From bd9ab55bf05c3a7a6457ba48b69af0fab7eaf1aa Mon Sep 17 00:00:00 2001 From: Alexandre Pujol Date: Tue, 18 Mar 2025 23:10:38 +0100 Subject: [PATCH] feta(profile): remove the now duplicated @{bin}/perl r. --- apparmor.d/groups/apt/apt | 1 - apparmor.d/groups/apt/apt-file | 1 - apparmor.d/groups/apt/apt-show-versions | 3 +-- apparmor.d/groups/apt/aptitude-changelog-parser | 1 - apparmor.d/groups/apt/debconf-show | 1 - apparmor.d/groups/apt/debsign | 2 +- apparmor.d/groups/apt/dpkg-buildflags | 1 - apparmor.d/groups/apt/dpkg-checkbuilddeps | 1 - apparmor.d/groups/apt/dpkg-genbuildinfo | 1 - apparmor.d/groups/apt/dpkg-genchanges | 1 - apparmor.d/groups/apt/dpkg-preconfigure | 1 - apparmor.d/groups/freedesktop/xdg-screensaver | 2 +- apparmor.d/groups/pacman/pacman | 2 +- apparmor.d/groups/pacman/pacman-hook-perl | 6 ++---- apparmor.d/groups/systemd/systemd-udevd | 2 +- apparmor.d/profiles-a-f/adduser | 1 - apparmor.d/profiles-a-f/adequate | 2 -- apparmor.d/profiles-a-f/aspell-autobuildhash | 2 -- apparmor.d/profiles-a-f/check-support-status | 1 - apparmor.d/profiles-a-f/check-support-status-hook | 2 -- apparmor.d/profiles-a-f/ddclient | 1 - apparmor.d/profiles-a-f/deluser | 1 - apparmor.d/profiles-a-f/exo-compose-mail | 1 - apparmor.d/profiles-g-l/gtk-youtube-viewer | 1 - apparmor.d/profiles-g-l/hw-probe | 1 - apparmor.d/profiles-g-l/inxi | 1 - apparmor.d/profiles-g-l/ipcalc | 1 - apparmor.d/profiles-g-l/linux-check-removal | 2 -- apparmor.d/profiles-g-l/linux-version | 1 - apparmor.d/profiles-m-r/pam-auth-update | 2 -- apparmor.d/profiles-m-r/popularity-contest | 1 - apparmor.d/profiles-s-z/tasksel | 2 -- apparmor.d/profiles-s-z/tpacpi-bat | 1 - apparmor.d/profiles-s-z/update-dlocatedb | 1 - apparmor.d/profiles-s-z/youtube-viewer | 1 - 35 files changed, 7 insertions(+), 45 deletions(-) diff --git a/apparmor.d/groups/apt/apt b/apparmor.d/groups/apt/apt index b207c7ec2..0c413fa90 100644 --- a/apparmor.d/groups/apt/apt +++ b/apparmor.d/groups/apt/apt @@ -200,7 +200,6 @@ profile apt @{exec_path} flags=(attach_disconnected) { include @{bin}/dpkg-source mr, - @{bin}/perl r, @{bin}/bunzip2 rix, @{bin}/chmod rix, diff --git a/apparmor.d/groups/apt/apt-file b/apparmor.d/groups/apt/apt-file index 7ee51cfed..bc140acd1 100644 --- a/apparmor.d/groups/apt/apt-file +++ b/apparmor.d/groups/apt/apt-file @@ -14,7 +14,6 @@ profile apt-file @{exec_path} { include @{exec_path} r, - @{bin}/perl r, @{bin}/fgrep rix, @{bin}/{,e}grep rix, diff --git a/apparmor.d/groups/apt/apt-show-versions b/apparmor.d/groups/apt/apt-show-versions index 7885afca4..16dc584b3 100644 --- a/apparmor.d/groups/apt/apt-show-versions +++ b/apparmor.d/groups/apt/apt-show-versions @@ -10,12 +10,11 @@ include @{exec_path} = @{bin}/apt-show-versions profile apt-show-versions @{exec_path} { include + include include include - include @{exec_path} r, - @{bin}/perl r, @{sh_path} rix, @{bin}/dpkg rPx -> child-dpkg, diff --git a/apparmor.d/groups/apt/aptitude-changelog-parser b/apparmor.d/groups/apt/aptitude-changelog-parser index 91a47110a..cde501bd5 100644 --- a/apparmor.d/groups/apt/aptitude-changelog-parser +++ b/apparmor.d/groups/apt/aptitude-changelog-parser @@ -13,7 +13,6 @@ profile aptitude-changelog-parser @{exec_path} { include @{exec_path} r, - @{bin}/perl r, /etc/dpkg/origins/debian r, diff --git a/apparmor.d/groups/apt/debconf-show b/apparmor.d/groups/apt/debconf-show index b00cecd1b..ed9cf9094 100644 --- a/apparmor.d/groups/apt/debconf-show +++ b/apparmor.d/groups/apt/debconf-show @@ -14,7 +14,6 @@ profile debconf-show @{exec_path} { include @{exec_path} r, - @{bin}/perl r, @{bin}/locale rix, diff --git a/apparmor.d/groups/apt/debsign b/apparmor.d/groups/apt/debsign index 68d0d4184..635076069 100644 --- a/apparmor.d/groups/apt/debsign +++ b/apparmor.d/groups/apt/debsign @@ -10,6 +10,7 @@ include @{exec_path} = @{bin}/debsign profile debsign @{exec_path} { include + include @{exec_path} r, @@ -27,7 +28,6 @@ profile debsign @{exec_path} { @{bin}/md5sum rix, @{bin}/mktemp rix, @{bin}/mv rix, - @{bin}/perl rix, @{bin}/rm rix, @{bin}/sed rix, @{bin}/sha{1,256,512}sum rix, diff --git a/apparmor.d/groups/apt/dpkg-buildflags b/apparmor.d/groups/apt/dpkg-buildflags index e7558acdf..467d0d50e 100644 --- a/apparmor.d/groups/apt/dpkg-buildflags +++ b/apparmor.d/groups/apt/dpkg-buildflags @@ -13,7 +13,6 @@ profile dpkg-buildflags @{exec_path} flags=(complain) { include @{exec_path} r, - @{bin}/perl r, /etc/dpkg/origins/debian r, diff --git a/apparmor.d/groups/apt/dpkg-checkbuilddeps b/apparmor.d/groups/apt/dpkg-checkbuilddeps index e7542aadd..6f54d3967 100644 --- a/apparmor.d/groups/apt/dpkg-checkbuilddeps +++ b/apparmor.d/groups/apt/dpkg-checkbuilddeps @@ -13,7 +13,6 @@ profile dpkg-checkbuilddeps @{exec_path} flags=(complain) { include @{exec_path} r, - @{bin}/perl r, /etc/dpkg/origins/debian r, diff --git a/apparmor.d/groups/apt/dpkg-genbuildinfo b/apparmor.d/groups/apt/dpkg-genbuildinfo index 4e22ecf19..b9853ca32 100644 --- a/apparmor.d/groups/apt/dpkg-genbuildinfo +++ b/apparmor.d/groups/apt/dpkg-genbuildinfo @@ -17,7 +17,6 @@ profile dpkg-genbuildinfo @{exec_path} { @{exec_path} r, - @{bin}/perl r, /usr/local/bin/ r, /usr/local/etc/ r, /usr/local/include/ r, diff --git a/apparmor.d/groups/apt/dpkg-genchanges b/apparmor.d/groups/apt/dpkg-genchanges index 73be1b913..7c7ad1681 100644 --- a/apparmor.d/groups/apt/dpkg-genchanges +++ b/apparmor.d/groups/apt/dpkg-genchanges @@ -14,7 +14,6 @@ profile dpkg-genchanges @{exec_path} flags=(complain) { include @{exec_path} r, - @{bin}/perl r, /etc/dpkg/origins/debian r, diff --git a/apparmor.d/groups/apt/dpkg-preconfigure b/apparmor.d/groups/apt/dpkg-preconfigure index 30fc78445..38fe3f005 100644 --- a/apparmor.d/groups/apt/dpkg-preconfigure +++ b/apparmor.d/groups/apt/dpkg-preconfigure @@ -17,7 +17,6 @@ profile dpkg-preconfigure @{exec_path} { #capability sys_tty_config, @{exec_path} r, - @{bin}/perl r, @{sh_path} rix, @{bin}/{,e}grep rix, diff --git a/apparmor.d/groups/freedesktop/xdg-screensaver b/apparmor.d/groups/freedesktop/xdg-screensaver index c142d137d..dd7d17118 100644 --- a/apparmor.d/groups/freedesktop/xdg-screensaver +++ b/apparmor.d/groups/freedesktop/xdg-screensaver @@ -12,6 +12,7 @@ profile xdg-screensaver @{exec_path} flags=(complain) { include include include + include @{exec_path} r, @@ -27,7 +28,6 @@ profile xdg-screensaver @{exec_path} flags=(complain) { @{bin}/lockfile ix, @{bin}/mktemp ix, @{bin}/mv ix, - @{bin}/perl ix, @{bin}/readlink ix, @{bin}/realpath ix, @{bin}/rm ix, diff --git a/apparmor.d/groups/pacman/pacman b/apparmor.d/groups/pacman/pacman index 327af130f..0fe2ee1ca 100644 --- a/apparmor.d/groups/pacman/pacman +++ b/apparmor.d/groups/pacman/pacman @@ -12,6 +12,7 @@ profile pacman @{exec_path} flags=(attach_disconnected) { include include include + include include capability audit_write, @@ -83,7 +84,6 @@ profile pacman @{exec_path} flags=(attach_disconnected) { @{bin}/needrestart rPx, @{bin}/pacdiff rPx, @{bin}/pacman-key rPx, - @{bin}/perl rix, @{bin}/pkgfile rPUx, @{bin}/pkill rix, @{bin}/rsync rix, diff --git a/apparmor.d/groups/pacman/pacman-hook-perl b/apparmor.d/groups/pacman/pacman-hook-perl index 1254f97e2..07539ae95 100644 --- a/apparmor.d/groups/pacman/pacman-hook-perl +++ b/apparmor.d/groups/pacman/pacman-hook-perl @@ -9,20 +9,18 @@ include @{exec_path} = /usr/share/libalpm/scripts/detect-old-perl-modules.sh profile pacman-hook-perl @{exec_path} { include + include capability dac_read_search, capability mknod, @{exec_path} mr, - @{bin}/perl rix, - @{bin}/bash rix, + @{sh_path} rix, @{bin}/find rix, @{bin}/pacman rPx, @{bin}/sed rix, - @{lib}/perl@{int}/{,**} r, - /dev/tty rw, /dev/tty@{int} rw, owner /dev/pts/@{int} rw, diff --git a/apparmor.d/groups/systemd/systemd-udevd b/apparmor.d/groups/systemd/systemd-udevd index 6778aacf3..f00498f8a 100644 --- a/apparmor.d/groups/systemd/systemd-udevd +++ b/apparmor.d/groups/systemd/systemd-udevd @@ -13,6 +13,7 @@ profile systemd-udevd @{exec_path} flags=(attach_disconnected,complain) { include include include + include capability chown, capability dac_override, @@ -53,7 +54,6 @@ profile systemd-udevd @{exec_path} flags=(attach_disconnected,complain) { @{bin}/multipath rPx, @{bin}/nfsrahead rix, @{bin}/nvidia-modprobe rPx -> child-modprobe-nvidia, - @{bin}/perl rix, @{bin}/setfacl rix, @{bin}/sg_inq rix, @{bin}/snap rPx, diff --git a/apparmor.d/profiles-a-f/adduser b/apparmor.d/profiles-a-f/adduser index 9103b25b3..e1d813324 100644 --- a/apparmor.d/profiles-a-f/adduser +++ b/apparmor.d/profiles-a-f/adduser @@ -24,7 +24,6 @@ profile adduser @{exec_path} { capability sys_admin, # For logger @{exec_path} r, - @{bin}/perl r, @{sh_path} rix, @{bin}/find rix, diff --git a/apparmor.d/profiles-a-f/adequate b/apparmor.d/profiles-a-f/adequate index 6f2e1d5c7..28576423d 100644 --- a/apparmor.d/profiles-a-f/adequate +++ b/apparmor.d/profiles-a-f/adequate @@ -17,7 +17,6 @@ profile adequate @{exec_path} flags=(complain) { #capability sys_tty_config, @{exec_path} r, - @{bin}/perl r, @{bin}/ldconfig rix, @@ -74,7 +73,6 @@ profile adequate @{exec_path} flags=(complain) { include /usr/share/debconf/frontend r, - @{bin}/perl r, @{bin}/adequate rPx, diff --git a/apparmor.d/profiles-a-f/aspell-autobuildhash b/apparmor.d/profiles-a-f/aspell-autobuildhash index 769f15cf0..b3baaaa8f 100644 --- a/apparmor.d/profiles-a-f/aspell-autobuildhash +++ b/apparmor.d/profiles-a-f/aspell-autobuildhash @@ -14,7 +14,6 @@ profile aspell-autobuildhash @{exec_path} flags=(complain) { include @{exec_path} r, - @{bin}/perl r, @{sh_path} rix, @{bin}/basename rix, @@ -47,7 +46,6 @@ profile aspell-autobuildhash @{exec_path} flags=(complain) { include /usr/share/debconf/frontend r, - @{bin}/perl r, @{bin}/aspell-autobuildhash rPx, diff --git a/apparmor.d/profiles-a-f/check-support-status b/apparmor.d/profiles-a-f/check-support-status index 313fa6c54..07baedfae 100644 --- a/apparmor.d/profiles-a-f/check-support-status +++ b/apparmor.d/profiles-a-f/check-support-status @@ -70,7 +70,6 @@ profile check-support-status @{exec_path} { include @{bin}/debconf-escape r, - @{bin}/perl r, owner @{tmp}/debian-security-support.postinst.*/output r, diff --git a/apparmor.d/profiles-a-f/check-support-status-hook b/apparmor.d/profiles-a-f/check-support-status-hook index 5eb0eda0f..4c805b9b1 100644 --- a/apparmor.d/profiles-a-f/check-support-status-hook +++ b/apparmor.d/profiles-a-f/check-support-status-hook @@ -53,7 +53,6 @@ profile check-support-status-hook @{exec_path} { include @{bin}/debconf-escape r, - @{bin}/perl r, /tmp/ r, owner @{tmp}/debian-security-support.postinst.*/output r, @@ -68,7 +67,6 @@ profile check-support-status-hook @{exec_path} { include /usr/share/debconf/frontend r, - @{bin}/perl r, /usr/share/debian-security-support/ r, /usr/share/debian-security-support/check-support-status.hook rPx, diff --git a/apparmor.d/profiles-a-f/ddclient b/apparmor.d/profiles-a-f/ddclient index c16629d6d..0928f0da4 100644 --- a/apparmor.d/profiles-a-f/ddclient +++ b/apparmor.d/profiles-a-f/ddclient @@ -15,7 +15,6 @@ profile ddclient @{exec_path} { include @{exec_path} r, - @{bin}/perl r, @{sh_path} rix, @{bin}/logger rix, diff --git a/apparmor.d/profiles-a-f/deluser b/apparmor.d/profiles-a-f/deluser index 1f2e86579..1c5185833 100644 --- a/apparmor.d/profiles-a-f/deluser +++ b/apparmor.d/profiles-a-f/deluser @@ -18,7 +18,6 @@ profile deluser @{exec_path} { capability dac_override, @{exec_path} r, - @{bin}/perl r, @{sh_path} rix, @{bin}/crontab rPx, diff --git a/apparmor.d/profiles-a-f/exo-compose-mail b/apparmor.d/profiles-a-f/exo-compose-mail index 3e1f92742..e03e35403 100644 --- a/apparmor.d/profiles-a-f/exo-compose-mail +++ b/apparmor.d/profiles-a-f/exo-compose-mail @@ -13,7 +13,6 @@ profile exo-compose-mail @{exec_path} { include @{exec_path} r, - @{bin}/perl r, # Mail clients @{bin}/thunderbird rPx, diff --git a/apparmor.d/profiles-g-l/gtk-youtube-viewer b/apparmor.d/profiles-g-l/gtk-youtube-viewer index 029e542ee..0b9075bc1 100644 --- a/apparmor.d/profiles-g-l/gtk-youtube-viewer +++ b/apparmor.d/profiles-g-l/gtk-youtube-viewer @@ -25,7 +25,6 @@ profile gtk-youtube-viewer @{exec_path} { network netlink raw, @{exec_path} r, - @{bin}/perl r, @{sh_path} rix, diff --git a/apparmor.d/profiles-g-l/hw-probe b/apparmor.d/profiles-g-l/hw-probe index f5c1ecdd6..590d4427e 100644 --- a/apparmor.d/profiles-g-l/hw-probe +++ b/apparmor.d/profiles-g-l/hw-probe @@ -19,7 +19,6 @@ profile hw-probe @{exec_path} flags=(attach_disconnected) { network inet6 dgram, @{exec_path} rm, - @{bin}/perl r, @{sh_path} rix, @{bin}/{,e}grep rix, diff --git a/apparmor.d/profiles-g-l/inxi b/apparmor.d/profiles-g-l/inxi index eafcab799..09753107b 100644 --- a/apparmor.d/profiles-g-l/inxi +++ b/apparmor.d/profiles-g-l/inxi @@ -20,7 +20,6 @@ profile inxi @{exec_path} { network netlink raw, @{exec_path} r, - @{bin}/perl r, @{bin}/ r, @{sh_path} rix, diff --git a/apparmor.d/profiles-g-l/ipcalc b/apparmor.d/profiles-g-l/ipcalc index ff7f1c799..c6dfa762a 100644 --- a/apparmor.d/profiles-g-l/ipcalc +++ b/apparmor.d/profiles-g-l/ipcalc @@ -13,7 +13,6 @@ profile ipcalc @{exec_path} { include @{exec_path} r, - @{bin}/perl r, include if exists } diff --git a/apparmor.d/profiles-g-l/linux-check-removal b/apparmor.d/profiles-g-l/linux-check-removal index a0c184032..1c6ff2f03 100644 --- a/apparmor.d/profiles-g-l/linux-check-removal +++ b/apparmor.d/profiles-g-l/linux-check-removal @@ -14,7 +14,6 @@ profile linux-check-removal @{exec_path} flags=(complain) { include @{exec_path} r, - @{bin}/perl r, # Think what to do about this (#FIXME#) /usr/share/debconf/frontend rPx, @@ -28,7 +27,6 @@ profile linux-check-removal @{exec_path} flags=(complain) { include /usr/share/debconf/frontend r, - @{bin}/perl r, @{bin}/linux-check-removal rPx, diff --git a/apparmor.d/profiles-g-l/linux-version b/apparmor.d/profiles-g-l/linux-version index 1a8ffbb0d..a95647712 100644 --- a/apparmor.d/profiles-g-l/linux-version +++ b/apparmor.d/profiles-g-l/linux-version @@ -14,7 +14,6 @@ profile linux-version @{exec_path} { include @{exec_path} r, - @{bin}/perl r, /boot/ r, diff --git a/apparmor.d/profiles-m-r/pam-auth-update b/apparmor.d/profiles-m-r/pam-auth-update index e2846f8e6..3991299b9 100644 --- a/apparmor.d/profiles-m-r/pam-auth-update +++ b/apparmor.d/profiles-m-r/pam-auth-update @@ -14,7 +14,6 @@ profile pam-auth-update @{exec_path} flags=(complain) { include @{exec_path} mr, - @{bin}/perl r, @{bin}/md5sum rix, @{bin}/cp rix, @@ -35,7 +34,6 @@ profile pam-auth-update @{exec_path} flags=(complain) { include /usr/share/debconf/frontend r, - @{bin}/perl r, @{bin}/pam-auth-update rPx, diff --git a/apparmor.d/profiles-m-r/popularity-contest b/apparmor.d/profiles-m-r/popularity-contest index ba9d813c2..88052d580 100644 --- a/apparmor.d/profiles-m-r/popularity-contest +++ b/apparmor.d/profiles-m-r/popularity-contest @@ -21,7 +21,6 @@ profile popularity-contest @{exec_path} { ptrace (read), @{exec_path} r, - @{bin}/perl r, @{sh_path} rix, @{bin}/env rix, diff --git a/apparmor.d/profiles-s-z/tasksel b/apparmor.d/profiles-s-z/tasksel index bc2779d51..64b3ed4ad 100644 --- a/apparmor.d/profiles-s-z/tasksel +++ b/apparmor.d/profiles-s-z/tasksel @@ -13,7 +13,6 @@ profile tasksel @{exec_path} flags=(complain) { include @{exec_path} r, - @{bin}/perl r, @{sh_path} rix, @{bin}/tempfile rix, @@ -56,7 +55,6 @@ profile tasksel @{exec_path} flags=(complain) { include /usr/share/debconf/frontend r, - @{bin}/perl r, @{bin}/tasksel rPx, diff --git a/apparmor.d/profiles-s-z/tpacpi-bat b/apparmor.d/profiles-s-z/tpacpi-bat index ee4de1e45..b4666bb96 100644 --- a/apparmor.d/profiles-s-z/tpacpi-bat +++ b/apparmor.d/profiles-s-z/tpacpi-bat @@ -13,7 +13,6 @@ profile tpacpi-bat @{exec_path} { include @{exec_path} mr, - @{bin}/perl r, @{sh_path} rix, @{bin}/cat rix, diff --git a/apparmor.d/profiles-s-z/update-dlocatedb b/apparmor.d/profiles-s-z/update-dlocatedb index c0e64f0f9..2afe8a22f 100644 --- a/apparmor.d/profiles-s-z/update-dlocatedb +++ b/apparmor.d/profiles-s-z/update-dlocatedb @@ -39,7 +39,6 @@ profile update-dlocatedb @{exec_path} { include /usr/share/dlocate/updatedb r, - @{bin}/perl r, /etc/default/dlocate r, diff --git a/apparmor.d/profiles-s-z/youtube-viewer b/apparmor.d/profiles-s-z/youtube-viewer index 46b0c6c06..100ae9985 100644 --- a/apparmor.d/profiles-s-z/youtube-viewer +++ b/apparmor.d/profiles-s-z/youtube-viewer @@ -24,7 +24,6 @@ profile youtube-viewer @{exec_path} { network netlink raw, @{exec_path} r, - @{bin}/perl r, @{sh_path} rix, @{bin}/infocmp rix,