From af0c622b35c03dfc40716a60ec075fc12b04376a Mon Sep 17 00:00:00 2001 From: Jeroen Rijken Date: Sat, 13 Aug 2022 21:02:42 +0200 Subject: [PATCH] Replace rm with mr. --- apparmor.d/abstractions/lightdm | 14 ++++---- .../usr.lib.libreoffice.program.soffice.bin | 8 ++--- apparmor.d/groups/avahi/avahi-autoipd | 2 +- apparmor.d/groups/avahi/avahi-browse | 2 +- apparmor.d/groups/avahi/avahi-daemon | 2 +- apparmor.d/groups/avahi/avahi-publish | 2 +- apparmor.d/groups/avahi/avahi-resolve | 2 +- apparmor.d/groups/avahi/avahi-set-host-name | 2 +- .../groups/freedesktop/xdg-document-portal | 2 +- apparmor.d/groups/grub/grub-bios-setup | 2 +- apparmor.d/groups/grub/grub-editenv | 2 +- apparmor.d/groups/grub/grub-file | 2 +- apparmor.d/groups/grub/grub-fstest | 2 +- apparmor.d/groups/grub/grub-glue-efi | 2 +- apparmor.d/groups/grub/grub-install | 2 +- apparmor.d/groups/grub/grub-kbdcomp | 2 +- apparmor.d/groups/grub/grub-macbless | 2 +- apparmor.d/groups/grub/grub-menulst2cfg | 2 +- apparmor.d/groups/grub/grub-mkconfig | 2 +- apparmor.d/groups/grub/grub-mkdevicemap | 2 +- apparmor.d/groups/grub/grub-mkfont | 2 +- apparmor.d/groups/grub/grub-mkimage | 2 +- apparmor.d/groups/grub/grub-mklayout | 2 +- apparmor.d/groups/grub/grub-mknetdir | 2 +- apparmor.d/groups/grub/grub-mkpasswd-pbkdf2 | 2 +- apparmor.d/groups/grub/grub-mkrelpath | 2 +- apparmor.d/groups/grub/grub-mkrescue | 2 +- apparmor.d/groups/grub/grub-mkstandalone | 2 +- apparmor.d/groups/grub/grub-mount | 2 +- apparmor.d/groups/grub/grub-ntldr-img | 2 +- apparmor.d/groups/grub/grub-probe | 2 +- apparmor.d/groups/grub/grub-reboot | 2 +- apparmor.d/groups/grub/grub-render-label | 2 +- apparmor.d/groups/grub/grub-script-check | 2 +- apparmor.d/groups/grub/grub-set-default | 2 +- apparmor.d/groups/grub/grub-syslinux2cfg | 2 +- apparmor.d/groups/network/mullvad-gui | 2 +- apparmor.d/groups/pacman/mkinitcpio | 8 ++--- apparmor.d/groups/ubuntu/update-grub | 2 +- apparmor.d/profiles-a-f/anyremote | 2 +- apparmor.d/profiles-m-r/man | 32 +++++++++---------- apparmor.d/profiles-s-z/sanoid | 2 +- apparmor.d/profiles-s-z/syncoid | 2 +- apparmor.d/profiles-s-z/zpool | 2 +- .../profiles-s-z/zsys-system-autosnapshot | 2 +- 45 files changed, 72 insertions(+), 72 deletions(-) diff --git a/apparmor.d/abstractions/lightdm b/apparmor.d/abstractions/lightdm index e9fe5ec3d..984aea2f4 100644 --- a/apparmor.d/abstractions/lightdm +++ b/apparmor.d/abstractions/lightdm @@ -46,15 +46,15 @@ /opt/ r, /opt/** rmixk, @{PROC}/ r, - @{PROC}/* rm, + @{PROC}/* mr, @{PROC}/[0-9]*/net/ r, @{PROC}/[0-9]*/net/dev r, - @{PROC}/asound rm, - @{PROC}/asound/** rm, - @{PROC}/ati rm, - @{PROC}/ati/** rm, + @{PROC}/asound mr, + @{PROC}/asound/** mr, + @{PROC}/ati mr, + @{PROC}/ati/** mr, @{PROC}/sys/vm/overcommit_memory r, - owner @{PROC}/** rm, + owner @{PROC}/** mr, # needed for gnome-keyring-daemon @{PROC}/*/status r, # needed for bamfdaemon and utilities such as ps and killall @@ -62,7 +62,7 @@ /sbin/ r, /sbin/** rmixk, /sys/ r, - /sys/** rm, + /sys/** mr, # needed for confined trusted helpers, such as dbus-daemon /sys/kernel/security/apparmor/.access rw, /tmp/ rw, diff --git a/apparmor.d/groups/apps/usr.lib.libreoffice.program.soffice.bin b/apparmor.d/groups/apps/usr.lib.libreoffice.program.soffice.bin index fe753558b..985c43558 100644 --- a/apparmor.d/groups/apps/usr.lib.libreoffice.program.soffice.bin +++ b/apparmor.d/groups/apps/usr.lib.libreoffice.program.soffice.bin @@ -217,9 +217,9 @@ profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin flags=(comp profile gpg { #include - /usr/bin/gpgconf rm, - /usr/bin/gpg rm, - /usr/bin/gpgsm rm, + /usr/bin/gpgconf mr, + /usr/bin/gpg mr, + /usr/bin/gpgsm mr, owner @{HOME}/@{XDG_GPG_DIR}/* r, owner @{HOME}/@{XDG_GPG_DIR}/random_seed rk, @@ -231,7 +231,7 @@ profile libreoffice-soffice /usr/lib/libreoffice/program/soffice.bin flags=(comp owner @{user_config_dirs}/kdeglobals r, /usr/lib/libreoffice/program/lo_kde5filepicker rPUx, /usr/share/qt5/translations/* r, - /usr/lib/*/qt5/plugins/** rm, + /usr/lib/*/qt5/plugins/** mr, /usr/share/plasma/look-and-feel/**/contents/defaults r, # TODO: remove when rules are available in abstractions/kde diff --git a/apparmor.d/groups/avahi/avahi-autoipd b/apparmor.d/groups/avahi/avahi-autoipd index e1c676da9..ddb4a1f5a 100644 --- a/apparmor.d/groups/avahi/avahi-autoipd +++ b/apparmor.d/groups/avahi/avahi-autoipd @@ -19,7 +19,7 @@ profile avahi-autoipd @{exec_path} flags=(complain) { signal receive set=(kill,term), - @{exec_path} rm, + @{exec_path} mr, /etc/avahi/avahi-autoipd.action rix, include if exists diff --git a/apparmor.d/groups/avahi/avahi-browse b/apparmor.d/groups/avahi/avahi-browse index f50c2d39c..837961c3b 100644 --- a/apparmor.d/groups/avahi/avahi-browse +++ b/apparmor.d/groups/avahi/avahi-browse @@ -24,7 +24,7 @@ profile avahi-browse @{exec_path} flags=(complain) { interface=org.freedesktop.Avahi.ServiceTypeBrowser member={ItemNew,CacheExhausted,AllForNow}, - @{exec_path} rm, + @{exec_path} mr, /{usr/,}lib/@{multiarch}/avahi/service-types.db rwk, diff --git a/apparmor.d/groups/avahi/avahi-daemon b/apparmor.d/groups/avahi/avahi-daemon index 439377d13..5a972463e 100644 --- a/apparmor.d/groups/avahi/avahi-daemon +++ b/apparmor.d/groups/avahi/avahi-daemon @@ -14,7 +14,7 @@ profile avahi-daemon @{exec_path} flags=(complain) { network inet dgram, network inet6 dgram, - @{exec_path} rm, + @{exec_path} mr, /etc/avahi/** r, diff --git a/apparmor.d/groups/avahi/avahi-publish b/apparmor.d/groups/avahi/avahi-publish index 16256223b..5895d6a8f 100644 --- a/apparmor.d/groups/avahi/avahi-publish +++ b/apparmor.d/groups/avahi/avahi-publish @@ -11,7 +11,7 @@ profile avahi-publish @{exec_path} flags=(complain) { include include - @{exec_path} rm, + @{exec_path} mr, include if exists } diff --git a/apparmor.d/groups/avahi/avahi-resolve b/apparmor.d/groups/avahi/avahi-resolve index b4dca2949..fe279ac7e 100644 --- a/apparmor.d/groups/avahi/avahi-resolve +++ b/apparmor.d/groups/avahi/avahi-resolve @@ -28,7 +28,7 @@ profile avahi-resolve @{exec_path} flags=(complain) { interface=org.freedesktop.Avahi.AddressResolver member={Failure,Found}, - @{exec_path} rm, + @{exec_path} mr, include if exists } diff --git a/apparmor.d/groups/avahi/avahi-set-host-name b/apparmor.d/groups/avahi/avahi-set-host-name index f970b63ca..ead18ed2e 100644 --- a/apparmor.d/groups/avahi/avahi-set-host-name +++ b/apparmor.d/groups/avahi/avahi-set-host-name @@ -11,7 +11,7 @@ profile avahi-set-host-name @{exec_path} flags=(complain) { include include - @{exec_path} rm, + @{exec_path} mr, include if exists } diff --git a/apparmor.d/groups/freedesktop/xdg-document-portal b/apparmor.d/groups/freedesktop/xdg-document-portal index ca2b2c3ad..ade99e795 100644 --- a/apparmor.d/groups/freedesktop/xdg-document-portal +++ b/apparmor.d/groups/freedesktop/xdg-document-portal @@ -36,7 +36,7 @@ profile xdg-document-portal @{exec_path} { profile flatpak { include - /{usr/,}bin/flatpak rm, + /{usr/,}bin/flatpak mr, / r, /etc/flatpak/remotes.d/{,*} r, diff --git a/apparmor.d/groups/grub/grub-bios-setup b/apparmor.d/groups/grub/grub-bios-setup index d6961bf9c..2abd381b8 100644 --- a/apparmor.d/groups/grub/grub-bios-setup +++ b/apparmor.d/groups/grub/grub-bios-setup @@ -11,7 +11,7 @@ profile grub-bios-setup @{exec_path} flags=(complain) { include include - @{exec_path} rm, + @{exec_path} mr, include if exists } diff --git a/apparmor.d/groups/grub/grub-editenv b/apparmor.d/groups/grub/grub-editenv index 68dcf3fb0..042887e3d 100644 --- a/apparmor.d/groups/grub/grub-editenv +++ b/apparmor.d/groups/grub/grub-editenv @@ -11,7 +11,7 @@ profile grub-editenv @{exec_path} flags=(complain) { include include - @{exec_path} rm, + @{exec_path} mr, /boot/grub/grubenv rw, diff --git a/apparmor.d/groups/grub/grub-file b/apparmor.d/groups/grub/grub-file index 9ddea365b..ccf58d6c4 100644 --- a/apparmor.d/groups/grub/grub-file +++ b/apparmor.d/groups/grub/grub-file @@ -11,7 +11,7 @@ profile grub-file @{exec_path} flags=(complain) { include include - @{exec_path} rm, + @{exec_path} mr, include if exists } diff --git a/apparmor.d/groups/grub/grub-fstest b/apparmor.d/groups/grub/grub-fstest index 6258b4e44..caf64ee2c 100644 --- a/apparmor.d/groups/grub/grub-fstest +++ b/apparmor.d/groups/grub/grub-fstest @@ -11,7 +11,7 @@ profile grub-fstest @{exec_path} flags=(complain) { include include - @{exec_path} rm, + @{exec_path} mr, include if exists } diff --git a/apparmor.d/groups/grub/grub-glue-efi b/apparmor.d/groups/grub/grub-glue-efi index db59cefcd..aeb59a8df 100644 --- a/apparmor.d/groups/grub/grub-glue-efi +++ b/apparmor.d/groups/grub/grub-glue-efi @@ -11,7 +11,7 @@ profile grub-glue-efi @{exec_path} flags=(complain) { include include - @{exec_path} rm, + @{exec_path} mr, include if exists } diff --git a/apparmor.d/groups/grub/grub-install b/apparmor.d/groups/grub/grub-install index 152ea426b..cca0605c2 100644 --- a/apparmor.d/groups/grub/grub-install +++ b/apparmor.d/groups/grub/grub-install @@ -11,7 +11,7 @@ profile grub-install @{exec_path} flags=(complain) { include include - @{exec_path} rm, + @{exec_path} mr, include if exists } diff --git a/apparmor.d/groups/grub/grub-kbdcomp b/apparmor.d/groups/grub/grub-kbdcomp index 2760bd0a9..fce678809 100644 --- a/apparmor.d/groups/grub/grub-kbdcomp +++ b/apparmor.d/groups/grub/grub-kbdcomp @@ -11,7 +11,7 @@ profile grub-kbdcomp @{exec_path} flags=(complain) { include include - @{exec_path} rm, + @{exec_path} mr, include if exists } diff --git a/apparmor.d/groups/grub/grub-macbless b/apparmor.d/groups/grub/grub-macbless index 24e269233..49f08fd1e 100644 --- a/apparmor.d/groups/grub/grub-macbless +++ b/apparmor.d/groups/grub/grub-macbless @@ -11,7 +11,7 @@ profile grub-macbless @{exec_path} flags=(complain) { include include - @{exec_path} rm, + @{exec_path} mr, include if exists } diff --git a/apparmor.d/groups/grub/grub-menulst2cfg b/apparmor.d/groups/grub/grub-menulst2cfg index 7a5f063fe..b2f5ca590 100644 --- a/apparmor.d/groups/grub/grub-menulst2cfg +++ b/apparmor.d/groups/grub/grub-menulst2cfg @@ -11,7 +11,7 @@ profile grub-menulst2cfg @{exec_path} flags=(complain) { include include - @{exec_path} rm, + @{exec_path} mr, include if exists } diff --git a/apparmor.d/groups/grub/grub-mkconfig b/apparmor.d/groups/grub/grub-mkconfig index aeae916eb..3341b30c6 100644 --- a/apparmor.d/groups/grub/grub-mkconfig +++ b/apparmor.d/groups/grub/grub-mkconfig @@ -13,7 +13,7 @@ profile grub-mkconfig @{exec_path} flags=(complain) { capability dac_read_search, - @{exec_path} rm, + @{exec_path} mr, /etc/grub.d/{**,} rix, /{usr/,}bin/{m,g,}awk rix, /{usr/,}bin/basename rix, diff --git a/apparmor.d/groups/grub/grub-mkdevicemap b/apparmor.d/groups/grub/grub-mkdevicemap index 835093bfd..306173901 100644 --- a/apparmor.d/groups/grub/grub-mkdevicemap +++ b/apparmor.d/groups/grub/grub-mkdevicemap @@ -11,7 +11,7 @@ profile grub-mkdevicemap @{exec_path} flags=(complain) { include include - @{exec_path} rm, + @{exec_path} mr, include if exists } diff --git a/apparmor.d/groups/grub/grub-mkfont b/apparmor.d/groups/grub/grub-mkfont index fe5d5c4fa..a0ace1a2a 100644 --- a/apparmor.d/groups/grub/grub-mkfont +++ b/apparmor.d/groups/grub/grub-mkfont @@ -11,7 +11,7 @@ profile grub-mkfont @{exec_path} flags=(complain) { include include - @{exec_path} rm, + @{exec_path} mr, include if exists } diff --git a/apparmor.d/groups/grub/grub-mkimage b/apparmor.d/groups/grub/grub-mkimage index bd4729cfb..2b6212a0a 100644 --- a/apparmor.d/groups/grub/grub-mkimage +++ b/apparmor.d/groups/grub/grub-mkimage @@ -11,7 +11,7 @@ profile grub-mkimage @{exec_path} flags=(complain) { include include - @{exec_path} rm, + @{exec_path} mr, include if exists } diff --git a/apparmor.d/groups/grub/grub-mklayout b/apparmor.d/groups/grub/grub-mklayout index d01086f59..b9a514b72 100644 --- a/apparmor.d/groups/grub/grub-mklayout +++ b/apparmor.d/groups/grub/grub-mklayout @@ -11,7 +11,7 @@ profile grub-mklayout @{exec_path} flags=(complain) { include include - @{exec_path} rm, + @{exec_path} mr, include if exists } diff --git a/apparmor.d/groups/grub/grub-mknetdir b/apparmor.d/groups/grub/grub-mknetdir index ea85f204f..4f37e31a0 100644 --- a/apparmor.d/groups/grub/grub-mknetdir +++ b/apparmor.d/groups/grub/grub-mknetdir @@ -11,7 +11,7 @@ profile grub-mknetdir @{exec_path} flags=(complain) { include include - @{exec_path} rm, + @{exec_path} mr, include if exists } diff --git a/apparmor.d/groups/grub/grub-mkpasswd-pbkdf2 b/apparmor.d/groups/grub/grub-mkpasswd-pbkdf2 index 33ccfa78e..ef9e5c6da 100644 --- a/apparmor.d/groups/grub/grub-mkpasswd-pbkdf2 +++ b/apparmor.d/groups/grub/grub-mkpasswd-pbkdf2 @@ -11,7 +11,7 @@ profile grub-mkpasswd-pbkdf2 @{exec_path} flags=(complain) { include include - @{exec_path} rm, + @{exec_path} mr, include if exists } diff --git a/apparmor.d/groups/grub/grub-mkrelpath b/apparmor.d/groups/grub/grub-mkrelpath index 794313a3d..76e7c0a3f 100644 --- a/apparmor.d/groups/grub/grub-mkrelpath +++ b/apparmor.d/groups/grub/grub-mkrelpath @@ -11,7 +11,7 @@ profile grub-mkrelpath @{exec_path} flags=(complain) { include include - @{exec_path} rm, + @{exec_path} mr, /{usr/,}{local/,}{s,}bin/zpool rPx, @{PROC}/@{pids}/mountinfo r, diff --git a/apparmor.d/groups/grub/grub-mkrescue b/apparmor.d/groups/grub/grub-mkrescue index 252c1df4d..9948ac15f 100644 --- a/apparmor.d/groups/grub/grub-mkrescue +++ b/apparmor.d/groups/grub/grub-mkrescue @@ -11,7 +11,7 @@ profile grub-mkrescue @{exec_path} flags=(complain) { include include - @{exec_path} rm, + @{exec_path} mr, include if exists } diff --git a/apparmor.d/groups/grub/grub-mkstandalone b/apparmor.d/groups/grub/grub-mkstandalone index b2be219c0..90e3a4c46 100644 --- a/apparmor.d/groups/grub/grub-mkstandalone +++ b/apparmor.d/groups/grub/grub-mkstandalone @@ -11,7 +11,7 @@ profile grub-mkstandalone @{exec_path} flags=(complain) { include include - @{exec_path} rm, + @{exec_path} mr, include if exists } diff --git a/apparmor.d/groups/grub/grub-mount b/apparmor.d/groups/grub/grub-mount index 6ea7afefa..b855d7e45 100644 --- a/apparmor.d/groups/grub/grub-mount +++ b/apparmor.d/groups/grub/grub-mount @@ -11,7 +11,7 @@ profile grub-mount @{exec_path} flags=(complain) { include include - @{exec_path} rm, + @{exec_path} mr, include if exists } diff --git a/apparmor.d/groups/grub/grub-ntldr-img b/apparmor.d/groups/grub/grub-ntldr-img index 766c505d1..6b8c10722 100644 --- a/apparmor.d/groups/grub/grub-ntldr-img +++ b/apparmor.d/groups/grub/grub-ntldr-img @@ -11,7 +11,7 @@ profile grub-ntldr-img @{exec_path} flags=(complain) { include include - @{exec_path} rm, + @{exec_path} mr, include if exists } diff --git a/apparmor.d/groups/grub/grub-probe b/apparmor.d/groups/grub/grub-probe index 64ad23e21..416d25e1c 100644 --- a/apparmor.d/groups/grub/grub-probe +++ b/apparmor.d/groups/grub/grub-probe @@ -14,7 +14,7 @@ profile grub-probe @{exec_path} flags=(complain) { capability sys_admin, - @{exec_path} rm, + @{exec_path} mr, /{usr/,}bin/lsb_release rPx -> lsb_release, /{usr/,}bin/udevadm rPx, /{usr/,}{local/,}{s,}bin/zpool rPx, diff --git a/apparmor.d/groups/grub/grub-reboot b/apparmor.d/groups/grub/grub-reboot index 229aea9a2..f16643fff 100644 --- a/apparmor.d/groups/grub/grub-reboot +++ b/apparmor.d/groups/grub/grub-reboot @@ -11,7 +11,7 @@ profile grub-reboot @{exec_path} flags=(complain) { include include - @{exec_path} rm, + @{exec_path} mr, include if exists } diff --git a/apparmor.d/groups/grub/grub-render-label b/apparmor.d/groups/grub/grub-render-label index 3a0d5034b..8749c265c 100644 --- a/apparmor.d/groups/grub/grub-render-label +++ b/apparmor.d/groups/grub/grub-render-label @@ -11,7 +11,7 @@ profile grub-render-label @{exec_path} flags=(complain) { include include - @{exec_path} rm, + @{exec_path} mr, include if exists } diff --git a/apparmor.d/groups/grub/grub-script-check b/apparmor.d/groups/grub/grub-script-check index a02d27fc2..643797e1a 100644 --- a/apparmor.d/groups/grub/grub-script-check +++ b/apparmor.d/groups/grub/grub-script-check @@ -11,7 +11,7 @@ profile grub-script-check @{exec_path} flags=(complain) { include include - @{exec_path} rm, + @{exec_path} mr, /boot/grub/grub.cfg{.new,} rw, diff --git a/apparmor.d/groups/grub/grub-set-default b/apparmor.d/groups/grub/grub-set-default index 531beda94..fe8201d6c 100644 --- a/apparmor.d/groups/grub/grub-set-default +++ b/apparmor.d/groups/grub/grub-set-default @@ -11,7 +11,7 @@ profile grub-set-default @{exec_path} flags=(complain) { include include - @{exec_path} rm, + @{exec_path} mr, include if exists } diff --git a/apparmor.d/groups/grub/grub-syslinux2cfg b/apparmor.d/groups/grub/grub-syslinux2cfg index bbbc94a7e..487e61680 100644 --- a/apparmor.d/groups/grub/grub-syslinux2cfg +++ b/apparmor.d/groups/grub/grub-syslinux2cfg @@ -11,7 +11,7 @@ profile grub-syslinux2cfg @{exec_path} flags=(complain) { include include - @{exec_path} rm, + @{exec_path} mr, include if exists } diff --git a/apparmor.d/groups/network/mullvad-gui b/apparmor.d/groups/network/mullvad-gui index a92254959..fb6d2b895 100644 --- a/apparmor.d/groups/network/mullvad-gui +++ b/apparmor.d/groups/network/mullvad-gui @@ -33,7 +33,7 @@ profile mullvad-gui @{exec_path} { @{exec_path} mrix, - "/opt/Mullvad VPN/*.so*" rm, + "/opt/Mullvad VPN/*.so*" mr, /{usr/,}bin/{,ba,da}sh rix, /{usr/,}bin/gsettings rix, diff --git a/apparmor.d/groups/pacman/mkinitcpio b/apparmor.d/groups/pacman/mkinitcpio index 45758f40c..acb81dbc0 100644 --- a/apparmor.d/groups/pacman/mkinitcpio +++ b/apparmor.d/groups/pacman/mkinitcpio @@ -77,10 +77,10 @@ profile mkinitcpio @{exec_path} flags=(attach_disconnected) { # Can copy any program to the initframs /{usr/,}bin/ r, - /{usr/,}bin/[a-z0-9]* rm, - /{usr/,}lib/plymouth/plymouthd-* rm, - /{usr/,}lib/systemd/systemd-* rm, - /{usr/,}lib/udev/[a-z0-9]* rm, + /{usr/,}bin/[a-z0-9]* mr, + /{usr/,}lib/plymouth/plymouthd-* mr, + /{usr/,}lib/systemd/systemd-* mr, + /{usr/,}lib/udev/[a-z0-9]* mr, # Manage /boot / r, diff --git a/apparmor.d/groups/ubuntu/update-grub b/apparmor.d/groups/ubuntu/update-grub index e9d5d335c..a59d80b9c 100644 --- a/apparmor.d/groups/ubuntu/update-grub +++ b/apparmor.d/groups/ubuntu/update-grub @@ -11,7 +11,7 @@ profile update-grub @{exec_path} flags=(complain) { include include - @{exec_path} rm, + @{exec_path} mr, /{usr/,}bin/{,ba,da}sh rix, /{usr/,}{s,}bin/grub-mkconfig rPx, diff --git a/apparmor.d/profiles-a-f/anyremote b/apparmor.d/profiles-a-f/anyremote index 27e1945a7..76f648ede 100644 --- a/apparmor.d/profiles-a-f/anyremote +++ b/apparmor.d/profiles-a-f/anyremote @@ -18,7 +18,7 @@ profile anyremote @{exec_path} { network inet stream, network inet6 stream, - @{exec_path} rm, + @{exec_path} mr, /{usr/,}bin/{,ba,da}sh rix, /{usr/,}bin/cat rix, diff --git a/apparmor.d/profiles-m-r/man b/apparmor.d/profiles-m-r/man index e32ab8c76..392735390 100644 --- a/apparmor.d/profiles-m-r/man +++ b/apparmor.d/profiles-m-r/man @@ -58,14 +58,14 @@ profile man_groff { signal peer=man, - /{usr/,}bin/eqn rm, - /{usr/,}bin/grap rm, - /{usr/,}bin/pic rm, - /{usr/,}bin/preconv rm, - /{usr/,}bin/refer rm, - /{usr/,}bin/tbl rm, - /{usr/,}bin/troff rm, - /{usr/,}bin/vgrind rm, + /{usr/,}bin/eqn mr, + /{usr/,}bin/grap mr, + /{usr/,}bin/pic mr, + /{usr/,}bin/preconv mr, + /{usr/,}bin/refer mr, + /{usr/,}bin/tbl mr, + /{usr/,}bin/troff mr, + /{usr/,}bin/vgrind mr, /{usr/,}lib/groff/site-tmac/** r, /usr/share/groff/** r, @@ -83,14 +83,14 @@ profile man_filter { signal peer=man, - /{usr/,}bin/bzip2 rm, - /{usr/,}bin/gzip rm, - /{usr/,}bin/col rm, - /{usr/,}bin/compress rm, - /{usr/,}bin/iconv rm, - /{usr/,}bin/lzip.lzip rm, - /{usr/,}bin/tr rm, - /{usr/,}bin/xz rm, + /{usr/,}bin/bzip2 mr, + /{usr/,}bin/gzip mr, + /{usr/,}bin/col mr, + /{usr/,}bin/compress mr, + /{usr/,}bin/iconv mr, + /{usr/,}bin/lzip.lzip mr, + /{usr/,}bin/tr mr, + /{usr/,}bin/xz mr, # Manual pages can be more or less anywhere, especially with "man -l", and # there's no harm in allowing wide read access here since the worst it can diff --git a/apparmor.d/profiles-s-z/sanoid b/apparmor.d/profiles-s-z/sanoid index 8f4e7bbcf..8e5f2167f 100644 --- a/apparmor.d/profiles-s-z/sanoid +++ b/apparmor.d/profiles-s-z/sanoid @@ -11,7 +11,7 @@ profile sanoid @{exec_path} flags=(complain) { include include - @{exec_path} rm, + @{exec_path} mr, /{usr/,}bin/{,ba,da}sh rix, /{usr/,}bin/perl rix, /{usr/,}bin/ps rPx, diff --git a/apparmor.d/profiles-s-z/syncoid b/apparmor.d/profiles-s-z/syncoid index 0ca3f8446..4cc4f0d97 100644 --- a/apparmor.d/profiles-s-z/syncoid +++ b/apparmor.d/profiles-s-z/syncoid @@ -12,7 +12,7 @@ profile syncoid @{exec_path} flags=(complain) { include include - @{exec_path} rm, + @{exec_path} mr, /{usr/,}bin/grep rix, /{usr/,}bin/mbuffer rix, /{usr/,}bin/perl rix, diff --git a/apparmor.d/profiles-s-z/zpool b/apparmor.d/profiles-s-z/zpool index 6d9c960b8..845d4c1f6 100644 --- a/apparmor.d/profiles-s-z/zpool +++ b/apparmor.d/profiles-s-z/zpool @@ -14,7 +14,7 @@ profile zpool @{exec_path} { capability sys_admin, - @{exec_path} rm, + @{exec_path} mr, /{usr/,}bin/{,ba,da}sh rix, /{usr/,}{local/,}lib/zfs-linux/zpool.d/* rix, diff --git a/apparmor.d/profiles-s-z/zsys-system-autosnapshot b/apparmor.d/profiles-s-z/zsys-system-autosnapshot index 428777fb7..d4d227408 100644 --- a/apparmor.d/profiles-s-z/zsys-system-autosnapshot +++ b/apparmor.d/profiles-s-z/zsys-system-autosnapshot @@ -11,7 +11,7 @@ profile zsys-system-autosnapshot @{exec_path} flags=(complain) { include include - @{exec_path} rm, + @{exec_path} mr, /{usr/,}bin/{,ba,da}sh rix, /{usr/,}bin/cat rix, /{usr/,}bin/cp rix,