From bd0f3448cbbc35f35a47dc44d6aaf0c0aceb8bd4 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Tue, 1 Oct 2024 18:32:39 +0100
Subject: [PATCH] fix(profile): whereis: allow search in /opt.

fix #532
---
 apparmor.d/profiles-s-z/whereis | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/apparmor.d/profiles-s-z/whereis b/apparmor.d/profiles-s-z/whereis
index e7bc743a5..4a1293c0a 100644
--- a/apparmor.d/profiles-s-z/whereis
+++ b/apparmor.d/profiles-s-z/whereis
@@ -27,8 +27,8 @@ profile whereis @{exec_path} {
   /usr/src/{**,} r,
 
   /opt/ r,
-  /opt/cni/bin/ r,
-  /opt/containerd/bin/ r,
+  /opt/**/bin/ r,
+  /opt/**/lib/ r,
 
   @{etc_ro}/ r,