From aafcd1c861c4ea9afdf0bc535b2bc10e50fa81ef Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Fri, 15 Aug 2025 17:21:24 +0200
Subject: [PATCH] feat(profile): simplify ssh home path.

---
 apparmor.d/groups/ssh/ssh        | 4 +---
 apparmor.d/groups/ssh/ssh-keygen | 8 ++++----
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/apparmor.d/groups/ssh/ssh b/apparmor.d/groups/ssh/ssh
index 75a25771f..03236196c 100644
--- a/apparmor.d/groups/ssh/ssh
+++ b/apparmor.d/groups/ssh/ssh
@@ -36,9 +36,7 @@ profile ssh @{exec_path} {
   @{etc_ro}/ssh/sshd_config.d/{,*} r,
   /etc/machine-id r,
 
-  owner @{HOME}/@{XDG_SSH_DIR}/ r,
-  owner @{HOME}/@{XDG_SSH_DIR}/*_*{,.pub} r,
-  owner @{HOME}/@{XDG_SSH_DIR}/config r,
+  owner @{HOME}/@{XDG_SSH_DIR}/{,*} r,
   owner @{HOME}/@{XDG_SSH_DIR}/known_hosts{,.*} rwl,
   owner @{HOME}/@{XDG_SSH_DIR}/ssh_control_*_*_* wl,
 
diff --git a/apparmor.d/groups/ssh/ssh-keygen b/apparmor.d/groups/ssh/ssh-keygen
index 397ffdcd6..b55824e58 100644
--- a/apparmor.d/groups/ssh/ssh-keygen
+++ b/apparmor.d/groups/ssh/ssh-keygen
@@ -15,13 +15,13 @@ profile ssh-keygen @{exec_path} {
 
   @{exec_path} mr,
 
+  /etc/ssh/moduli rw,
   /etc/ssh/ssh_host_*_key* rw,
 
-  owner @{HOME}/@{XDG_SSH_DIR}/ w,
-  owner @{HOME}/@{XDG_SSH_DIR}/*_*{,.pub} rw,
+  owner @{HOME}/@{XDG_SSH_DIR}/{,*} rw,
 
-  /tmp/snapd@{int}/*_*{,.pub} w,
-  /tmp/snapd@{int}/*.key{,.pub} w,
+  owner /tmp/snapd@{int}/*_*{,.pub} w,
+  owner /tmp/snapd@{int}/*.key{,.pub} w,
 
   /dev/tty@{int} rw,
   /dev/ttyS@{int} rw,