /tmp/#[0-9]*[0-9], - owner /tmp/QNapi.[0-9]*[0-9] rw, + owner /tmp/QNapi.[0-9]*.tmp.* rwl -> /tmp/#@{int}, + owner /tmp/QNapi.@{int} rw, - owner /dev/shm/#[0-9]*[0-9] rw, + owner /dev/shm/#@{int} rw, deny owner @{PROC}/@{pid}/cmdline r, owner @{PROC}/@{pid}/mountinfo r, diff --git a/apparmor.d/profiles-m-r/qpdfview b/apparmor.d/profiles-m-r/qpdfview index 3a27e4a8b..ebef6c9bf 100644 --- a/apparmor.d/profiles-m-r/qpdfview +++ b/apparmor.d/profiles-m-r/qpdfview @@ -50,17 +50,17 @@ profile qpdfview @{exec_path} { owner @{user_work_dirs}/{,**} rw, owner @{user_config_dirs}/qpdfview/ rw, - owner @{user_config_dirs}/qpdfview/* rwkl -> @{user_config_dirs}/qpdfview/#[0-9]*[0-9], + owner @{user_config_dirs}/qpdfview/* rwkl -> @{user_config_dirs}/qpdfview/#@{int}, owner @{user_share_dirs}/qpdfview/ rw, owner @{user_share_dirs}/qpdfview/** rwk, owner @{user_config_dirs}/qt5ct/{,**} r, - owner /dev/shm/#[0-9]*[0-9] rw, + owner /dev/shm/#@{int} rw, owner /tmp/@{hex} rw, - owner /tmp/#[0-9]*[0-9] rw, - owner /tmp/qpdfview.*.pdf rwl -> /tmp/#[0-9]*[0-9], + owner /tmp/#@{int} rw, + owner /tmp/qpdfview.*.pdf rwl -> /tmp/#@{int}, owner @{PROC}/@{pid}/mountinfo r, owner @{PROC}/@{pid}/mounts r, diff --git a/apparmor.d/profiles-m-r/qt5ct b/apparmor.d/profiles-m-r/qt5ct index 40393bf41..89c0a90d4 100644 --- a/apparmor.d/profiles-m-r/qt5ct +++ b/apparmor.d/profiles-m-r/qt5ct @@ -23,11 +23,11 @@ profile qt5ct @{exec_path} { @{exec_path} mr, owner @{user_config_dirs}/qt5ct/ rw, - owner @{user_config_dirs}/qt5ct/** rwkl -> @{user_config_dirs}/qt5ct/#[0-9]*[0-9], + owner @{user_config_dirs}/qt5ct/** rwkl -> @{user_config_dirs}/qt5ct/#@{int}, owner @{user_config_dirs}/fontconfig/ rw, owner @{user_config_dirs}/fontconfig/** rw, - owner @{user_config_dirs}/fontconfig/fonts.conf.back rwl -> @{user_config_dirs}/fontconfig/#[0-9]*[0-9], + owner @{user_config_dirs}/fontconfig/fonts.conf.back rwl -> @{user_config_dirs}/fontconfig/#@{int}, owner @{user_config_dirs}/kdeglobals r, @@ -48,7 +48,7 @@ profile qt5ct @{exec_path} { /usr/share/hwdata/pnp.ids r, - /dev/shm/#[0-9]*[0-9] rw, + /dev/shm/#@{int} rw, include if exists } diff --git a/apparmor.d/profiles-m-r/quiterss b/apparmor.d/profiles-m-r/quiterss index deb69e3a7..382adeec9 100644 --- a/apparmor.d/profiles-m-r/quiterss +++ b/apparmor.d/profiles-m-r/quiterss @@ -63,7 +63,7 @@ profile quiterss @{exec_path} { /usr/share/hwdata/pnp.ids r, - /dev/shm/#[0-9]*[0-9] rw, + /dev/shm/#@{int} rw, owner /tmp/qtsingleapp-quiter-[0-9]*-[0-9]* rw, owner /tmp/qtsingleapp-quiter-[0-9]*-[0-9]*-lockfile rwk, diff --git a/apparmor.d/profiles-m-r/redshift b/apparmor.d/profiles-m-r/redshift index 6272c8fe3..47d36accb 100644 --- a/apparmor.d/profiles-m-r/redshift +++ b/apparmor.d/profiles-m-r/redshift @@ -17,7 +17,7 @@ profile redshift @{exec_path} { dbus send bus=system - path=/org/freedesktop/GeoClue2/Client/[0-9]*[0-9], + path=/org/freedesktop/GeoClue2/Client/@{int}, dbus receive bus=system diff --git a/apparmor.d/profiles-m-r/rpi-imager b/apparmor.d/profiles-m-r/rpi-imager index 3690f8857..91e513c5a 100644 --- a/apparmor.d/profiles-m-r/rpi-imager +++ b/apparmor.d/profiles-m-r/rpi-imager @@ -54,11 +54,11 @@ profile rpi-imager @{exec_path} { owner "@{user_cache_dirs}/Raspberry Pi/**" rwl -> "@{user_cache_dirs}/Raspberry Pi/**", owner "@{user_config_dirs}/Raspberry Pi/{,**}" rw, owner @{user_cache_dirs}/ rw, - owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/@{hex} rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9], - owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw, + owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/@{hex} rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#@{int}, + owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/#@{int} rw, owner @{user_cache_dirs}/qtshadercache/ rw, - owner @{user_cache_dirs}/qtshadercache/@{hex} rwl -> @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9], - owner @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9] rw, + owner @{user_cache_dirs}/qtshadercache/@{hex} rwl -> @{user_cache_dirs}/qtshadercache/#@{int}, + owner @{user_cache_dirs}/qtshadercache/#@{int} rw, owner @{user_config_dirs}/qt5ct/{,**} r, owner @{user_config_dirs}/QtProject.conf r, diff --git a/apparmor.d/profiles-m-r/run-parts b/apparmor.d/profiles-m-r/run-parts index eb8d9f68b..1800ee54b 100644 --- a/apparmor.d/profiles-m-r/run-parts +++ b/apparmor.d/profiles-m-r/run-parts @@ -129,7 +129,7 @@ profile run-parts @{exec_path} { /etc/kernel/prerm.d/ r, /etc/kernel/prerm.d/dkms rCx -> kernel, - owner /tmp/#@{number} rw, + owner /tmp/#@{int} rw, owner /tmp/$anacron* rw, owner @{sys}/class/power_supply/ r, diff --git a/apparmor.d/profiles-s-z/scrcpy b/apparmor.d/profiles-s-z/scrcpy index 5ca4fe450..7258e7273 100644 --- a/apparmor.d/profiles-s-z/scrcpy +++ b/apparmor.d/profiles-s-z/scrcpy @@ -32,7 +32,7 @@ profile scrcpy @{exec_path} { /var/lib/dbus/machine-id r, owner @{user_config_dirs}/ibus/bus/ r, - owner @{user_config_dirs}/ibus/bus/@{md5}-unix-{,wayland-}@{number} r, + owner @{user_config_dirs}/ibus/bus/@{md5}-unix-{,wayland-}@{int} r, include if exists } diff --git a/apparmor.d/profiles-s-z/scrot b/apparmor.d/profiles-s-z/scrot index 397360ea7..12b7f3265 100644 --- a/apparmor.d/profiles-s-z/scrot +++ b/apparmor.d/profiles-s-z/scrot @@ -22,7 +22,7 @@ profile scrot @{exec_path} { owner @{HOME}/.Xauthority r, - /dev/shm/#[0-9]*[0-9] rw, + /dev/shm/#@{int} rw, owner @{HOME}/.icons/default/index.theme r, /usr/share/icons/*/index.theme r, diff --git a/apparmor.d/profiles-s-z/smplayer b/apparmor.d/profiles-s-z/smplayer index 91f6b0ba2..f81309272 100644 --- a/apparmor.d/profiles-s-z/smplayer +++ b/apparmor.d/profiles-s-z/smplayer @@ -61,10 +61,10 @@ profile smplayer @{exec_path} { owner @{user_videos_dirs}/{,**} rw, owner @{user_config_dirs}/smplayer/ rw, - owner @{user_config_dirs}/smplayer/* rwkl -> @{user_config_dirs}/smplayer/#[0-9]*[0-9], + owner @{user_config_dirs}/smplayer/* rwkl -> @{user_config_dirs}/smplayer/#@{int}, owner @{user_config_dirs}/qt5ct/{,**} r, - owner @{user_cache_dirs}/#[0-9]*[0-9] rw, + owner @{user_cache_dirs}/#@{int} rw, owner /tmp/qtsingleapp-smplay-* rw, owner /tmp/qtsingleapp-smplay-*-lockfile rwk, @@ -75,7 +75,7 @@ profile smplayer @{exec_path} { owner @{run}/user/@{uid}/gvfs/smb-share:server=*,share=**/ r, owner @{run}/user/@{uid}/gvfs/smb-share:server=*,share=** r, - owner /dev/shm/#[0-9]*[0-9] rw, + owner /dev/shm/#@{int} rw, deny owner @{PROC}/@{pid}/stat r, deny owner @{PROC}/@{pid}/cmdline r, diff --git a/apparmor.d/profiles-s-z/smtube b/apparmor.d/profiles-s-z/smtube index 4a8f18034..f958a0e0e 100644 --- a/apparmor.d/profiles-s-z/smtube +++ b/apparmor.d/profiles-s-z/smtube @@ -33,15 +33,15 @@ profile smtube @{exec_path} { # SMTube config files owner @{user_config_dirs}/smtube/ rw, - owner @{user_config_dirs}/smtube/* rwkl -> @{user_config_dirs}/smtube/#[0-9]*[0-9], + owner @{user_config_dirs}/smtube/* rwkl -> @{user_config_dirs}/smtube/#@{int}, # Needed for updating YT code owner @{user_config_dirs}/smplayer/yt.js rw, - owner @{user_config_dirs}/smplayer/#[0-9]*[0-9] rw, + owner @{user_config_dirs}/smplayer/#@{int} rw, owner @{user_config_dirs}/smplayer/hdpi.ini rw, owner @{user_config_dirs}/smplayer/hdpi.ini.lock rwk, - owner @{user_config_dirs}/smplayer/hdpi.ini.* rwl -> @{user_config_dirs}/smplayer/#[0-9]*[0-9], + owner @{user_config_dirs}/smplayer/hdpi.ini.* rwl -> @{user_config_dirs}/smplayer/#@{int}, # To configure Qt5 settings (theme, font, icons, etc.) under DE/WM without Qt integration owner @{user_config_dirs}/qt5ct/{,**} r, @@ -57,7 +57,7 @@ profile smtube @{exec_path} { /usr/share/hwdata/pnp.ids r, - /dev/shm/#[0-9]*[0-9] rw, + /dev/shm/#@{int} rw, deny owner @{PROC}/@{pid}/cmdline r, owner @{PROC}/@{pid}/fd/ r, diff --git a/apparmor.d/profiles-s-z/steam b/apparmor.d/profiles-s-z/steam index 76f6077af..b265ea2c8 100644 --- a/apparmor.d/profiles-s-z/steam +++ b/apparmor.d/profiles-s-z/steam @@ -148,7 +148,7 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted,complain) owner @{run}/user/@{uid}/.mutter-Xwaylandauth.[0-9A-Z]* rw, owner @{run}/user/@{uid}/gdm/Xauthority r, - owner /dev/shm/#[0-9]* rw, + owner /dev/shm/#@{int} rw, owner /dev/shm/fossilize-*-[0-9]*-[0-9]* rw, owner /dev/shm/u@{uid}-Shm_@{hex} rw, owner /dev/shm/u@{uid}-ValveIPCSharedObj-Steam rwk, diff --git a/apparmor.d/profiles-s-z/steam-game b/apparmor.d/profiles-s-z/steam-game index 75c9308ba..b31521e11 100644 --- a/apparmor.d/profiles-s-z/steam-game +++ b/apparmor.d/profiles-s-z/steam-game @@ -177,7 +177,7 @@ profile steam-game @{exec_path} flags=(attach_disconnected) { owner @{run}/user/@{uid}/gdm/Xauthority r, owner @{run}/user/@{uid}/orcexec.* mrw, # gstreamer - owner /dev/shm/#[0-9]* rw, + owner /dev/shm/#@{int} rw, owner /dev/shm/mono.* rw, owner /dev/shm/u@{uid}-Shm_@{hex} rw, owner /dev/shm/u@{uid}-ValveIPCSharedObj-Steam rwk, diff --git a/apparmor.d/profiles-s-z/strawberry b/apparmor.d/profiles-s-z/strawberry index 20667d12d..b9971fc24 100644 --- a/apparmor.d/profiles-s-z/strawberry +++ b/apparmor.d/profiles-s-z/strawberry @@ -53,14 +53,14 @@ profile strawberry @{exec_path} { owner @{HOME}/ r, owner @{user_config_dirs}/strawberry/ rw, - owner @{user_config_dirs}/strawberry/* rwkl -> @{user_config_dirs}/strawberry/#[0-9]*[0-9], + owner @{user_config_dirs}/strawberry/* rwkl -> @{user_config_dirs}/strawberry/#@{int}, owner @{user_share_dirs}/strawberry/ rw, owner @{user_share_dirs}/strawberry/** rwk, owner @{user_cache_dirs}/ rw, owner @{user_cache_dirs}/strawberry/ rw, - owner @{user_cache_dirs}/strawberry/** rwl -> @{user_cache_dirs}/strawberry/networkcache/prepared/#[0-9]*[0-9], + owner @{user_cache_dirs}/strawberry/** rwl -> @{user_cache_dirs}/strawberry/networkcache/prepared/#@{int}, owner @{user_cache_dirs}/xine-lib/ rw, owner @{user_cache_dirs}/xine-lib/plugins.cache{,.new} rw, @@ -78,15 +78,15 @@ profile strawberry @{exec_path} { /etc/fstab r, - /dev/shm/#[0-9]*[0-9] rw, + /dev/shm/#@{int} rw, /dev/sr[0-9]* r, owner /tmp/qipc_{systemsem,sharedmemory}_*[a-f0-9]* rw, owner /tmp/.*/ rw, owner /tmp/.*/s rw, owner /tmp/strawberry*[0-9] w, - owner /tmp/strawberry-cover-*.jpg rwl -> /tmp/#[0-9]*[0-9], - owner /tmp/#[0-9]*[0-9] rw, + owner /tmp/strawberry-cover-*.jpg rwl -> /tmp/#@{int}, + owner /tmp/#@{int} rw, owner /tmp/*= w, owner /var/tmp/etilqs_@{hex} rw, diff --git a/apparmor.d/profiles-s-z/tint2 b/apparmor.d/profiles-s-z/tint2 index 92c44b095..b657f8f84 100644 --- a/apparmor.d/profiles-s-z/tint2 +++ b/apparmor.d/profiles-s-z/tint2 @@ -50,7 +50,7 @@ profile tint2 @{exec_path} { @{sys}/fs/cgroup/{,**} r, - /dev/shm/#[0-9]*[0-9] rw, + /dev/shm/#@{int} rw, owner @{PROC}/@{pid}/cgroup r, owner @{PROC}/@{pid}/mountinfo r, diff --git a/apparmor.d/profiles-s-z/updatedb.plocate b/apparmor.d/profiles-s-z/updatedb.plocate index 31d9af293..10e5836fb 100644 --- a/apparmor.d/profiles-s-z/updatedb.plocate +++ b/apparmor.d/profiles-s-z/updatedb.plocate @@ -26,8 +26,8 @@ profile updatedb.plocate @{exec_path} { owner @{PROC}/@{pid}/mounts r, /var/lib/plocate/plocate.db rw, - /var/lib/plocate/#[0-9]* rw, - /var/lib/plocate/plocate.db rwl -> /var/lib/plocate/#[0-9]*, + /var/lib/plocate/#@{int} rw, + /var/lib/plocate/plocate.db rwl -> /var/lib/plocate/#@{int}, / r, /**/ r, diff --git a/apparmor.d/profiles-s-z/usbguard-applet-qt b/apparmor.d/profiles-s-z/usbguard-applet-qt index 8189e7059..6f8e36402 100644 --- a/apparmor.d/profiles-s-z/usbguard-applet-qt +++ b/apparmor.d/profiles-s-z/usbguard-applet-qt @@ -25,9 +25,9 @@ profile usbguard-applet-qt @{exec_path} { @{exec_path} mr, owner @{user_config_dirs}/USBGuard/ rw, - owner @{user_config_dirs}/USBGuard/* rwkl -> @{user_config_dirs}/USBGuard/#[0-9]*[0-9], + owner @{user_config_dirs}/USBGuard/* rwkl -> @{user_config_dirs}/USBGuard/#@{int}, - /dev/shm/#[0-9]*[0-9] rw, + /dev/shm/#@{int} rw, /dev/shm/qb-usbguard-{request,response,event}-[0-9]*-[0-9]*-[0-9]*-{header,data} rw, /dev/shm/qb-[0-9]*-[0-9]*-[0-9]*-*/qb-{request,response,event}-usbguard-{header,data} rw, diff --git a/apparmor.d/profiles-s-z/vidcutter b/apparmor.d/profiles-s-z/vidcutter index 0d61e62b9..281414fdb 100644 --- a/apparmor.d/profiles-s-z/vidcutter +++ b/apparmor.d/profiles-s-z/vidcutter @@ -57,14 +57,14 @@ profile vidcutter @{exec_path} { owner @{user_videos_dirs}/{,**} rw, owner @{user_config_dirs}/vidcutter/ rw, - owner @{user_config_dirs}/vidcutter/* rwkl -> @{user_config_dirs}/vidcutter/#[0-9]*[0-9], + owner @{user_config_dirs}/vidcutter/* rwkl -> @{user_config_dirs}/vidcutter/#@{int}, owner @{user_cache_dirs}/ rw, - owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/@{hex} rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9], - owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/#[0-9]*[0-9] rw, + owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/@{hex} rwl -> @{user_cache_dirs}/qtshadercache-*-little_endian-*/#@{int}, + owner @{user_cache_dirs}/qtshadercache-*-little_endian-*/#@{int} rw, owner @{user_cache_dirs}/qtshadercache/ rw, - owner @{user_cache_dirs}/qtshadercache/@{hex} rwl -> @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9], - owner @{user_cache_dirs}/qtshadercache/#[0-9]*[0-9] rw, + owner @{user_cache_dirs}/qtshadercache/@{hex} rwl -> @{user_cache_dirs}/qtshadercache/#@{int}, + owner @{user_cache_dirs}/qtshadercache/#@{int} rw, owner @{user_config_dirs}/qt5ct/{,**} r, @@ -72,8 +72,8 @@ profile vidcutter @{exec_path} { @{sys}/devices/system/node/node[0-9]*/meminfo r, owner /tmp/vidcutter-@{uuid} w, - owner /tmp/#[0-9]*[0-9] rw, - owner /tmp/*.jpg rwl -> /tmp/#[0-9]*[0-9], + owner /tmp/#@{int} rw, + owner /tmp/*.jpg rwl -> /tmp/#@{int}, owner /tmp/vidcutter/{,*} rw, deny owner @{PROC}/@{pid}/cmdline r, @@ -83,7 +83,7 @@ profile vidcutter @{exec_path} { deny @{PROC}/sys/kernel/random/boot_id r, /dev/ r, - /dev/shm/#[0-9]*[0-9] rw, + /dev/shm/#@{int} rw, /dev/disk/*/ r, owner /dev/tty[0-9]* rw, diff --git a/apparmor.d/profiles-s-z/wireshark b/apparmor.d/profiles-s-z/wireshark index 0113a5974..13732d3b3 100644 --- a/apparmor.d/profiles-s-z/wireshark +++ b/apparmor.d/profiles-s-z/wireshark @@ -76,7 +76,7 @@ profile wireshark @{exec_path} { /usr/share/GeoIP/{,**} r, - /dev/shm/#[0-9]*[0-9] rw, + /dev/shm/#@{int} rw, owner /tmp/wireshark_extcap_ciscodump_[0-9]*_* rw, diff --git a/apparmor.d/profiles-s-z/wpa-gui b/apparmor.d/profiles-s-z/wpa-gui index d0fc1874f..b356eb29e 100644 --- a/apparmor.d/profiles-s-z/wpa-gui +++ b/apparmor.d/profiles-s-z/wpa-gui @@ -26,7 +26,7 @@ profile wpa-gui @{exec_path} { owner @{user_config_dirs}/qt5ct/{,**} r, owner /tmp/wpa_ctrl_@{pid}-[0-9] w, - owner /dev/shm/#[0-9]*[0-9] rw, + owner /dev/shm/#@{int} rw, @{run}/wpa_supplicant/ r, diff --git a/apparmor.d/tunables/multiarch.d/apparmor.d b/apparmor.d/tunables/multiarch.d/apparmor.d index 2ae56bec1..7184b2a96 100644 --- a/apparmor.d/tunables/multiarch.d/apparmor.d +++ b/apparmor.d/tunables/multiarch.d/apparmor.d @@ -6,14 +6,14 @@ # To allow extended personalisation without breaking everything. # All apparmor profiles should always use the variables defined here. -# Single hex character +# Single hexadecimal character @{h}=[0-9a-fA-F] # Single alphanumeric character @{c}=[0-9a-zA-Z] # Only number (0-9999999999) -@{number}={[0-9],[0-9][0-9],[0-9][0-9][0-9],[0-9][0-9][0-9][0-9],[0-9][0-9][0-9][0-9][0-9],[0-9][0-9][0-9][0-9][0-9][0-9],[0-9][0-9][0-9][0-9][0-9][0-9][0-9],[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9],[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9],[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]} +@{int}={[0-9],[0-9][0-9],[0-9][0-9][0-9],[0-9][0-9][0-9][0-9],[0-9][0-9][0-9][0-9][0-9],[0-9][0-9][0-9][0-9][0-9][0-9],[0-9][0-9][0-9][0-9][0-9][0-9][0-9],[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9],[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9],[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]} # Any six characters @{rand6}=@{c}@{c}@{c}@{c}@{c}@{c} diff --git a/dists/ubuntu/abstractions/trash b/dists/ubuntu/abstractions/trash index 4c1473d85..aab16b92c 100644 --- a/dists/ubuntu/abstractions/trash +++ b/dists/ubuntu/abstractions/trash @@ -4,16 +4,16 @@ abi , owner @{user_config_dirs}/trashrc rw, owner @{user_config_dirs}/trashrc.lock rwk, - owner @{user_config_dirs}/#[0-9]*[0-9] rwk, - owner @{user_config_dirs}/trashrc.* rwl -> @{user_config_dirs}/#[0-9]*[0-9], + owner @{user_config_dirs}/#@{int} rwk, + owner @{user_config_dirs}/trashrc.* rwl -> @{user_config_dirs}/#@{int}, - owner @{run}/user/@{uid}/#[0-9]*[0-9] rw, - owner @{run}/user/@{uid}/trash.so*.[0-9].slave-socket rwl -> @{run}/user/@{uid}/#[0-9]*[0-9], + owner @{run}/user/@{uid}/#@{int} rw, + owner @{run}/user/@{uid}/trash.so*.[0-9].slave-socket rwl -> @{run}/user/@{uid}/#@{int}, # Home trash location owner @{user_share_dirs}/Trash/ rw, - owner @{user_share_dirs}/Trash/#[0-9]*[0-9] rw, - owner @{user_share_dirs}/Trash/directorysizes{,.*} rwl -> @{user_share_dirs}/Trash/#[0-9]*[0-9], + owner @{user_share_dirs}/Trash/#@{int} rw, + owner @{user_share_dirs}/Trash/directorysizes{,.*} rwl -> @{user_share_dirs}/Trash/#@{int}, owner @{user_share_dirs}/Trash/files/{,**} rw, owner @{user_share_dirs}/Trash/info/ rw, owner @{user_share_dirs}/Trash/info/*.trashinfo{,.*} rw, @@ -25,8 +25,8 @@ abi , # Partitions' trash location when the admin creates the .Trash/ folder in the top lvl dir owner /media/*/.Trash/ rw, owner /media/*/.Trash/@{uid}/ rw, - owner /media/*/.Trash/@{uid}/#[0-9]*[0-9] rw, - owner /media/*/.Trash/@{uid}/directorysizes{,.*} rwl -> /media/*/.Trash/@{uid}/#[0-9]*[0-9], + owner /media/*/.Trash/@{uid}/#@{int} rw, + owner /media/*/.Trash/@{uid}/directorysizes{,.*} rwl -> /media/*/.Trash/@{uid}/#@{int}, owner /media/*/.Trash/@{uid}/files/{,**} rw, owner /media/*/.Trash/@{uid}/info/ rw, owner /media/*/.Trash/@{uid}/info/*.trashinfo{,.*} rw, @@ -37,8 +37,8 @@ abi , # Partitions' trash location when the admin doesn't create the .Trash/ folder in the top lvl dir owner /media/*/.Trash-@{uid}/ rw, - owner /media/*/.Trash-@{uid}/#[0-9]*[0-9] rw, - owner /media/*/.Trash-@{uid}/directorysizes{,.*} rwl -> /media/*/.Trash-@{uid}/#[0-9]*[0-9], + owner /media/*/.Trash-@{uid}/#@{int} rw, + owner /media/*/.Trash-@{uid}/directorysizes{,.*} rwl -> /media/*/.Trash-@{uid}/#@{int}, owner /media/*/.Trash-@{uid}/files/{,**} rw, owner /media/*/.Trash-@{uid}/info/ rw, owner /media/*/.Trash-@{uid}/info/*.trashinfo{,.*} rw, @@ -50,8 +50,8 @@ abi , # Removable media's trash location when the admin creates the .Trash/ folder in the top lvl dir owner /media/*/*/.Trash/ rw, owner /media/*/*/.Trash/@{uid}/ rw, - owner /media/*/*/.Trash/@{uid}/#[0-9]*[0-9] rw, - owner /media/*/*/.Trash/@{uid}/directorysizes{,.*} rwl -> /media/*/*/.Trash/@{uid}/#[0-9]*[0-9], + owner /media/*/*/.Trash/@{uid}/#@{int} rw, + owner /media/*/*/.Trash/@{uid}/directorysizes{,.*} rwl -> /media/*/*/.Trash/@{uid}/#@{int}, owner /media/*/*/.Trash/@{uid}/files/{,**} rw, owner /media/*/*/.Trash/@{uid}/info/ rw, owner /media/*/*/.Trash/@{uid}/info/*.trashinfo{,.*} rw, @@ -62,8 +62,8 @@ abi , # Removable media's trash location when the admin doesn't create the .Trash/ folder in the top lvl dir owner /media/*/*/.Trash-@{uid}/ rw, - owner /media/*/*/.Trash-@{uid}/#[0-9]*[0-9] rw, - owner /media/*/*/.Trash-@{uid}/directorysizes{,.*} rwl -> /media/*/*/.Trash-@{uid}/#[0-9]*[0-9], + owner /media/*/*/.Trash-@{uid}/#@{int} rw, + owner /media/*/*/.Trash-@{uid}/directorysizes{,.*} rwl -> /media/*/*/.Trash-@{uid}/#@{int}, owner /media/*/*/.Trash-@{uid}/files/{,**} rw, owner /media/*/*/.Trash-@{uid}/info/ rw, owner /media/*/*/.Trash-@{uid}/info/*.trashinfo{,.*} rw,