refractor: use @{python_path} in all profiles.

2025-02-17 21:28:40 +01:00 · 2025-02-17 21:28:40 +01:00 · af85db9148
commit af85db9148
parent 5870e1ee40
77 changed files with 92 additions and 92 deletions
--- a/apparmor.d/profiles-m-r/metadata-cleaner
+++ b/apparmor.d/profiles-m-r/metadata-cleaner
@ -18,7 +18,7 @@ profile metadata-cleaner @{exec_path} flags=(attach_disconnected) {
  include <abstractions/user-write-strict>

  @{exec_path} mr,
-  @{bin}/python3.@{int} rix,
+  @{python_path} rix,

  @{bin}/bwrap rCx -> bwrap,
  @{open_path} rPx -> child-open-help,
--- a/apparmor.d/profiles-m-r/mpsyt
+++ b/apparmor.d/profiles-m-r/mpsyt
@ -24,7 +24,7 @@ profile mpsyt @{exec_path} {
  network netlink raw,

  @{exec_path} r,
-  @{bin}/python3.@{int} r,
+  @{python_path} r,

  @{bin}/ r,
  @{bin}/ldconfig  rix,
--- a/apparmor.d/profiles-m-r/needrestart
+++ b/apparmor.d/profiles-m-r/needrestart
@ -31,7 +31,7 @@ profile needrestart @{exec_path} flags=(attach_disconnected) {
  @{bin}/dpkg-query                        rpx,
  @{bin}/fail2ban-server                   rPx,
  @{bin}/locale                            rix,
-  @{bin}/python3.@{int}                    rix,
+  @{python_path}                           rix,
  @{bin}/sed                               rix,
  @{bin}/stty                              rix,
  @{bin}/systemctl                         rCx -> systemctl,
@ -43,7 +43,7 @@ profile needrestart @{exec_path} flags=(attach_disconnected) {
  @{lib}/needrestart/*                     rPx,
  /usr/share/debconf/frontend              rix,

-  @{att}/@{lib}/python3.@{int}/**          r,
+  @{att}/@{lib}/@{python_name}/**          r,

  /usr/share/needrestart/{,**} r,
  /usr/share/unattended-upgrades/unattended-upgrade-shutdown r,
--- a/apparmor.d/profiles-m-r/obamenu
+++ b/apparmor.d/profiles-m-r/obamenu
@ -13,7 +13,7 @@ profile obamenu @{exec_path} {
  include <abstractions/python>

  @{exec_path} r,
-  @{bin}/python3.@{int} rix,
+  @{python_path} rix,

  @{bin}/ r,

--- a/apparmor.d/profiles-m-r/openbox
+++ b/apparmor.d/profiles-m-r/openbox
@ -75,7 +75,7 @@ profile openbox @{exec_path} {
    /etc/xdg/autostart/{,*} r,

    # Silencer
-    deny @{lib}/python3/** w,
+    deny @{lib}/@{python_name}/** w,
    deny owner @{user_lib_dirs}/python*/site-packages/ r,

    # file_inherit
--- a/apparmor.d/profiles-m-r/pass
+++ b/apparmor.d/profiles-m-r/pass
@ -53,7 +53,7 @@ profile pass @{exec_path} {

  # Pass extensions
  @{bin}/oathtool        ix,   # pass-otp
-  @{bin}/python3.@{int}  Px -> pass-import,  # pass-import, pass-audit
+  @{python_path}         Px -> pass-import,  # pass-import, pass-audit
  @{bin}/qrencode        PUx,  # pass-otp
  @{bin}/tomb            PUx,  # pass-tomb

--- a/apparmor.d/profiles-m-r/pass-import
+++ b/apparmor.d/profiles-m-r/pass-import
@ -26,7 +26,7 @@ profile pass-import @{exec_path} {
  @{bin}/ld               rix,
  @{bin}/ldconfig         rix,
  @{bin}/pass             rPx,
-  @{bin}/python3.@{int}   rix,
+  @{python_path}          rix,
  @{lib}/gcc/**/collect2  rix,

  @{lib}/python{2.[4-7],3,3.@{int}}/** w, # TODO: Test deny
--- a/apparmor.d/profiles-m-r/ps-mem
+++ b/apparmor.d/profiles-m-r/ps-mem
@ -17,7 +17,7 @@ profile ps-mem @{exec_path} {
  ptrace (read),

  @{exec_path} r,
-  @{bin}/python3.@{int} r,
+  @{python_path} r,

  @{bin}/ r,

--- a/apparmor.d/profiles-m-r/qbittorrent
+++ b/apparmor.d/profiles-m-r/qbittorrent
@ -29,7 +29,7 @@ profile qbittorrent @{exec_path} {
  include <abstractions/ssl_certs>
  include <abstractions/user-download-strict>

-  signal send set=(term, kill) peer=qbittorrent//python3,
+  signal send set=(term, kill) peer=qbittorrent//python,

  network inet dgram,
  network inet6 dgram,
@ -68,7 +68,7 @@ profile qbittorrent @{exec_path} {
  @{exec_path} mr,

  @{open_path}           rPx -> child-open,
-  @{bin}/python3.@{int}  rCx -> python, # For "search engine"
+  @{python_path}         rCx -> python, # For "search engine"

  # Allowed apps to open
  @{bin}/ebook-viewer    rPx,
@ -129,7 +129,7 @@ profile qbittorrent @{exec_path} {
    network inet6 stream,
    network netlink raw,

-    @{bin}/python3.@{int} r,
+    @{python_path} r,

    owner @{user_share_dirs}/{,data/}qBittorrent/nova[0-9]/{,**} rw,

--- a/apparmor.d/profiles-m-r/repo
+++ b/apparmor.d/profiles-m-r/repo
@ -27,7 +27,7 @@ profile repo @{exec_path} {
  @{bin}/curl              rix,
  @{bin}/env               rix,
  @{bin}/git               rix,
-  @{bin}/python3.@{int}    rix,
+  @{python_path}           rix,
  @{bin}/uname             rix,
  @{lib}/git{,-core}/git*  rix,

--- a/apparmor.d/profiles-m-r/rustdesk
+++ b/apparmor.d/profiles-m-r/rustdesk
@ -36,7 +36,7 @@ profile rustdesk @{exec_path} {
  @{bin}/ls       rix,

  @{bin}/sudo           rCx -> sudo,
-  @{bin}/python3.@{int} rCx -> python,
+  @{python_path}        rCx -> python,
  @{sh_path}            rCx -> shell,

  /etc/gdm{,3}/custom.conf r,
@ -64,7 +64,7 @@ profile rustdesk @{exec_path} {
    include <abstractions/python>

    @{bin}/rustdesk rPx,
-    @{bin}/python3.@{int}    rPx -> rustdesk//python,
+    @{python_path}  rPx -> rustdesk//python,

    include if exists <local/rustdesk_sudo>
  }
@ -76,7 +76,7 @@ profile rustdesk @{exec_path} {
    capability dac_read_search,
    capability dac_override,

-    @{bin}/python3.@{int} r,
+    @{python_path} r,

    @{sh_path}   rix,
    @{bin}/chmod rix,