diff --git a/apparmor.d/groups/apt/apt-listchanges b/apparmor.d/groups/apt/apt-listchanges index 89cf63067..dbbba9d4d 100644 --- a/apparmor.d/groups/apt/apt-listchanges +++ b/apparmor.d/groups/apt/apt-listchanges @@ -17,7 +17,7 @@ profile apt-listchanges @{exec_path} { #capability sys_tty_config, @{exec_path} r, - @{bin}/python3.@{int} r, + @{python_path} r, @{bin}/ r, @{sh_path} rix, diff --git a/apparmor.d/groups/apt/command-not-found b/apparmor.d/groups/apt/command-not-found index e6c0fdee6..1ba7b5cb3 100644 --- a/apparmor.d/groups/apt/command-not-found +++ b/apparmor.d/groups/apt/command-not-found @@ -18,12 +18,12 @@ profile command-not-found @{exec_path} { include @{exec_path} r, - @{bin}/python3.@{int} r, + @{python_path} r, @{bin}/lsb_release rPx -> lsb_release, @{bin}/snap rPUx, - @{lib}/python3/dist-packages/CommandNotFound/**/__pycache__/*.cpython-@{int}.pyc.@{int} w, + @{lib}/@{python_name}/dist-packages/CommandNotFound/**/__pycache__/*.cpython-@{int}.pyc.@{int} w, @{lib}/ r, diff --git a/apparmor.d/groups/apt/debsecan b/apparmor.d/groups/apt/debsecan index ee29b4923..c9448c7fb 100644 --- a/apparmor.d/groups/apt/debsecan +++ b/apparmor.d/groups/apt/debsecan @@ -21,7 +21,7 @@ profile debsecan @{exec_path} { network inet6 stream, @{exec_path} r, - @{bin}/python3.@{int} r, + @{python_path} r, @{bin}/ r, @{sh_path} rix, diff --git a/apparmor.d/groups/apt/debtags b/apparmor.d/groups/apt/debtags index 8bda4efff..3e3fd2ab9 100644 --- a/apparmor.d/groups/apt/debtags +++ b/apparmor.d/groups/apt/debtags @@ -17,7 +17,7 @@ profile debtags @{exec_path} { #capability sys_tty_config, @{exec_path} r, - @{bin}/python3.@{int} r, + @{python_path} r, @{bin}/ r, @{bin}/dpkg rPx -> child-dpkg, diff --git a/apparmor.d/groups/apt/querybts b/apparmor.d/groups/apt/querybts index 5c46246a2..85bd2e6c3 100644 --- a/apparmor.d/groups/apt/querybts +++ b/apparmor.d/groups/apt/querybts @@ -26,7 +26,7 @@ profile querybts @{exec_path} { network netlink raw, @{exec_path} r, - @{bin}/python3.@{int} r, + @{python_path} r, @{bin}/ r, @{sh_path} rix, diff --git a/apparmor.d/groups/apt/reportbug b/apparmor.d/groups/apt/reportbug index 8681e46d8..ae2e64e5d 100644 --- a/apparmor.d/groups/apt/reportbug +++ b/apparmor.d/groups/apt/reportbug @@ -28,7 +28,7 @@ profile reportbug @{exec_path} { @{exec_path} r, @{bin}/ r, - @{bin}/python3.@{int} r, + @{python_path} r, @{bin}/ldconfig rix, @{bin}/selinuxenabled rix, @@ -57,7 +57,7 @@ profile reportbug @{exec_path} { @{bin}/run-parts rCx -> run-parts, @{open_path} rPx -> child-open, - @{lib}/python3/dist-packages/pylocales/locales.db rk, + @{lib}/@{python_name}/dist-packages/pylocales/locales.db rk, /usr/share/bug/*/{control,presubj} r, diff --git a/apparmor.d/groups/apt/unattended-upgrade b/apparmor.d/groups/apt/unattended-upgrade index ead68957a..dbbfb413e 100644 --- a/apparmor.d/groups/apt/unattended-upgrade +++ b/apparmor.d/groups/apt/unattended-upgrade @@ -43,7 +43,7 @@ profile unattended-upgrade @{exec_path} flags=(attach_disconnected) { @{bin}/echo rix, @{bin}/gdbus rix, @{bin}/ischroot rix, - @{bin}/python3.@{int} rix, + @{python_path} rix, @{bin}/test rix, @{bin}/touch rix, @{bin}/uname rix, diff --git a/apparmor.d/groups/apt/update-apt-xapian-index b/apparmor.d/groups/apt/update-apt-xapian-index index 15af33d88..5da82090f 100644 --- a/apparmor.d/groups/apt/update-apt-xapian-index +++ b/apparmor.d/groups/apt/update-apt-xapian-index @@ -14,7 +14,7 @@ profile update-apt-xapian-index @{exec_path} { include @{exec_path} r, - @{bin}/python3.@{int} r, + @{python_path} r, @{bin}/ r, @{bin}/dpkg rPx -> child-dpkg, diff --git a/apparmor.d/groups/bus/ibus-engine-table b/apparmor.d/groups/bus/ibus-engine-table index 5182b0dca..abe0d22c0 100644 --- a/apparmor.d/groups/bus/ibus-engine-table +++ b/apparmor.d/groups/bus/ibus-engine-table @@ -14,7 +14,7 @@ profile ibus-engine-table @{exec_path} { @{exec_path} mr, @{sh_path} rix, - @{bin}/python3.@{int} rix, + @{python_path} rix, /usr/share/ibus-table/engine/{,**} r, /usr/share/ibus-table/tables/ r, diff --git a/apparmor.d/groups/cups/cupsd b/apparmor.d/groups/cups/cupsd index f65fc8349..697a307f9 100644 --- a/apparmor.d/groups/cups/cupsd +++ b/apparmor.d/groups/cups/cupsd @@ -57,7 +57,7 @@ profile cupsd @{exec_path} flags=(attach_disconnected) { @{bin}/ippfind rix, @{bin}/mktemp rix, @{bin}/printenv rix, - @{bin}/python3.@{int} rix, + @{python_path} rix, @{bin}/rm rix, @{bin}/sed rix, @{bin}/smbspool rPx, diff --git a/apparmor.d/groups/filesystem/udiskie b/apparmor.d/groups/filesystem/udiskie index 014955032..a6a2e2ad3 100644 --- a/apparmor.d/groups/filesystem/udiskie +++ b/apparmor.d/groups/filesystem/udiskie @@ -23,7 +23,7 @@ profile udiskie @{exec_path} { include @{exec_path} r, - @{bin}/python3.@{int} r, + @{python_path} r, @{bin}/ r, @{open_path} rPx -> child-open, diff --git a/apparmor.d/groups/filesystem/udiskie-info b/apparmor.d/groups/filesystem/udiskie-info index 855c5b54c..0b39fd3dc 100644 --- a/apparmor.d/groups/filesystem/udiskie-info +++ b/apparmor.d/groups/filesystem/udiskie-info @@ -13,7 +13,7 @@ profile udiskie-info @{exec_path} { include @{exec_path} r, - @{bin}/python3.@{int} r, + @{python_path} r, /usr/bin/ r, diff --git a/apparmor.d/groups/filesystem/udiskie-mount b/apparmor.d/groups/filesystem/udiskie-mount index a57a6091f..0513a8c35 100644 --- a/apparmor.d/groups/filesystem/udiskie-mount +++ b/apparmor.d/groups/filesystem/udiskie-mount @@ -13,7 +13,7 @@ profile udiskie-mount @{exec_path} { include @{exec_path} r, - @{bin}/python3.@{int} r, + @{python_path} r, /usr/bin/ r, diff --git a/apparmor.d/groups/filesystem/udiskie-umount b/apparmor.d/groups/filesystem/udiskie-umount index 8fe075f94..cf147b875 100644 --- a/apparmor.d/groups/filesystem/udiskie-umount +++ b/apparmor.d/groups/filesystem/udiskie-umount @@ -13,7 +13,7 @@ profile udiskie-umount @{exec_path} { include @{exec_path} r, - @{bin}/python3.@{int} r, + @{python_path} r, /usr/bin/ r, diff --git a/apparmor.d/groups/firewall/firewall-applet b/apparmor.d/groups/firewall/firewall-applet index 17fca1462..280bd9d04 100644 --- a/apparmor.d/groups/firewall/firewall-applet +++ b/apparmor.d/groups/firewall/firewall-applet @@ -17,7 +17,7 @@ profile firewall-applet @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, @{bin}/ r, - @{bin}/python3.@{int} r, + @{python_path} r, owner @{PROC}/@{pid}/cmdline r, owner @{PROC}/@{pid}/mounts r, diff --git a/apparmor.d/groups/firewall/firewalld b/apparmor.d/groups/firewall/firewalld index 142b25cde..123dff77f 100644 --- a/apparmor.d/groups/firewall/firewalld +++ b/apparmor.d/groups/firewall/firewalld @@ -42,7 +42,7 @@ profile firewalld @{exec_path} flags=(attach_disconnected) { @{bin}/xtables-legacy-multi rix, @{bin}/xtables-nft-multi rix, - /usr/local/lib/python3.@{int}/dist-packages/ r, + /usr/local/lib/@{python_name}/dist-packages/ r, /usr/share/iproute2/{,**} r, /usr/share/libalternatives/{,**} r, diff --git a/apparmor.d/groups/firewall/ufw b/apparmor.d/groups/firewall/ufw index b7e5f0c79..3b5a1dcc1 100644 --- a/apparmor.d/groups/firewall/ufw +++ b/apparmor.d/groups/firewall/ufw @@ -32,7 +32,7 @@ profile ufw @{exec_path} flags=(attach_disconnected) { @{bin}/ r, @{bin}/cat ix, @{bin}/env r, - @{bin}/python3.@{int} ix, + @{python_path} ix, @{bin}/sysctl ix, @{bin}/xtables-legacy-multi ix, @{bin}/xtables-nft-multi ix, diff --git a/apparmor.d/groups/gnome/gnome-browser-connector-host b/apparmor.d/groups/gnome/gnome-browser-connector-host index d31811152..95af09ed6 100644 --- a/apparmor.d/groups/gnome/gnome-browser-connector-host +++ b/apparmor.d/groups/gnome/gnome-browser-connector-host @@ -15,9 +15,9 @@ profile gnome-browser-connector-host @{exec_path} { @{exec_path} mr, @{bin}/env rix, - @{bin}/python3.@{int} rix, + @{python_path} rix, - @{lib}/python3.@{int}/site-packages/gnome_browser_connector/__pycache__/{,**} rw, + @{lib}/@{python_name}/site-packages/gnome_browser_connector/__pycache__/{,**} rw, /usr/share/glib-2.0/schemas/gschemas.compiled r, diff --git a/apparmor.d/groups/gnome/gnome-music b/apparmor.d/groups/gnome/gnome-music index 82be211fc..7874e95ff 100644 --- a/apparmor.d/groups/gnome/gnome-music +++ b/apparmor.d/groups/gnome/gnome-music @@ -33,8 +33,8 @@ profile gnome-music @{exec_path} flags=(attach_disconnected) { @{bin}/ r, @{bin}/env r, - @{bin}/python3.@{int} rix, - @{lib}/python3.@{int}/site-packages/gnomemusic/__pycache__/{,**} rw, + @{python_path} rix, + @{lib}/@{python_name}/site-packages/gnomemusic/__pycache__/{,**} rw, /usr/share/grilo-plugins/grl-lua-factory/{,*} r, /usr/share/org.gnome.Music/{,**} r, diff --git a/apparmor.d/groups/gnome/gnome-tweaks b/apparmor.d/groups/gnome/gnome-tweaks index d104e75c6..fa94d56e8 100644 --- a/apparmor.d/groups/gnome/gnome-tweaks +++ b/apparmor.d/groups/gnome/gnome-tweaks @@ -21,11 +21,11 @@ profile gnome-tweaks @{exec_path} flags=(attach_disconnected) { @{bin}/ r, @{bin}/env r, @{bin}/ps rPx, - @{bin}/python3.@{int} rix, + @{python_path} rix, @{open_path} rPx -> child-open-help, - @{lib}/python3.@{int}/site-packages/gtweak/{,*/,**/}__pycache__/*pyc* w, + @{lib}/@{python_name}/site-packages/gtweak/{,*/,**/}__pycache__/*pyc* w, /etc/xdg/autostart/{,**} r, diff --git a/apparmor.d/groups/kde/kconf_update b/apparmor.d/groups/kde/kconf_update index e152325ed..49da5e3ca 100644 --- a/apparmor.d/groups/kde/kconf_update +++ b/apparmor.d/groups/kde/kconf_update @@ -25,7 +25,7 @@ profile kconf_update @{exec_path} { @{sh_path} rix, @{bin}/{,p}grep rix, - @{bin}/python3.@{int} rix, + @{python_path} rix, @{bin}/qtpaths rix, @{bin}/sed rix, diff --git a/apparmor.d/groups/kde/kded b/apparmor.d/groups/kde/kded index 0ff08d02f..9efaec4fc 100644 --- a/apparmor.d/groups/kde/kded +++ b/apparmor.d/groups/kde/kded @@ -54,7 +54,7 @@ profile kded @{exec_path} { @{bin}/kcminit rPx, @{bin}/pgrep rCx -> pgrep, @{bin}/plasma-welcome rPUx, - @{bin}/python3.@{int} rix, + @{python_path} rix, @{bin}/setxkbmap rix, @{bin}/xmodmap rPUx, @{bin}/xrdb rPx, diff --git a/apparmor.d/groups/network/nm-dispatcher b/apparmor.d/groups/network/nm-dispatcher index ee2e5274b..e6150c509 100644 --- a/apparmor.d/groups/network/nm-dispatcher +++ b/apparmor.d/groups/network/nm-dispatcher @@ -45,7 +45,7 @@ profile nm-dispatcher @{exec_path} flags=(attach_disconnected) { @{bin}/mktemp rix, @{bin}/netconfig rPUx, @{bin}/nmcli rix, - @{bin}/python3.@{int} rix, + @{python_path} rix, @{bin}/readlink rix, @{bin}/rm rix, @{bin}/run-parts rCx -> run-parts, diff --git a/apparmor.d/groups/pacman/pacman-hook-code b/apparmor.d/groups/pacman/pacman-hook-code index 3a6bbd7fe..2496d7a9b 100644 --- a/apparmor.d/groups/pacman/pacman-hook-code +++ b/apparmor.d/groups/pacman/pacman-hook-code @@ -16,7 +16,7 @@ profile pacman-hook-code @{exec_path} { @{exec_path} mr, @{bin}/env r, - @{bin}/python3.@{int} rix, + @{python_path} rix, @{lib}/code/product.json rw, diff --git a/apparmor.d/groups/steam/steam-game-proton b/apparmor.d/groups/steam/steam-game-proton index ab82925a5..3c4695e4f 100644 --- a/apparmor.d/groups/steam/steam-game-proton +++ b/apparmor.d/groups/steam/steam-game-proton @@ -41,7 +41,7 @@ profile steam-game-proton @{exec_path} flags=(attach_disconnected,complain) { @{bin}/gzip rix, @{bin}/ldconfig rix, @{bin}/localedef rix, - @{bin}/python3.@{int} rix, + @{python_path} rix, @{bin}/readlink rix, @{bin}/steam-runtime-launcher-interface-@{int} rix, @{bin}/steam-runtime-system-info rix, diff --git a/apparmor.d/groups/ubuntu/apport-checkreports b/apparmor.d/groups/ubuntu/apport-checkreports index 6e1bb05f2..5e39988fd 100644 --- a/apparmor.d/groups/ubuntu/apport-checkreports +++ b/apparmor.d/groups/ubuntu/apport-checkreports @@ -14,7 +14,7 @@ profile apport-checkreports @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, - @{bin}/python3.@{int} r, + @{python_path} r, /usr/share/dpkg/cputable r, /usr/share/dpkg/tupletable r, diff --git a/apparmor.d/groups/ubuntu/check-new-release-gtk b/apparmor.d/groups/ubuntu/check-new-release-gtk index b2fe83f6b..1ff6df2ae 100644 --- a/apparmor.d/groups/ubuntu/check-new-release-gtk +++ b/apparmor.d/groups/ubuntu/check-new-release-gtk @@ -32,8 +32,8 @@ profile check-new-release-gtk @{exec_path} { @{bin}/ischroot rix, @{bin}/lsb_release rPx -> lsb_release, - @{lib}/python3/dist-packages/UpdateManager/**/__pycache__/*.cpython-@{int}.pyc.@{int} w, - @{lib}/python3/dist-packages/gi/**/__pycache__/*.cpython-@{int}.pyc.@{int} w, + @{lib}/@{python_name}/dist-packages/UpdateManager/**/__pycache__/*.cpython-@{int}.pyc.@{int} w, + @{lib}/@{python_name}/dist-packages/gi/**/__pycache__/*.cpython-@{int}.pyc.@{int} w, /usr/share/distro-info/{,**} r, /usr/share/ubuntu-release-upgrader/{,**} r, diff --git a/apparmor.d/groups/ubuntu/list-oem-metapackages b/apparmor.d/groups/ubuntu/list-oem-metapackages index 0023b48cb..75e4279f2 100644 --- a/apparmor.d/groups/ubuntu/list-oem-metapackages +++ b/apparmor.d/groups/ubuntu/list-oem-metapackages @@ -17,7 +17,7 @@ profile list-oem-metapackages @{exec_path} { @{bin}/dpkg rPx -> child-dpkg, @{bin}/ischroot rix, - @{lib}/python3/dist-packages/UbuntuDrivers/__pycache__/*.cpython-@{int}.pyc.@{int} rw, + @{lib}/@{python_name}/dist-packages/UbuntuDrivers/__pycache__/*.cpython-@{int}.pyc.@{int} rw, /etc/machine-id r, diff --git a/apparmor.d/groups/ubuntu/software-properties-dbus b/apparmor.d/groups/ubuntu/software-properties-dbus index 93fd9ffcc..c4c795649 100644 --- a/apparmor.d/groups/ubuntu/software-properties-dbus +++ b/apparmor.d/groups/ubuntu/software-properties-dbus @@ -27,7 +27,7 @@ profile software-properties-dbus @{exec_path} { @{exec_path} mr, - @{bin}/python3.@{int} rix, + @{python_path} rix, @{bin}/env rix, @{bin}/apt-key rPx, # Changing trusted keys @{bin}/lsb_release rPx -> lsb_release, diff --git a/apparmor.d/groups/ubuntu/software-properties-gtk b/apparmor.d/groups/ubuntu/software-properties-gtk index 4715f570c..e2bb2dc98 100644 --- a/apparmor.d/groups/ubuntu/software-properties-gtk +++ b/apparmor.d/groups/ubuntu/software-properties-gtk @@ -28,7 +28,7 @@ profile software-properties-gtk @{exec_path} { @{bin}/ r, @{sh_path} rix, - @{bin}/python3.@{int} r, + @{python_path} r, @{bin}/aplay rPx, @{bin}/apt-key rPx, @{bin}/dpkg rPx -> child-dpkg, diff --git a/apparmor.d/groups/ubuntu/update-manager b/apparmor.d/groups/ubuntu/update-manager index 119ac517c..44e0cc403 100644 --- a/apparmor.d/groups/ubuntu/update-manager +++ b/apparmor.d/groups/ubuntu/update-manager @@ -51,9 +51,9 @@ profile update-manager @{exec_path} flags=(attach_disconnected) { @{bin}/uname rix, @{lib}/apt/methods/http{,s} rPx, - @{lib}/python3/dist-packages/UpdateManager/{,**/}__pycache__/*.cpython-@{int}.pyc.@{int} rw, - @{lib}/python3/dist-packages/gi/{,**/}__pycache__/*.cpython-@{int}.pyc.@{int} rw, - @{lib}/python3/dist-packages/uaclient/{,**/}__pycache__/*.cpython-@{int}.pyc.@{int} rw, + @{lib}/@{python_name}/dist-packages/UpdateManager/{,**/}__pycache__/*.cpython-@{int}.pyc.@{int} rw, + @{lib}/@{python_name}/dist-packages/gi/{,**/}__pycache__/*.cpython-@{int}.pyc.@{int} rw, + @{lib}/@{python_name}/dist-packages/uaclient/{,**/}__pycache__/*.cpython-@{int}.pyc.@{int} rw, /usr/share/distro-info/{,**} r, /usr/share/ubuntu-release-upgrader/{,**} r, diff --git a/apparmor.d/groups/ubuntu/update-motd-updates-available b/apparmor.d/groups/ubuntu/update-motd-updates-available index b0101504c..776cc9bf8 100644 --- a/apparmor.d/groups/ubuntu/update-motd-updates-available +++ b/apparmor.d/groups/ubuntu/update-motd-updates-available @@ -18,7 +18,7 @@ profile update-motd-updates-available @{exec_path} { @{exec_path} mr, - @{bin}/python3.@{int} r, + @{python_path} r, @{sh_path} rix, @{bin}/apt-config rPx, diff --git a/apparmor.d/groups/ubuntu/update-notifier b/apparmor.d/groups/ubuntu/update-notifier index 4ffaf60e0..d540ed0e8 100644 --- a/apparmor.d/groups/ubuntu/update-notifier +++ b/apparmor.d/groups/ubuntu/update-notifier @@ -49,7 +49,7 @@ profile update-notifier @{exec_path} { /usr/share/apport/apport-checkreports rPx, /usr/share/apport/apport-gtk rPx, - @{lib}/python3.@{int}/dist-packages/{apt,gi}/**/__pycache__/{,**} rw, + @{lib}/@{python_name}/dist-packages/{apt,gi}/**/__pycache__/{,**} rw, /usr/share/dpkg/cputable r, /usr/share/dpkg/tupletable r, diff --git a/apparmor.d/groups/virt/cockpit-bridge b/apparmor.d/groups/virt/cockpit-bridge index 6ca662859..d7b1b45e0 100644 --- a/apparmor.d/groups/virt/cockpit-bridge +++ b/apparmor.d/groups/virt/cockpit-bridge @@ -39,7 +39,7 @@ profile cockpit-bridge @{exec_path} { @{bin}/date ix, @{bin}/find ix, @{bin}/ip ix, - @{bin}/python3.@{int} ix, + @{python_path} ix, @{bin}/test ix, @{bin}/file ix, diff --git a/apparmor.d/groups/whonix/sdwdate-gui b/apparmor.d/groups/whonix/sdwdate-gui index 23c0a6df4..84a6fb379 100644 --- a/apparmor.d/groups/whonix/sdwdate-gui +++ b/apparmor.d/groups/whonix/sdwdate-gui @@ -28,7 +28,7 @@ profile sdwdate-gui @{exec_path} { @{lib}/sdwdate-gui/log-viewer rix, @{lib}/helper-scripts/* rix, - @{lib}/python3/dist-packages/sdwdate_gui/__pycache__/ rw, + @{lib}/@{python_name}/dist-packages/sdwdate_gui/__pycache__/ rw, @{lib}/sdwdate-gui/ r, diff --git a/apparmor.d/profiles-a-f/alacarte b/apparmor.d/profiles-a-f/alacarte index 7ebb3b629..eed67619d 100644 --- a/apparmor.d/profiles-a-f/alacarte +++ b/apparmor.d/profiles-a-f/alacarte @@ -14,9 +14,9 @@ profile alacarte @{exec_path} { include @{exec_path} mr, - @{bin}/python3.@{int} rix, + @{python_path} rix, - @{lib}/python3.@{int}/site-packages/Alacarte/{,**/}__pycache__/*.cpython-@{int}.*.pyc.@{int} w, + @{lib}/@{python_name}/site-packages/Alacarte/{,**/}__pycache__/*.cpython-@{int}.*.pyc.@{int} w, /usr/share/alacarte/{,**} r, /usr/share/desktop-directories/{,**} r, diff --git a/apparmor.d/profiles-a-f/arandr b/apparmor.d/profiles-a-f/arandr index e260321e6..77bf1bf96 100644 --- a/apparmor.d/profiles-a-f/arandr +++ b/apparmor.d/profiles-a-f/arandr @@ -19,7 +19,7 @@ profile arandr @{exec_path} { include @{exec_path} r, - @{bin}/python3.@{int} r, + @{python_path} r, @{bin}/ r, @{bin}/xrandr rPx, diff --git a/apparmor.d/profiles-a-f/borg b/apparmor.d/profiles-a-f/borg index dbf6c228d..a53c135ca 100644 --- a/apparmor.d/profiles-a-f/borg +++ b/apparmor.d/profiles-a-f/borg @@ -27,7 +27,7 @@ profile borg @{exec_path} { @{exec_path} r, @{bin}/ r, - @{bin}/python3.@{int} r, + @{python_path} r, @{bin}/{,@{multiarch}-}ld.bfd rix, @{bin}/cat rix, diff --git a/apparmor.d/profiles-a-f/convertall b/apparmor.d/profiles-a-f/convertall index 8c38f85a3..52e80cc54 100644 --- a/apparmor.d/profiles-a-f/convertall +++ b/apparmor.d/profiles-a-f/convertall @@ -20,7 +20,7 @@ profile convertall @{exec_path} { @{exec_path} r, @{sh_path} rix, - @{bin}/python3.@{int} rix, + @{python_path} rix, /usr/share/convertall/{,**} r, /usr/share/doc/convertall/{,*} r, diff --git a/apparmor.d/profiles-a-f/execute-dcut b/apparmor.d/profiles-a-f/execute-dcut index 41d2324f6..817ba6215 100644 --- a/apparmor.d/profiles-a-f/execute-dcut +++ b/apparmor.d/profiles-a-f/execute-dcut @@ -13,7 +13,7 @@ profile execute-dcut @{exec_path} flags=(complain) { include @{exec_path} r, - @{bin}/python3.@{int} r, + @{python_path} r, include if exists } diff --git a/apparmor.d/profiles-a-f/execute-dput b/apparmor.d/profiles-a-f/execute-dput index 0decde05c..7161c5900 100644 --- a/apparmor.d/profiles-a-f/execute-dput +++ b/apparmor.d/profiles-a-f/execute-dput @@ -15,7 +15,7 @@ profile execute-dput @{exec_path} flags=(complain) { @{exec_path} r, - @{bin}/python3.@{int} r, + @{python_path} r, @{sh_path} rix, @{bin}/dpkg rPx -> child-dpkg, diff --git a/apparmor.d/profiles-a-f/fail2ban-client b/apparmor.d/profiles-a-f/fail2ban-client index 7fae1218c..d432bee94 100644 --- a/apparmor.d/profiles-a-f/fail2ban-client +++ b/apparmor.d/profiles-a-f/fail2ban-client @@ -15,7 +15,7 @@ profile fail2ban-client @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, @{bin}/ r, - @{bin}/python3.@{int} r, + @{python_path} r, /etc/fail2ban/{,**} r, diff --git a/apparmor.d/profiles-a-f/fail2ban-server b/apparmor.d/profiles-a-f/fail2ban-server index e858c2d8e..2506b1db9 100644 --- a/apparmor.d/profiles-a-f/fail2ban-server +++ b/apparmor.d/profiles-a-f/fail2ban-server @@ -24,7 +24,7 @@ profile fail2ban-server @{exec_path} flags=(attach_disconnected) { @{bin}/iptables rix, @{bin}/ r, - @{bin}/python3.@{int} r, + @{python_path} r, /etc/fail2ban/{,**} r, diff --git a/apparmor.d/profiles-g-l/gajim b/apparmor.d/profiles-g-l/gajim index 1de493892..e06c49b9d 100644 --- a/apparmor.d/profiles-g-l/gajim +++ b/apparmor.d/profiles-g-l/gajim @@ -86,7 +86,7 @@ profile gajim @{exec_path} { # Silencer deny /usr/share/gajim/** w, - deny /usr/lib/python3/dist-packages/** w, + deny @{lib}/@{python_name}/dist-packages/** w, profile ccache { include diff --git a/apparmor.d/profiles-g-l/ganyremote b/apparmor.d/profiles-g-l/ganyremote index e9f4d4e30..79f8c2fc7 100644 --- a/apparmor.d/profiles-g-l/ganyremote +++ b/apparmor.d/profiles-g-l/ganyremote @@ -22,7 +22,7 @@ profile ganyremote @{exec_path} { network inet6 stream, @{exec_path} r, - @{bin}/python3.@{int} r, + @{python_path} r, @{bin}/ r, @{sh_path} rix, diff --git a/apparmor.d/profiles-g-l/gpo b/apparmor.d/profiles-g-l/gpo index 4088f51fb..562980d35 100644 --- a/apparmor.d/profiles-g-l/gpo +++ b/apparmor.d/profiles-g-l/gpo @@ -22,7 +22,7 @@ profile gpo @{exec_path} { network inet6 stream, @{exec_path} r, - @{bin}/python3.@{int} r, + @{python_path} r, @{bin}/ r, @{sh_path} rix, diff --git a/apparmor.d/profiles-g-l/gpodder b/apparmor.d/profiles-g-l/gpodder index ec1adabe4..7ccf428c3 100644 --- a/apparmor.d/profiles-g-l/gpodder +++ b/apparmor.d/profiles-g-l/gpodder @@ -24,7 +24,7 @@ profile gpodder @{exec_path} { network netlink raw, @{exec_path} r, - @{bin}/python3.@{int} r, + @{python_path} r, @{bin}/ r, @{sh_path} rix, diff --git a/apparmor.d/profiles-g-l/gpodder-migrate2tres b/apparmor.d/profiles-g-l/gpodder-migrate2tres index 11896a26c..55033d107 100644 --- a/apparmor.d/profiles-g-l/gpodder-migrate2tres +++ b/apparmor.d/profiles-g-l/gpodder-migrate2tres @@ -13,7 +13,7 @@ profile gpodder-migrate2tres @{exec_path} { include @{exec_path} r, - @{bin}/python3.@{int} r, + @{python_path} r, @{bin}/ r, @{sh_path} rix, diff --git a/apparmor.d/profiles-g-l/hardinfo b/apparmor.d/profiles-g-l/hardinfo index f91887297..839e0d98a 100644 --- a/apparmor.d/profiles-g-l/hardinfo +++ b/apparmor.d/profiles-g-l/hardinfo @@ -38,7 +38,7 @@ profile hardinfo @{exec_path} { @{bin}/locale rix, @{bin}/make rix, @{bin}/perl rix, - @{bin}/python3.@{int} rix, + @{python_path} rix, @{bin}/route rix, @{bin}/ruby[0-9].@{int} rix, @{bin}/strace rix, diff --git a/apparmor.d/profiles-g-l/hypnotix b/apparmor.d/profiles-g-l/hypnotix index be18726a0..cda55bc59 100644 --- a/apparmor.d/profiles-g-l/hypnotix +++ b/apparmor.d/profiles-g-l/hypnotix @@ -31,7 +31,7 @@ profile hypnotix @{exec_path} { network netlink raw, @{exec_path} rix, - @{bin}/python3.@{int} r, + @{python_path} r, @{sh_path} rix, @{bin}/ldconfig rix, diff --git a/apparmor.d/profiles-g-l/install-printerdriver b/apparmor.d/profiles-g-l/install-printerdriver index 8ea351857..facd2fa3b 100644 --- a/apparmor.d/profiles-g-l/install-printerdriver +++ b/apparmor.d/profiles-g-l/install-printerdriver @@ -16,7 +16,7 @@ profile install-printerdriver @{exec_path} flags=(complain) { @{exec_path} mrix, @{sh_path} rix, - @{bin}/python3.@{int} r, + @{python_path} r, /usr/share/system-config-printer/{,**} r, diff --git a/apparmor.d/profiles-g-l/iotop b/apparmor.d/profiles-g-l/iotop index d85b0244f..8ea787ea6 100644 --- a/apparmor.d/profiles-g-l/iotop +++ b/apparmor.d/profiles-g-l/iotop @@ -21,7 +21,7 @@ profile iotop @{exec_path} { @{bin}/ r, @{bin}/file rix, - @{bin}/python3.@{int} r, + @{python_path} r, /etc/magic r, diff --git a/apparmor.d/profiles-g-l/kconfig-hardened-check b/apparmor.d/profiles-g-l/kconfig-hardened-check index 743da77a1..264e49ebc 100644 --- a/apparmor.d/profiles-g-l/kconfig-hardened-check +++ b/apparmor.d/profiles-g-l/kconfig-hardened-check @@ -13,7 +13,7 @@ profile kconfig-hardened-check @{exec_path} { include @{exec_path} r, - @{bin}/python3.@{int} r, + @{python_path} r, @{bin}/ r, diff --git a/apparmor.d/profiles-m-r/metadata-cleaner b/apparmor.d/profiles-m-r/metadata-cleaner index 0de151536..4aa662cd0 100644 --- a/apparmor.d/profiles-m-r/metadata-cleaner +++ b/apparmor.d/profiles-m-r/metadata-cleaner @@ -18,7 +18,7 @@ profile metadata-cleaner @{exec_path} flags=(attach_disconnected) { include @{exec_path} mr, - @{bin}/python3.@{int} rix, + @{python_path} rix, @{bin}/bwrap rCx -> bwrap, @{open_path} rPx -> child-open-help, diff --git a/apparmor.d/profiles-m-r/mpsyt b/apparmor.d/profiles-m-r/mpsyt index 9a138ff50..502f941be 100644 --- a/apparmor.d/profiles-m-r/mpsyt +++ b/apparmor.d/profiles-m-r/mpsyt @@ -24,7 +24,7 @@ profile mpsyt @{exec_path} { network netlink raw, @{exec_path} r, - @{bin}/python3.@{int} r, + @{python_path} r, @{bin}/ r, @{bin}/ldconfig rix, diff --git a/apparmor.d/profiles-m-r/needrestart b/apparmor.d/profiles-m-r/needrestart index 1e5ee2f91..41d327f93 100644 --- a/apparmor.d/profiles-m-r/needrestart +++ b/apparmor.d/profiles-m-r/needrestart @@ -31,7 +31,7 @@ profile needrestart @{exec_path} flags=(attach_disconnected) { @{bin}/dpkg-query rpx, @{bin}/fail2ban-server rPx, @{bin}/locale rix, - @{bin}/python3.@{int} rix, + @{python_path} rix, @{bin}/sed rix, @{bin}/stty rix, @{bin}/systemctl rCx -> systemctl, @@ -43,7 +43,7 @@ profile needrestart @{exec_path} flags=(attach_disconnected) { @{lib}/needrestart/* rPx, /usr/share/debconf/frontend rix, - @{att}/@{lib}/python3.@{int}/** r, + @{att}/@{lib}/@{python_name}/** r, /usr/share/needrestart/{,**} r, /usr/share/unattended-upgrades/unattended-upgrade-shutdown r, diff --git a/apparmor.d/profiles-m-r/obamenu b/apparmor.d/profiles-m-r/obamenu index b0c4d88c6..9d9ed2a94 100644 --- a/apparmor.d/profiles-m-r/obamenu +++ b/apparmor.d/profiles-m-r/obamenu @@ -13,7 +13,7 @@ profile obamenu @{exec_path} { include @{exec_path} r, - @{bin}/python3.@{int} rix, + @{python_path} rix, @{bin}/ r, diff --git a/apparmor.d/profiles-m-r/openbox b/apparmor.d/profiles-m-r/openbox index d136ee08f..15957b348 100644 --- a/apparmor.d/profiles-m-r/openbox +++ b/apparmor.d/profiles-m-r/openbox @@ -75,7 +75,7 @@ profile openbox @{exec_path} { /etc/xdg/autostart/{,*} r, # Silencer - deny @{lib}/python3/** w, + deny @{lib}/@{python_name}/** w, deny owner @{user_lib_dirs}/python*/site-packages/ r, # file_inherit diff --git a/apparmor.d/profiles-m-r/pass b/apparmor.d/profiles-m-r/pass index fe06a346d..5ae5df7e6 100644 --- a/apparmor.d/profiles-m-r/pass +++ b/apparmor.d/profiles-m-r/pass @@ -53,7 +53,7 @@ profile pass @{exec_path} { # Pass extensions @{bin}/oathtool ix, # pass-otp - @{bin}/python3.@{int} Px -> pass-import, # pass-import, pass-audit + @{python_path} Px -> pass-import, # pass-import, pass-audit @{bin}/qrencode PUx, # pass-otp @{bin}/tomb PUx, # pass-tomb diff --git a/apparmor.d/profiles-m-r/pass-import b/apparmor.d/profiles-m-r/pass-import index 4977bb51a..c8fb38e44 100644 --- a/apparmor.d/profiles-m-r/pass-import +++ b/apparmor.d/profiles-m-r/pass-import @@ -26,7 +26,7 @@ profile pass-import @{exec_path} { @{bin}/ld rix, @{bin}/ldconfig rix, @{bin}/pass rPx, - @{bin}/python3.@{int} rix, + @{python_path} rix, @{lib}/gcc/**/collect2 rix, @{lib}/python{2.[4-7],3,3.@{int}}/** w, # TODO: Test deny diff --git a/apparmor.d/profiles-m-r/ps-mem b/apparmor.d/profiles-m-r/ps-mem index da5753161..08b286b5a 100644 --- a/apparmor.d/profiles-m-r/ps-mem +++ b/apparmor.d/profiles-m-r/ps-mem @@ -17,7 +17,7 @@ profile ps-mem @{exec_path} { ptrace (read), @{exec_path} r, - @{bin}/python3.@{int} r, + @{python_path} r, @{bin}/ r, diff --git a/apparmor.d/profiles-m-r/qbittorrent b/apparmor.d/profiles-m-r/qbittorrent index a5fcbb91e..8c6608e01 100644 --- a/apparmor.d/profiles-m-r/qbittorrent +++ b/apparmor.d/profiles-m-r/qbittorrent @@ -29,7 +29,7 @@ profile qbittorrent @{exec_path} { include include - signal send set=(term, kill) peer=qbittorrent//python3, + signal send set=(term, kill) peer=qbittorrent//python, network inet dgram, network inet6 dgram, @@ -68,7 +68,7 @@ profile qbittorrent @{exec_path} { @{exec_path} mr, @{open_path} rPx -> child-open, - @{bin}/python3.@{int} rCx -> python, # For "search engine" + @{python_path} rCx -> python, # For "search engine" # Allowed apps to open @{bin}/ebook-viewer rPx, @@ -129,7 +129,7 @@ profile qbittorrent @{exec_path} { network inet6 stream, network netlink raw, - @{bin}/python3.@{int} r, + @{python_path} r, owner @{user_share_dirs}/{,data/}qBittorrent/nova[0-9]/{,**} rw, diff --git a/apparmor.d/profiles-m-r/repo b/apparmor.d/profiles-m-r/repo index a1fd7b3b3..5ad84fb15 100644 --- a/apparmor.d/profiles-m-r/repo +++ b/apparmor.d/profiles-m-r/repo @@ -27,7 +27,7 @@ profile repo @{exec_path} { @{bin}/curl rix, @{bin}/env rix, @{bin}/git rix, - @{bin}/python3.@{int} rix, + @{python_path} rix, @{bin}/uname rix, @{lib}/git{,-core}/git* rix, diff --git a/apparmor.d/profiles-m-r/rustdesk b/apparmor.d/profiles-m-r/rustdesk index 2a0f9b391..acdad5640 100644 --- a/apparmor.d/profiles-m-r/rustdesk +++ b/apparmor.d/profiles-m-r/rustdesk @@ -36,7 +36,7 @@ profile rustdesk @{exec_path} { @{bin}/ls rix, @{bin}/sudo rCx -> sudo, - @{bin}/python3.@{int} rCx -> python, + @{python_path} rCx -> python, @{sh_path} rCx -> shell, /etc/gdm{,3}/custom.conf r, @@ -64,7 +64,7 @@ profile rustdesk @{exec_path} { include @{bin}/rustdesk rPx, - @{bin}/python3.@{int} rPx -> rustdesk//python, + @{python_path} rPx -> rustdesk//python, include if exists } @@ -76,7 +76,7 @@ profile rustdesk @{exec_path} { capability dac_read_search, capability dac_override, - @{bin}/python3.@{int} r, + @{python_path} r, @{sh_path} rix, @{bin}/chmod rix, diff --git a/apparmor.d/profiles-s-z/speedtest b/apparmor.d/profiles-s-z/speedtest index f31818354..7e9728fc9 100644 --- a/apparmor.d/profiles-s-z/speedtest +++ b/apparmor.d/profiles-s-z/speedtest @@ -21,7 +21,7 @@ profile speedtest @{exec_path} { network netlink raw, @{exec_path} r, - @{bin}/python3.@{int} r, + @{python_path} r, @{bin}/ r, @{bin}/file rix, diff --git a/apparmor.d/profiles-s-z/system-config-printer b/apparmor.d/profiles-s-z/system-config-printer index 4db5c6f92..84f6d52d3 100644 --- a/apparmor.d/profiles-s-z/system-config-printer +++ b/apparmor.d/profiles-s-z/system-config-printer @@ -28,7 +28,7 @@ profile system-config-printer @{exec_path} flags=(complain) { @{exec_path} mrix, @{sh_path} rix, - @{bin}/python3.@{int} r, + @{python_path} r, @{lib}/cups/*/* rPUx, /usr/share/hplip/query.py rPUx, diff --git a/apparmor.d/profiles-s-z/system-config-printer-applet b/apparmor.d/profiles-s-z/system-config-printer-applet index 0197e3c3b..de34ea608 100644 --- a/apparmor.d/profiles-s-z/system-config-printer-applet +++ b/apparmor.d/profiles-s-z/system-config-printer-applet @@ -19,7 +19,7 @@ profile system-config-printer-applet @{exec_path} { @{exec_path} mrix, @{sh_path} rix, - @{bin}/python3.@{int} r, + @{python_path} r, /usr/share/system-config-printer/{,**} r, diff --git a/apparmor.d/profiles-s-z/terminator b/apparmor.d/profiles-s-z/terminator index e5a8f80d9..679a0fd32 100644 --- a/apparmor.d/profiles-s-z/terminator +++ b/apparmor.d/profiles-s-z/terminator @@ -30,7 +30,7 @@ profile terminator @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, @{bin}/ r, - @{bin}/python3.@{int} rix, + @{python_path} rix, # The shell is not confined on purpose. @{bin}/@{shells} rUx, diff --git a/apparmor.d/profiles-s-z/update-command-not-found b/apparmor.d/profiles-s-z/update-command-not-found index f1bf99bf8..9801f8737 100644 --- a/apparmor.d/profiles-s-z/update-command-not-found +++ b/apparmor.d/profiles-s-z/update-command-not-found @@ -20,7 +20,7 @@ profile update-command-not-found @{exec_path} { @{exec_path} r, - @{bin}/python3.@{int} r, + @{python_path} r, @{lib}/ r, @{bin}/dpkg rPx -> child-dpkg, diff --git a/apparmor.d/profiles-s-z/vcsi b/apparmor.d/profiles-s-z/vcsi index 25f4a979f..eaf6ca24b 100644 --- a/apparmor.d/profiles-s-z/vcsi +++ b/apparmor.d/profiles-s-z/vcsi @@ -16,7 +16,7 @@ profile vcsi @{exec_path} { include @{exec_path} r, - @{bin}/python3.@{int} r, + @{python_path} r, @{bin}/ r, @{bin}/ffmpeg rPx, diff --git a/apparmor.d/profiles-s-z/vidcutter b/apparmor.d/profiles-s-z/vidcutter index 283eab051..1460fb1a7 100644 --- a/apparmor.d/profiles-s-z/vidcutter +++ b/apparmor.d/profiles-s-z/vidcutter @@ -25,7 +25,7 @@ profile vidcutter @{exec_path} { include @{exec_path} r, - @{bin}/python3.@{int} r, + @{python_path} r, @{bin}/ r, @{bin}/ldconfig rix, diff --git a/apparmor.d/profiles-s-z/virt-manager b/apparmor.d/profiles-s-z/virt-manager index af472b4d5..614084c71 100644 --- a/apparmor.d/profiles-s-z/virt-manager +++ b/apparmor.d/profiles-s-z/virt-manager @@ -31,8 +31,8 @@ profile virt-manager @{exec_path} flags=(attach_disconnected) { @{exec_path} rix, @{sh_path} rix, - @{bin}/python3.@{int} rix, - @{lib}/python3.@{int}/site-packages/__pycache__/guestfs.cpython-@{int}.pyc.@{int} w, + @{python_path} rix, + @{lib}/@{python_name}/site-packages/__pycache__/guestfs.cpython-@{int}.pyc.@{int} w, @{bin}/ r, @{bin}/env rix, diff --git a/apparmor.d/profiles-s-z/wsdd b/apparmor.d/profiles-s-z/wsdd index 22713e3bf..20575b2a8 100644 --- a/apparmor.d/profiles-s-z/wsdd +++ b/apparmor.d/profiles-s-z/wsdd @@ -21,7 +21,7 @@ profile wsdd @{exec_path} { @{exec_path} mr, @{bin}/env r, - @{bin}/python3.@{int} rix, + @{python_path} rix, /etc/machine-id r, diff --git a/apparmor.d/profiles-s-z/youtube-dl b/apparmor.d/profiles-s-z/youtube-dl index 781e24768..d618a0db1 100644 --- a/apparmor.d/profiles-s-z/youtube-dl +++ b/apparmor.d/profiles-s-z/youtube-dl @@ -30,7 +30,7 @@ profile youtube-dl @{exec_path} { signal (receive) set=(term, kill), @{exec_path} r, - @{bin}/python3.@{int} r, + @{python_path} r, @{bin}/ffmpeg rPx, @{bin}/ffprobe rPx, diff --git a/apparmor.d/profiles-s-z/yt-dlp b/apparmor.d/profiles-s-z/yt-dlp index 551a8edf4..ffa78eda3 100644 --- a/apparmor.d/profiles-s-z/yt-dlp +++ b/apparmor.d/profiles-s-z/yt-dlp @@ -24,7 +24,7 @@ profile yt-dlp @{exec_path} { network netlink raw, @{exec_path} r, - @{bin}/python3.@{int} r, + @{python_path} r, @{bin}/ r, @{bin}/file rix, diff --git a/apparmor.d/profiles-s-z/ytdl b/apparmor.d/profiles-s-z/ytdl index 81ccfc284..12fd657c3 100644 --- a/apparmor.d/profiles-s-z/ytdl +++ b/apparmor.d/profiles-s-z/ytdl @@ -24,7 +24,7 @@ profile ytdl @{exec_path} { signal (receive) set=(term, kill), @{exec_path} r, - @{bin}/python3.@{int} r, + @{python_path} r, @{bin}/ r, @{bin}/ldconfig rix, diff --git a/apparmor.d/profiles-s-z/zenmap b/apparmor.d/profiles-s-z/zenmap index 59a8d772e..f4dc9fc77 100644 --- a/apparmor.d/profiles-s-z/zenmap +++ b/apparmor.d/profiles-s-z/zenmap @@ -20,7 +20,7 @@ profile zenmap @{exec_path} { signal (send) set=(term, kill) peer=nmap, @{exec_path} r, - @{bin}/python3.@{int} r, + @{python_path} r, @{bin}/nmap rPx,