klogd, syslog-ng and syslogd moved from /sbin/ to /usr/sbin/ on openSUSE.

Therefore this patch updates the profile to follow the move and makes
sure the profiles are actually used.


Acked-by: Steve Beattie <steve@nxnw.org>

profiles/apparmor.d/sbin.klogd

@@ -11,7 +11,7 @@
 
 #include <tunables/global>
 
-/sbin/klogd {
+profile klogd /{usr/,}sbin/klogd {
   #include <abstractions/base>
 
   capability sys_admin, # for backward compatibility with kernel <= 2.6.37
@@ -24,7 +24,7 @@
   @{PROC}/kallsyms		r,
   /dev/tty		rw,
 
-  /sbin/klogd		rmix,
+  /{usr/,}sbin/klogd		rmix,
   /var/log/boot.msg     rwl,
   /{,var/}run/klogd.pid    krwl,
   /{,var/}run/klogd/klogd.pid krwl,

profiles/apparmor.d/sbin.syslog-ng

@@ -15,7 +15,7 @@
 #define this to be where syslog-ng is chrooted
 @{CHROOT_BASE}=""
 
-/sbin/syslog-ng {
+profile syslog-ng /{usr/,}sbin/syslog-ng {
   #include <abstractions/base>
   #include <abstractions/consoles>
   #include <abstractions/nameservice>
@@ -41,7 +41,7 @@
   @{PROC}/kmsg r,
   /etc/hosts.deny r,
   /etc/hosts.allow r,
-  /sbin/syslog-ng mr,
+  /{usr/,}sbin/syslog-ng mr,
   /sys/devices/system/cpu/online r,
   /usr/share/syslog-ng/** r,
   # chrooted applications

profiles/apparmor.d/sbin.syslogd

@@ -11,7 +11,7 @@
 
 #include <tunables/global>
 
-/sbin/syslogd {
+profile syslogd /{usr/,}sbin/syslogd {
   #include <abstractions/base>
   #include <abstractions/nameservice>
   #include <abstractions/consoles>
@@ -32,7 +32,7 @@
   /dev/tty*                     w,
   /dev/xconsole                 rw,
   /etc/syslog.conf              r,
-  /sbin/syslogd                 rmix,
+  /{usr/,}sbin/syslogd                 rmix,
   /var/log/**                   rw,
   /{,var/}run/syslogd.pid          krwl,
   /{,var/}run/utmp                 rw,