profiles: update set of profiles updated in MR:1637 to use @{exec_path}

This patch updates the set of profiles updated by MR:1637, this is split off from the rest of the profile updates because that set is explicity recently set apart. Signed-off-by: John Johansen <john.johansen@canonical.com>
2025-08-22 10:07:12 +00:00 · 2025-04-28 05:32:54 -07:00 · 2025-04-28 05:32:54 -07:00 · 6d0834da8e
commit 6d0834da8e
parent 699507f90a
32 changed files with 35 additions and 35 deletions
--- a/profiles/apparmor.d/Xorg
+++ b/profiles/apparmor.d/Xorg
@ -58,7 +58,7 @@ profile Xorg /usr/lib/xorg/Xorg flags=(attach_disconnected, complain) {
  /{,usr/}bin/{bash,dash,sh} ix,
  /usr/bin/xkbcomp           ix,

-  /usr/lib/xorg/Xorg      mr,
+  @{exec_path)            mr,

  @{PROC}/cmdline         r,
  @{PROC}/@{pid}/cmdline  r,
--- a/profiles/apparmor.d/alsamixer
+++ b/profiles/apparmor.d/alsamixer
@ -10,7 +10,7 @@ profile alsamixer /{usr,}/bin/alsamixer {

    include <abstractions/dbus-session-strict>

-    /{usr,}/bin/alsamixer mr,
+    @{exec_path} mr,

    @{sys}/devices/virtual/dmi/id/sys_vendor r,

--- a/profiles/apparmor.d/babeld
+++ b/profiles/apparmor.d/babeld
@ -17,7 +17,7 @@ profile babeld /usr/lib/frr/babeld flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/frr>

-  /usr/lib/frr/babeld mr,
+  @{exec_path} mr,
  @{run}/frr/babel-state w,

  # Site-specific additions and overrides. See local/README for details.
--- a/profiles/apparmor.d/bfdd
+++ b/profiles/apparmor.d/bfdd
@ -21,7 +21,7 @@ profile bfdd /usr/lib/frr/bfdd flags=(attach_disconnected) {
  capability sys_admin,


-  /usr/lib/frr/bfdd mr,
+  @{exec_path} mr,
  @{run}/netns/* r,

  @{run}/frr/bfdd.sock w,
--- a/profiles/apparmor.d/bgpd
+++ b/profiles/apparmor.d/bgpd
@ -21,7 +21,7 @@ profile bgpd /usr/lib/frr/bgpd flags=(attach_disconnected) {
  capability net_raw,
  capability sys_admin,

-  /usr/lib/frr/bgpd mr,
+  @{exec_path} mr,

  @{run}/netns/* r,

--- a/profiles/apparmor.d/bin.ping
+++ b/profiles/apparmor.d/bin.ping
@ -22,7 +22,7 @@ profile ping /{usr/,}bin/{,iputils-}ping {
  network inet raw,
  network inet6 raw,

-  /{usr/,}bin/{,iputils-}ping mixr,
+  @{exec_path} mixr,
  /etc/modules.conf r,
  @{PROC}/sys/net/ipv6/conf/all/disable_ipv6 r,

--- a/profiles/apparmor.d/eigrpd
+++ b/profiles/apparmor.d/eigrpd
@ -19,7 +19,7 @@ profile eigrpd /usr/lib/frr/eigrpd flags=(attach_disconnected) {

  capability net_raw,

-  /usr/lib/frr/eigrpd mr,
+  @{exec_path} mr,

  # Site-specific additions and overrides. See local/README for details.
  include if exists <local/eigrpd>
--- a/profiles/apparmor.d/fabricd
+++ b/profiles/apparmor.d/fabricd
@ -17,7 +17,7 @@ profile fabricd /usr/lib/frr/fabricd flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/frr>

-  /usr/lib/frr/fabricd mr,
+  @{exec_path} mr,

  # Site-specific additions and overrides. See local/README for details.
  include if exists <local/fabricd>
--- a/profiles/apparmor.d/isisd
+++ b/profiles/apparmor.d/isisd
@ -20,7 +20,7 @@ profile isisd /usr/lib/frr/isisd flags=(attach_disconnected) {

  capability net_raw,

-  /usr/lib/frr/isisd mr,
+  @{exec_path} mr,

  /var/lib/frr/ r, 
  /var/lib/frr/isisd.json{,.sav} rw,
--- a/profiles/apparmor.d/nhrpd
+++ b/profiles/apparmor.d/nhrpd
@ -20,7 +20,7 @@ profile nhrpd /usr/lib/frr/nhrpd flags=(attach_disconnected) {
  capability net_raw,
  capability net_admin,

-  /usr/lib/frr/nhrpd mr,
+  @{exec_path} mr,
  /usr/bin/dash ix,
  @{PROC}/sys/net/ipv4/conf/*/send_redirects w,

--- a/profiles/apparmor.d/ospf6d
+++ b/profiles/apparmor.d/ospf6d
@ -21,7 +21,7 @@ profile ospf6d /usr/lib/frr/ospf6d flags=(attach_disconnected) {
  capability net_raw,
  capability sys_admin,

-  /usr/lib/frr/ospf6d mr,
+  @{exec_path} mr,

  @{run}/netns/* r,

--- a/profiles/apparmor.d/ospfd
+++ b/profiles/apparmor.d/ospfd
@ -21,7 +21,7 @@ profile ospfd /usr/lib/frr/ospfd flags=(attach_disconnected) {
  capability net_raw,
  capability sys_admin,

-  /usr/lib/frr/ospfd mr,
+  @{exec_path} mr,

  @{run}/netns/* r,

--- a/profiles/apparmor.d/pathd
+++ b/profiles/apparmor.d/pathd
@ -17,7 +17,7 @@ profile pathd /usr/lib/frr/pathd flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/frr>

-  /usr/lib/frr/pathd mr,
+  @{exec_path} mr,

  # Site-specific additions and overrides. See local/README for details.
  include if exists <local/pathd>
--- a/profiles/apparmor.d/pbrd
+++ b/profiles/apparmor.d/pbrd
@ -17,7 +17,7 @@ profile pbrd /usr/lib/frr/pbrd flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/frr>

-  /usr/lib/frr/pbrd mr,
+  @{exec_path} mr,

  # Site-specific additions and overrides. See local/README for details.
  include if exists <local/pbrd>
--- a/profiles/apparmor.d/pim6d
+++ b/profiles/apparmor.d/pim6d
@ -20,7 +20,7 @@ profile pim6d /usr/lib/frr/pim6d flags=(attach_disconnected) {
  capability net_raw,
  capability net_admin,

-  /usr/lib/frr/pim6d mr,
+  @{exec_path} mr,

  # Site-specific additions and overrides. See local/README for details.
  include if exists <local/pim6d>
--- a/profiles/apparmor.d/pimd
+++ b/profiles/apparmor.d/pimd
@ -20,7 +20,7 @@ profile pimd /usr/lib/frr/pimd flags=(attach_disconnected) {
  capability net_raw,
  capability net_admin,

-  /usr/lib/frr/pimd mr,
+  @{exec_path} mr,

  # Site-specific additions and overrides. See local/README for details.
  include if exists <local/pimd>
--- a/profiles/apparmor.d/ripd
+++ b/profiles/apparmor.d/ripd
@ -18,7 +18,7 @@ profile ripd /usr/lib/frr/ripd flags=(attach_disconnected) {
  include <abstractions/frr>
  include <abstractions/frr-snmp>

-  /usr/lib/frr/ripd mr,
+  @{exec_path} mr,

  # Site-specific additions and overrides. See local/README for details.
  include if exists <local/ripd>
--- a/profiles/apparmor.d/ripngd
+++ b/profiles/apparmor.d/ripngd
@ -17,7 +17,7 @@ profile ripngd /usr/lib/frr/ripngd flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/frr>

-  /usr/lib/frr/ripngd mr,
+  @{exec_path} mr,

  # Site-specific additions and overrides. See local/README for details.
  include if exists <local/ripngd>
--- a/profiles/apparmor.d/staticd
+++ b/profiles/apparmor.d/staticd
@ -17,7 +17,7 @@ profile staticd /usr/lib/frr/staticd flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/frr>
 
-  /usr/lib/frr/staticd mr,
+  @{exec_path} mr,

  /etc/frr/zebra.conf r,

--- a/profiles/apparmor.d/tnftp
+++ b/profiles/apparmor.d/tnftp
@ -28,7 +28,7 @@ profile tnftp /usr/bin/tnftp {
  network inet stream,
  network inet6 stream,

-  /usr/bin/tnftp mr,
+  @{exec_path} mr,

  # required for the pager (less, more) to work
  file Cx /usr/bin/dash,
--- a/profiles/apparmor.d/transmission
+++ b/profiles/apparmor.d/transmission
@ -17,7 +17,7 @@ profile transmission-daemon /usr/bin/transmission-daemon flags=(complain,attach_
  network inet  stream,
  network inet6 stream,

-  /usr/bin/transmission-daemon mr,
+  @{exec_path} mr,

  owner @{PROC}/@{pid}/mounts r,
  @{PROC}/sys/kernel/random/uuid r,
@ -44,7 +44,7 @@ profile transmission-cli /usr/bin/transmission-cli flags=(complain) {
  include <abstractions/transmission-common>
  include <abstractions/consoles>

-  /usr/bin/transmission-cli mr,
+  @{exec_path} mr,

  # Site-specific additions and overrides. See local/README for details.
  include if exists <local/transmission>
@ -57,7 +57,7 @@ profile transmission-gtk /usr/bin/transmission-gtk flags=(complain,attach_discon
  include <abstractions/dconf>
  include <abstractions/gnome>

-  /usr/bin/transmission-gtk mr,
+  @{exec_path} mr,

  owner @{run}/user/*/dconf/user w,

@ -76,7 +76,7 @@ profile transmission-qt /usr/bin/transmission-qt flags=(complain) {
  include <abstractions/qt5>
  include <abstractions/qt5-settings-write>

-  /usr/bin/transmission-qt mr,
+  @{exec_path} mr,

  # Site-specific additions and overrides. See local/README for details.
  include if exists <local/transmission>
--- a/profiles/apparmor.d/vrrpd
+++ b/profiles/apparmor.d/vrrpd
@ -17,7 +17,7 @@ profile vrrpd /usr/lib/frr/vrrpd flags=(attach_disconnected) {
  include <abstractions/base>
  include <abstractions/frr>

-  /usr/lib/frr/vrrpd mr,
+  @{exec_path} mr,
  # Site-specific additions and overrides. See local/README for details.
  include if exists <local/vrrpd>
 }
--- a/profiles/apparmor.d/wpa_supplicant
+++ b/profiles/apparmor.d/wpa_supplicant
@ -113,7 +113,7 @@ profile wpa_supplicant /usr/sbin/wpa_supplicant {
        member={ReleaseName,RequestName}
        peer=(name=org.freedesktop.DBus),

-  /usr/sbin/wpa_supplicant mr,
+  @{exec_path} mr,

  owner /dev/rfkill r,
  owner /etc/group r,
--- a/profiles/apparmor.d/zgrep
+++ b/profiles/apparmor.d/zgrep
@ -34,7 +34,7 @@ profile zgrep /usr/bin/{x,}zgrep {
  /usr/bin/zgrep Cx -> helper,
  /usr/bin/zstd Cx -> helper,
  owner /tmp/zgrep* rw,
-  /usr/bin/{x,}zgrep r,
+  @{exec_path} r,

  deny /etc/nsswitch.conf r,
  deny /etc/passwd r,
--- a/profiles/apparmor.d/znc
+++ b/profiles/apparmor.d/znc
@ -13,7 +13,7 @@ profile znc /usr/bin/znc {

  network tcp,

-  /usr/bin/znc mr,
+  @{exec_path} mr,

  @{system_share_dirs}/znc/** r,

--- a/profiles/apparmor/profiles/extras/firefox
+++ b/profiles/apparmor/profiles/extras/firefox
@ -110,7 +110,7 @@ profile firefox @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} {
       member=GetAll
       peer=(label=unconfined),

-  @{MOZ_LIBDIR}/@{MOZ_APP_NAME}{,*[^s][^h]} mr,
+  @{exec_path} mr,

  # should maybe be in abstractions
  /etc/ r,
--- a/profiles/apparmor/profiles/extras/usr.bin.acroread
+++ b/profiles/apparmor/profiles/extras/usr.bin.acroread
@ -26,7 +26,7 @@ include <tunables/global>

  capability dac_override,

-  /usr/X11R6/bin/acroread mr,
+  @{exec_path} mr,

  /{usr/,}bin/basename mixr,
  /{usr/,}bin/bash mix,
--- a/profiles/apparmor/profiles/extras/usr.bin.svnserve
+++ b/profiles/apparmor/profiles/extras/usr.bin.svnserve
@ -19,7 +19,7 @@ include <tunables/global>
  # network service ;)
  capability net_bind_service,

-  /usr/bin/svnserve mr,
+  @{exec_path} mr,

  /srv/svn/*/conf/* r,
  /srv/svn/*/format r,
--- a/profiles/apparmor/profiles/extras/usr.lib.RealPlayer10.realplay
+++ b/profiles/apparmor/profiles/extras/usr.lib.RealPlayer10.realplay
@ -41,7 +41,7 @@ include <tunables/global>
  @{HOME}/ r,
  @{HOME}/.realplayerrc rw,

-  /usr/lib/RealPlayer10/realplay mr,
+  @{exec_path} mr,
  /usr/lib/RealPlayer10/** mr,
  /usr/lib/RealPlayer10/realplay.bin Pxr,
  /usr/lib/firefox/firefox.sh Pxr,
--- a/profiles/apparmor/profiles/extras/usr.lib.evolution-data-server.evolution-data-server-1.10
+++ b/profiles/apparmor/profiles/extras/usr.lib.evolution-data-server.evolution-data-server-1.10
@ -33,7 +33,7 @@ include <tunables/global>
  /usr/lib/GConf/**.so mr,
  /usr/lib/GConf/2/gconfd-2 Pxr,
  /usr/lib64/GConf/2/gconfd-2 Pxr,
-  /usr/lib/evolution-data-server/evolution-data-server-1.10 mr,
+  @{exec_path} mr,
  /usr/lib/evolution-data-server/evolution-data-server-* rmix,
  /usr/lib/evolution-data-server*/extensions r,
  /usr/lib/evolution-data-server*/extensions/lib*.so r,
--- a/profiles/apparmor/profiles/extras/usr.sbin.in.fingerd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.in.fingerd
@ -19,7 +19,7 @@ include <tunables/global>
  @{HOME}/.plan          r,
  @{HOME}/.project       r,

-  /usr/sbin/in.fingerd mr,
+  @{exec_path} mr,

  /usr/bin/finger        mix,
  /var/log/lastlog       r,
--- a/profiles/apparmor/profiles/extras/usr.sbin.oidentd
+++ b/profiles/apparmor/profiles/extras/usr.sbin.oidentd
@ -21,7 +21,7 @@ include <tunables/global>
  capability dac_override,
  capability dac_read_search,

-  /usr/sbin/oidentd mr,
+  @{exec_path} mr,

  /etc/oidentd.conf        r,
  /etc/oidentd_masq.conf   r,