refractor(abs): move common and app abstraction to their own abstractions subfolder.

As the number of abstraction is increasing, it is valuable to separate "base" abstractions to programs specific ones.
2024-03-27 15:11:21 +00:00 · 2024-03-27 15:11:21 +00:00 · b88b8b8c26
commit b88b8b8c26
parent 92f83d9e8d
158 changed files with 226 additions and 198 deletions
--- a/apparmor.d/groups/systemd/bootctl
+++ b/apparmor.d/groups/systemd/bootctl
@ -11,7 +11,7 @@ profile bootctl @{exec_path} {
  include <abstractions/base>
  include <abstractions/consoles>
  include <abstractions/disks-read>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  capability mknod,
  capability net_admin,
--- a/apparmor.d/groups/systemd/busctl
+++ b/apparmor.d/groups/systemd/busctl
@ -13,7 +13,7 @@ profile busctl @{exec_path} {
  include <abstractions/bus-system>
  include <abstractions/consoles>
  include <abstractions/nameservice-strict>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  capability net_admin,
  capability sys_ptrace,
--- a/apparmor.d/groups/systemd/journalctl
+++ b/apparmor.d/groups/systemd/journalctl
@ -12,7 +12,7 @@ profile journalctl @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/consoles>
  include <abstractions/nameservice-strict>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  capability dac_override,
  capability dac_read_search,
--- a/apparmor.d/groups/systemd/localectl
+++ b/apparmor.d/groups/systemd/localectl
@ -9,7 +9,7 @@ include <tunables/global>
@{exec_path} = @{bin}/localectl
 profile localectl @{exec_path} {
  include <abstractions/base>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  capability net_admin,

--- a/apparmor.d/groups/systemd/loginctl
+++ b/apparmor.d/groups/systemd/loginctl
@ -12,7 +12,7 @@ profile loginctl @{exec_path} {
  include <abstractions/bus-system>
  include <abstractions/bus/org.freedesktop.login1.Session>
  include <abstractions/bus/org.freedesktop.login1>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  capability net_admin,
  capability sys_resource,
--- a/apparmor.d/groups/systemd/systemd-analyze
+++ b/apparmor.d/groups/systemd/systemd-analyze
@ -12,7 +12,7 @@ profile systemd-analyze @{exec_path} {
  include <abstractions/base>
  include <abstractions/bus-system>
  include <abstractions/consoles>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  capability sys_resource,
  capability net_admin,
--- a/apparmor.d/groups/systemd/systemd-backlight
+++ b/apparmor.d/groups/systemd/systemd-backlight
@ -10,7 +10,7 @@ include <tunables/global>
@{exec_path} = @{lib}/systemd/systemd-backlight
 profile systemd-backlight @{exec_path} {
  include <abstractions/base>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  capability net_admin,

--- a/apparmor.d/groups/systemd/systemd-binfmt
+++ b/apparmor.d/groups/systemd/systemd-binfmt
@ -9,7 +9,7 @@ include <tunables/global>
@{exec_path} = @{lib}/systemd/systemd-binfmt
 profile systemd-binfmt @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  capability net_admin,

--- a/apparmor.d/groups/systemd/systemd-cgtop
+++ b/apparmor.d/groups/systemd/systemd-cgtop
@ -10,7 +10,7 @@ include <tunables/global>
 profile systemd-cgtop @{exec_path} {
  include <abstractions/base>
  include <abstractions/consoles>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  @{exec_path} mr,

--- a/apparmor.d/groups/systemd/systemd-coredump
+++ b/apparmor.d/groups/systemd/systemd-coredump
@ -11,7 +11,7 @@ include <tunables/global>
 profile systemd-coredump @{exec_path} flags=(attach_disconnected,mediate_deleted) {
  include <abstractions/base>
  include <abstractions/nameservice-strict>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  # userns,

--- a/apparmor.d/groups/systemd/systemd-cryptsetup
+++ b/apparmor.d/groups/systemd/systemd-cryptsetup
@ -9,7 +9,7 @@ include <tunables/global>
@{exec_path} = @{bin}/systemd-cryptsetup @{lib}/systemd/systemd-cryptsetup
 profile systemd-cryptsetup @{exec_path} {
  include <abstractions/base>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>
  include <abstractions/disks-write>

  capability ipc_lock,
--- a/apparmor.d/groups/systemd/systemd-detect-virt
+++ b/apparmor.d/groups/systemd/systemd-detect-virt
@ -11,7 +11,7 @@ include <tunables/global>
 profile systemd-detect-virt @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/consoles>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  capability net_admin,

--- a/apparmor.d/groups/systemd/systemd-escape
+++ b/apparmor.d/groups/systemd/systemd-escape
@ -9,7 +9,7 @@ include <tunables/global>
@{exec_path} = @{bin}/systemd-escape
 profile systemd-escape @{exec_path} {
  include <abstractions/base>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  @{exec_path} mr,

--- a/apparmor.d/groups/systemd/systemd-fsck
+++ b/apparmor.d/groups/systemd/systemd-fsck
@ -12,7 +12,7 @@ profile systemd-fsck @{exec_path} {
  include <abstractions/base>
  include <abstractions/consoles>
  include <abstractions/disks-read>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  capability net_admin,
  capability sys_resource,
--- a/apparmor.d/groups/systemd/systemd-fsckd
+++ b/apparmor.d/groups/systemd/systemd-fsckd
@ -11,7 +11,7 @@ include <tunables/global>
 profile systemd-fsckd @{exec_path} {
  include <abstractions/base>
  include <abstractions/consoles>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  capability net_admin,
  capability sys_tty_config,
--- a/apparmor.d/groups/systemd/systemd-generator-bless-boot
+++ b/apparmor.d/groups/systemd/systemd-generator-bless-boot
@ -9,7 +9,7 @@ include <tunables/global>
@{exec_path} = @{lib}/systemd/system-generators/systemd-bless-boot-generator
 profile systemd-generator-bless-boot @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  @{exec_path} mr,

--- a/apparmor.d/groups/systemd/systemd-generator-cryptsetup
+++ b/apparmor.d/groups/systemd/systemd-generator-cryptsetup
@ -10,7 +10,7 @@ include <tunables/global>
 profile systemd-generator-cryptsetup @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/consoles>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  @{exec_path} mr,

--- a/apparmor.d/groups/systemd/systemd-generator-debug
+++ b/apparmor.d/groups/systemd/systemd-generator-debug
@ -9,7 +9,7 @@ include <tunables/global>
@{exec_path} = @{lib}/systemd/system-generators/systemd-debug-generator
 profile systemd-generator-debug @{exec_path} flags=(attach_disconnected)  {
  include <abstractions/base>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  @{exec_path} mr,

--- a/apparmor.d/groups/systemd/systemd-generator-fstab
+++ b/apparmor.d/groups/systemd/systemd-generator-fstab
@ -9,7 +9,7 @@ include <tunables/global>
@{exec_path} = @{lib}/systemd/system-generators/systemd-fstab-generator
 profile systemd-generator-fstab @{exec_path} {
  include <abstractions/base>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  capability dac_override,
  capability dac_read_search,
--- a/apparmor.d/groups/systemd/systemd-generator-getty
+++ b/apparmor.d/groups/systemd/systemd-generator-getty
@ -10,7 +10,7 @@ include <tunables/global>
 profile systemd-generator-getty @{exec_path} flags=(attach_disconnected)  {
  include <abstractions/base>
  include <abstractions/consoles>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  @{exec_path} mr,

--- a/apparmor.d/groups/systemd/systemd-generator-gpt-auto
+++ b/apparmor.d/groups/systemd/systemd-generator-gpt-auto
@ -10,7 +10,7 @@ include <tunables/global>
 profile systemd-generator-gpt-auto @{exec_path} flags=(attach_disconnected)  {
  include <abstractions/base>
  include <abstractions/disks-read>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  capability sys_admin,

--- a/apparmor.d/groups/systemd/systemd-generator-hibernate-resume
+++ b/apparmor.d/groups/systemd/systemd-generator-hibernate-resume
@ -9,7 +9,7 @@ include <tunables/global>
@{exec_path} = @{lib}/systemd/system-generators/systemd-hibernate-resume-generator
 profile systemd-generator-hibernate-resume @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  @{exec_path} mr,

--- a/apparmor.d/groups/systemd/systemd-generator-integritysetup
+++ b/apparmor.d/groups/systemd/systemd-generator-integritysetup
@ -9,7 +9,7 @@ include <tunables/global>
@{exec_path} = @{lib}/systemd/system-generators/systemd-integritysetup-generator
 profile systemd-generator-integritysetup @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  @{exec_path} mr,

--- a/apparmor.d/groups/systemd/systemd-generator-run
+++ b/apparmor.d/groups/systemd/systemd-generator-run
@ -9,7 +9,7 @@ include <tunables/global>
@{exec_path} = @{lib}/systemd/system-generators/systemd-run-generator
 profile systemd-generator-run @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  ptrace (read) peer=@{systemd},

--- a/apparmor.d/groups/systemd/systemd-generator-system-update
+++ b/apparmor.d/groups/systemd/systemd-generator-system-update
@ -9,7 +9,7 @@ include <tunables/global>
@{exec_path} = @{lib}/systemd/system-generators/systemd-system-update-generator
 profile systemd-generator-system-update @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  @{exec_path} mr,

--- a/apparmor.d/groups/systemd/systemd-generator-user-autostart
+++ b/apparmor.d/groups/systemd/systemd-generator-user-autostart
@ -9,7 +9,7 @@ include <tunables/global>
@{exec_path} = @{lib}/systemd/user-generators/systemd-xdg-autostart-generator
 profile systemd-generator-user-autostart @{exec_path} {
  include <abstractions/base>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>
  include <abstractions/nameservice-strict>

  capability net_admin,
--- a/apparmor.d/groups/systemd/systemd-generator-user-environment
+++ b/apparmor.d/groups/systemd/systemd-generator-user-environment
@ -9,7 +9,7 @@ include <tunables/global>
@{exec_path} = @{lib}/systemd/user-environment-generators/*
 profile systemd-generator-user-environment @{exec_path} {
  include <abstractions/base>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>
  include <abstractions/nameservice-strict>

  @{exec_path} mr,
--- a/apparmor.d/groups/systemd/systemd-generator-veritysetup
+++ b/apparmor.d/groups/systemd/systemd-generator-veritysetup
@ -9,7 +9,7 @@ include <tunables/global>
@{exec_path} = @{lib}/systemd/system-generators/systemd-veritysetup-generator
 profile systemd-generator-veritysetup @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  ptrace (read) peer=@{systemd},

--- a/apparmor.d/groups/systemd/systemd-homed
+++ b/apparmor.d/groups/systemd/systemd-homed
@ -12,7 +12,7 @@ profile systemd-homed @{exec_path} flags=(attach_disconnected) {
  include <abstractions/bus-system>
  include <abstractions/disks-write>
  include <abstractions/nameservice-strict>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  capability chown,
  capability dac_override,
--- a/apparmor.d/groups/systemd/systemd-homework
+++ b/apparmor.d/groups/systemd/systemd-homework
@ -10,7 +10,7 @@ include <tunables/global>
 profile systemd-homework @{exec_path} {
  include <abstractions/base>
  include <abstractions/nameservice-strict>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  @{exec_path} mr,

--- a/apparmor.d/groups/systemd/systemd-hostnamed
+++ b/apparmor.d/groups/systemd/systemd-hostnamed
@ -12,7 +12,7 @@ profile systemd-hostnamed @{exec_path}  flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/bus-system>
  include <abstractions/bus/org.freedesktop.PolicyKit1>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  capability sys_admin,  # To set a hostname

--- a/apparmor.d/groups/systemd/systemd-journald
+++ b/apparmor.d/groups/systemd/systemd-journald
@ -11,7 +11,7 @@ include <tunables/global>
 profile systemd-journald @{exec_path} {
  include <abstractions/base>
  include <abstractions/consoles>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  capability audit_control,
  capability audit_read,
--- a/apparmor.d/groups/systemd/systemd-localed
+++ b/apparmor.d/groups/systemd/systemd-localed
@ -12,7 +12,7 @@ profile systemd-localed @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/bus-system>
  include <abstractions/consoles>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  # Needed?
  audit capability net_admin,
--- a/apparmor.d/groups/systemd/systemd-logind
+++ b/apparmor.d/groups/systemd/systemd-logind
@ -16,7 +16,7 @@ profile systemd-logind @{exec_path} flags=(attach_disconnected) {
  include <abstractions/devices-usb>
  include <abstractions/disks-write>
  include <abstractions/nameservice-strict>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  capability chown,
  capability dac_override,
--- a/apparmor.d/groups/systemd/systemd-machined
+++ b/apparmor.d/groups/systemd/systemd-machined
@ -11,7 +11,7 @@ profile systemd-machined @{exec_path} {
  include <abstractions/base>
  include <abstractions/bus-system>
  include <abstractions/nameservice-strict>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  capability chown,
  capability dac_override,
--- a/apparmor.d/groups/systemd/systemd-makefs
+++ b/apparmor.d/groups/systemd/systemd-makefs
@ -10,7 +10,7 @@ include <tunables/global>
 profile systemd-makefs @{exec_path} {
  include <abstractions/base>
  include <abstractions/disks-write>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  capability net_admin,
  capability sys_resource,
--- a/apparmor.d/groups/systemd/systemd-modules-load
+++ b/apparmor.d/groups/systemd/systemd-modules-load
@ -10,7 +10,7 @@ include <tunables/global>
@{exec_path} = @{lib}/systemd/systemd-modules-load
 profile systemd-modules-load @{exec_path} {
  include <abstractions/base>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  capability net_admin,
  capability sys_module,
--- a/apparmor.d/groups/systemd/systemd-networkd
+++ b/apparmor.d/groups/systemd/systemd-networkd
@ -12,7 +12,7 @@ profile systemd-networkd @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/bus-system>
  include <abstractions/bus/org.freedesktop.hostname1>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  capability net_admin,
  capability net_bind_service,
--- a/apparmor.d/groups/systemd/systemd-networkd-wait-online
+++ b/apparmor.d/groups/systemd/systemd-networkd-wait-online
@ -10,7 +10,7 @@ include <tunables/global>
@{exec_path} = @{lib}/systemd/systemd-networkd-wait-online
 profile systemd-networkd-wait-online @{exec_path} flags=(complain) {
  include <abstractions/base>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  capability net_admin,

--- a/apparmor.d/groups/systemd/systemd-oomd
+++ b/apparmor.d/groups/systemd/systemd-oomd
@ -10,7 +10,7 @@ include <tunables/global>
 profile systemd-oomd @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/bus-system>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  capability dac_override,
  capability kill,
--- a/apparmor.d/groups/systemd/systemd-portabled
+++ b/apparmor.d/groups/systemd/systemd-portabled
@ -9,7 +9,7 @@ include <tunables/global>
@{exec_path} = @{lib}/systemd/systemd-portabled
 profile systemd-portabled @{exec_path} {
  include <abstractions/base>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  capability chown,
  capability dac_override,
--- a/apparmor.d/groups/systemd/systemd-random-seed
+++ b/apparmor.d/groups/systemd/systemd-random-seed
@ -9,7 +9,7 @@ include <tunables/global>
@{exec_path} = @{lib}/systemd/systemd-random-seed
 profile systemd-random-seed @{exec_path} {
  include <abstractions/base>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  capability net_admin,

--- a/apparmor.d/groups/systemd/systemd-remount-fs
+++ b/apparmor.d/groups/systemd/systemd-remount-fs
@ -10,7 +10,7 @@ include <tunables/global>
 profile systemd-remount-fs @{exec_path} {
  include <abstractions/base>
  include <abstractions/nameservice-strict>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  capability net_admin,
  capability sys_admin,
--- a/apparmor.d/groups/systemd/systemd-resolved
+++ b/apparmor.d/groups/systemd/systemd-resolved
@ -14,7 +14,7 @@ profile systemd-resolved @{exec_path} flags=(attach_disconnected) {
  include <abstractions/nameservice-strict>
  include <abstractions/p11-kit>
  include <abstractions/ssl_certs>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  capability net_bind_service,
  capability net_raw,
--- a/apparmor.d/groups/systemd/systemd-rfkill
+++ b/apparmor.d/groups/systemd/systemd-rfkill
@ -10,7 +10,7 @@ include <tunables/global>
@{exec_path} = @{lib}/systemd/systemd-rfkill
 profile systemd-rfkill @{exec_path} {
  include <abstractions/base>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  capability net_admin,
  capability sys_ptrace,
--- a/apparmor.d/groups/systemd/systemd-shutdown
+++ b/apparmor.d/groups/systemd/systemd-shutdown
@ -10,7 +10,7 @@ include <tunables/global>
@{exec_path} = @{lib}/systemd/systemd-shutdown
 profile systemd-shutdown @{exec_path} {
  include <abstractions/base>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  capability kill,
  capability sys_boot,
--- a/apparmor.d/groups/systemd/systemd-sleep
+++ b/apparmor.d/groups/systemd/systemd-sleep
@ -11,7 +11,7 @@ profile systemd-sleep @{exec_path} {
  include <abstractions/base>
  include <abstractions/bus-system>
  include <abstractions/nameservice-strict>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  capability net_admin,
  capability sys_admin,
--- a/apparmor.d/groups/systemd/systemd-socket-proxyd
+++ b/apparmor.d/groups/systemd/systemd-socket-proxyd
@ -9,7 +9,7 @@ include <tunables/global>
@{exec_path} = @{lib}/systemd/systemd-socket-proxyd
 profile systemd-socket-proxyd @{exec_path} {
  include <abstractions/base>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  capability net_admin,

--- a/apparmor.d/groups/systemd/systemd-sulogin-shell
+++ b/apparmor.d/groups/systemd/systemd-sulogin-shell
@ -9,7 +9,7 @@ include <tunables/global>
@{exec_path} = @{lib}/systemd/systemd-sulogin-shell
 profile systemd-sulogin-shell @{exec_path} {
  include <abstractions/base>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  capability net_admin,
  capability sys_resource,
--- a/apparmor.d/groups/systemd/systemd-sysctl
+++ b/apparmor.d/groups/systemd/systemd-sysctl
@ -11,7 +11,7 @@ include <tunables/global>
 profile systemd-sysctl @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/consoles>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  capability mknod,
  capability net_admin,
--- a/apparmor.d/groups/systemd/systemd-sysusers
+++ b/apparmor.d/groups/systemd/systemd-sysusers
@ -10,7 +10,7 @@ include <tunables/global>
 profile systemd-sysusers @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/consoles>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  capability chown,
  capability fsetid,
--- a/apparmor.d/groups/systemd/systemd-timedated
+++ b/apparmor.d/groups/systemd/systemd-timedated
@ -11,7 +11,7 @@ include <tunables/global>
 profile systemd-timedated @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/bus-system>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  capability sys_time,

--- a/apparmor.d/groups/systemd/systemd-timesyncd
+++ b/apparmor.d/groups/systemd/systemd-timesyncd
@ -12,7 +12,7 @@ profile systemd-timesyncd @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/bus-system>
  include <abstractions/nameservice-strict>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  capability sys_time,

--- a/apparmor.d/groups/systemd/systemd-tmpfiles
+++ b/apparmor.d/groups/systemd/systemd-tmpfiles
@ -9,7 +9,7 @@ include <tunables/global>
@{exec_path} = @{bin}/systemd-tmpfiles
 profile systemd-tmpfiles @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>
  include <abstractions/nameservice-strict>

  capability chown,
--- a/apparmor.d/groups/systemd/systemd-tty-ask-password-agent
+++ b/apparmor.d/groups/systemd/systemd-tty-ask-password-agent
@ -10,7 +10,7 @@ include <tunables/global>
 profile systemd-tty-ask-password-agent @{exec_path} {
  include <abstractions/base>
  include <abstractions/consoles>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  capability dac_override,
  capability net_admin,
--- a/apparmor.d/groups/systemd/systemd-udevd
+++ b/apparmor.d/groups/systemd/systemd-udevd
@ -12,7 +12,7 @@ profile systemd-udevd @{exec_path} flags=(attach_disconnected,complain) {
  include <abstractions/base>
  include <abstractions/consoles>
  include <abstractions/nameservice-strict>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  capability chown,
  capability dac_override,
@ -132,7 +132,7 @@ profile systemd-udevd @{exec_path} flags=(attach_disconnected,complain) {

  profile systemctl flags=(attach_disconnected,complain) {
    include <abstractions/base>
-    include <abstractions/systemctl>
+    include <abstractions/app/systemctl>

    capability net_admin,
    capability sys_ptrace,
--- a/apparmor.d/groups/systemd/systemd-update-utmp
+++ b/apparmor.d/groups/systemd/systemd-update-utmp
@ -9,7 +9,7 @@ include <tunables/global>
@{exec_path} = @{lib}/systemd/systemd-update-utmp
 profile systemd-update-utmp @{exec_path} {
  include <abstractions/base>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>
  include <abstractions/wutmp>

  capability audit_write,
--- a/apparmor.d/groups/systemd/systemd-user-runtime-dir
+++ b/apparmor.d/groups/systemd/systemd-user-runtime-dir
@ -12,7 +12,7 @@ profile systemd-user-runtime-dir @{exec_path} {
  include <abstractions/bus-system>
  include <abstractions/bus/org.freedesktop.login1>
  include <abstractions/nameservice-strict>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  capability dac_override,
  capability dac_read_search,
--- a/apparmor.d/groups/systemd/systemd-user-sessions
+++ b/apparmor.d/groups/systemd/systemd-user-sessions
@ -9,7 +9,7 @@ include <tunables/global>
@{exec_path} = @{lib}/systemd/systemd-user-sessions
 profile systemd-user-sessions @{exec_path} {
  include <abstractions/base>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  capability net_admin,

--- a/apparmor.d/groups/systemd/systemd-userdbd
+++ b/apparmor.d/groups/systemd/systemd-userdbd
@ -10,7 +10,7 @@ include <tunables/global>
 profile systemd-userdbd @{exec_path} flags=(attach_disconnected,mediate_deleted) {
  include <abstractions/base>
  include <abstractions/nameservice-strict>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  capability dac_read_search,
  capability sys_resource,
--- a/apparmor.d/groups/systemd/systemd-userwork
+++ b/apparmor.d/groups/systemd/systemd-userwork
@ -10,7 +10,7 @@ include <tunables/global>
 profile systemd-userwork @{exec_path} flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/nameservice-strict>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  capability sys_resource,

--- a/apparmor.d/groups/systemd/systemd-vconsole-setup
+++ b/apparmor.d/groups/systemd/systemd-vconsole-setup
@ -11,7 +11,7 @@ profile systemd-vconsole-setup @{exec_path} {
  include <abstractions/base>
  include <abstractions/consoles>
  include <abstractions/nameservice-strict>
-  include <abstractions/systemd-common>
+  include <abstractions/common/systemd>

  capability dac_override,
  capability net_admin,