Description: remove /{,var/}run, /{var/,}run and {var/run,run} alternations in
favor of /run. This migration happened corss-distribution in late 2011 when the
compatibility symlink for /var/run -> /run was introduced.References: https://lists.ubuntu.com/archives/apparmor/2017-April/010724.html Signed-Off-By: Jamie Strandboge <[email protected]> -- Jamie Strandboge | http://www.canonical.com
Description: remove /{,var/}run, /{var/,}run and {var/run,run} alternations in
favor of /run. This migration happened corss-distribution in late 2011 when the
compatibility symlink for /var/run -> /run was introduced.
References: https://lists.ubuntu.com/archives/apparmor/2017-April/010724.html
=== modified file 'profiles/apparmor.d/abstractions/X'
--- profiles/apparmor.d/abstractions/X 2016-12-02 00:03:37 +0000
+++ profiles/apparmor.d/abstractions/X 2017-09-15 13:02:48 +0000
@@ -17,11 +17,11 @@
# .Xauthority files required for X connections, per user
owner @{HOME}/.Xauthority r,
- owner /{,var/}run/gdm{,3}/*/database r,
- owner /{,var/}run/lightdm/authority/[0-9]* r,
- owner /{,var/}run/lightdm/*/xauthority r,
- owner /{,var/}run/user/*/gdm/Xauthority r,
- owner /{,var/}run/user/*/X11/Xauthority r,
+ owner /run/gdm{,3}/*/database r,
+ owner /run/lightdm/authority/[0-9]* r,
+ owner /run/lightdm/*/xauthority r,
+ owner /run/user/*/gdm/Xauthority r,
+ owner /run/user/*/X11/Xauthority r,
# the unix socket to use to connect to the display
/tmp/.X11-unix/* rw,
=== modified file 'profiles/apparmor.d/abstractions/audio'
--- profiles/apparmor.d/abstractions/audio 2014-09-10 22:40:43 +0000
+++ profiles/apparmor.d/abstractions/audio 2017-09-15 13:02:48 +0000
@@ -55,8 +55,8 @@
owner @{HOME}/.pulse-cookie rwk,
owner @{HOME}/.pulse/ rw,
owner @{HOME}/.pulse/* rwk,
-owner /{,var/}run/user/*/pulse/ rw,
-owner /{,var/}run/user/*/pulse/{native,pid} rwk,
+owner /run/user/*/pulse/ rw,
+owner /run/user/*/pulse/{native,pid} rwk,
owner @{HOME}/.config/pulse/cookie rwk,
owner /tmp/pulse-*/ rw,
owner /tmp/pulse-*/* rw,
=== modified file 'profiles/apparmor.d/abstractions/cups-client'
--- profiles/apparmor.d/abstractions/cups-client 2013-12-20 07:19:40 +0000
+++ profiles/apparmor.d/abstractions/cups-client 2017-09-15 13:02:48 +0000
@@ -12,7 +12,7 @@
# discoverable system configuration for non-local cupsd
/etc/cups/client.conf r,
# client should be able to talk the local cupsd
- /{,var/}run/cups/cups.sock rw,
+ /run/cups/cups.sock rw,
# client should be able to read user-specified cups configuration
owner @{HOME}/.cups/client.conf r,
owner @{HOME}/.cups/lpoptions r,
=== modified file 'profiles/apparmor.d/abstractions/dbus-strict'
--- profiles/apparmor.d/abstractions/dbus-strict 2014-01-10 21:34:45 +0000
+++ profiles/apparmor.d/abstractions/dbus-strict 2017-09-15 13:02:48 +0000
@@ -9,7 +9,7 @@
#
# ------------------------------------------------------------------
- /{,var/}run/dbus/system_bus_socket rw,
+ /run/dbus/system_bus_socket rw,
dbus send
bus=system
=== modified file 'profiles/apparmor.d/abstractions/dconf'
--- profiles/apparmor.d/abstractions/dconf 2015-07-19 13:42:54 +0000
+++ profiles/apparmor.d/abstractions/dconf 2017-09-15 13:02:48 +0000
@@ -4,5 +4,5 @@
# be specified in a specific application's profile.
/etc/dconf/** r,
- owner /{,var/}run/user/*/dconf/user r,
+ owner /run/user/*/dconf/user r,
owner @{HOME}/.config/dconf/user r,
=== modified file 'profiles/apparmor.d/abstractions/dovecot-common'
--- profiles/apparmor.d/abstractions/dovecot-common 2014-06-27 19:14:53 +0000
+++ profiles/apparmor.d/abstractions/dovecot-common 2017-09-15 13:08:48 +0000
@@ -16,4 +16,4 @@
# dovecot's master can send us signals
signal receive peer=/usr/sbin/dovecot,
- /{var/,}run/dovecot/config rw,
+ /run/dovecot/config rw,
=== modified file 'profiles/apparmor.d/abstractions/gnome'
--- profiles/apparmor.d/abstractions/gnome 2017-07-03 07:44:43 +0000
+++ profiles/apparmor.d/abstractions/gnome 2017-09-15 13:02:48 +0000
@@ -87,7 +87,7 @@
/usr/share/cups/charmaps/** r,
# holds MIT-MAGIC-COOKIE for gnome
- owner /{,var/}run/gdm/auth*/database r,
+ owner /run/gdm/auth*/database r,
# mime-types
/etc/gnome/defaults.list r,
=== modified file 'profiles/apparmor.d/abstractions/mdns'
--- profiles/apparmor.d/abstractions/mdns 2011-07-14 12:57:57 +0000
+++ profiles/apparmor.d/abstractions/mdns 2017-09-15 13:02:48 +0000
@@ -10,4 +10,4 @@
# mdnsd
/etc/nss_mdns.conf r,
- /{,var/}run/mdnsd w,
+ /run/mdnsd w,
=== modified file 'profiles/apparmor.d/abstractions/mysql'
--- profiles/apparmor.d/abstractions/mysql 2014-04-28 21:07:17 +0000
+++ profiles/apparmor.d/abstractions/mysql 2017-09-15 13:08:48 +0000
@@ -10,6 +10,6 @@
# ------------------------------------------------------------------
/var/lib/mysql{,d}/mysql{,d}.sock rw,
- /{var/,}run/mysql{,d}/mysql{,d}.sock rw,
+ /run/mysql{,d}/mysql{,d}.sock rw,
/usr/share/{mysql,mysql-community-server,mariadb}/charsets/ r,
/usr/share/{mysql,mysql-community-server,mariadb}/charsets/*.xml r,
=== modified file 'profiles/apparmor.d/abstractions/nameservice'
--- profiles/apparmor.d/abstractions/nameservice 2017-08-29 11:31:20 +0000
+++ profiles/apparmor.d/abstractions/nameservice 2017-09-15 13:07:20 +0000
@@ -35,8 +35,8 @@
/etc/resolv.conf r,
# On systems where /etc/resolv.conf is managed programmatically, it is
- # a symlink to /{,var/}run/(whatever program is managing it)/resolv.conf.
- /{,var/}run/{resolvconf,NetworkManager,systemd/resolve,connman}/resolv.conf r,
+ # a symlink to /run/(whatever program is managing it)/resolv.conf.
+ /run/{resolvconf,NetworkManager,systemd/resolve,connman}/resolv.conf r,
/etc/resolvconf/run/resolv.conf r,
/etc/samba/lmhosts r,
@@ -45,12 +45,12 @@
/var/lib/misc/*.db r,
# The Name Service Cache Daemon can cache lookups, sometimes leading
# to vast speed increases when working with network-based lookups.
- /{,var/}run/.nscd_socket rw,
- /{,var/}run/nscd/socket rw,
- /{var/db,var/cache,var/lib,var/run,run}/nscd/{passwd,group,services,hosts} r,
+ /run/.nscd_socket rw,
+ /run/nscd/socket rw,
+ /{var/db,var/cache,var/lib,run}/nscd/{passwd,group,services,hosts} r,
# nscd renames and unlinks files in it's operation that clients will
# have open
- /{,var/}run/nscd/db* rmix,
+ /run/nscd/db* rmix,
# The nss libraries are sometimes used in addition to PAM; make sure
# they are available
@@ -59,7 +59,7 @@
/etc/default/nss r,
# avahi-daemon is used for mdns4 resolution
- /{,var/}run/avahi-daemon/socket rw,
+ /run/avahi-daemon/socket rw,
# libnl-3-200 via libnss-gw-name
@{PROC}/@{pid}/net/psched r,
=== modified file 'profiles/apparmor.d/abstractions/p11-kit'
--- profiles/apparmor.d/abstractions/p11-kit 2013-12-20 07:19:40 +0000
+++ profiles/apparmor.d/abstractions/p11-kit 2017-09-15 13:02:48 +0000
@@ -20,7 +20,7 @@
/usr/share/p11-kit/modules/* r,
# gnome-keyring pkcs11 module
- owner /{,var/}run/user/[0-9]*/keyring*/pkcs11 rw,
+ owner /run/user/[0-9]*/keyring*/pkcs11 rw,
# p11-kit also supports reading user configuration from ~/.pkcs11 depending
# on how /etc/pkcs11/pkcs11.conf is configured. This should generally not be
=== modified file 'profiles/apparmor.d/abstractions/private-files-strict'
--- profiles/apparmor.d/abstractions/private-files-strict 2013-12-20 07:19:40 +0000
+++ profiles/apparmor.d/abstractions/private-files-strict 2017-09-15 13:02:48 +0000
@@ -10,7 +10,7 @@
audit deny @{HOME}/.gnome2_private/** mrwkl,
audit deny @{HOME}/.gnome2/keyrings/** mrwkl,
# don't allow access to any gnome-keyring modules
- audit deny /{,var/}run/user/[0-9]*/keyring** mrwkl,
+ audit deny /run/user/[0-9]*/keyring** mrwkl,
audit deny @{HOME}/.mozilla/** mrwkl,
audit deny @{HOME}/.config/chromium/** mrwkl,
audit deny @{HOME}/.{,mozilla-}thunderbird/** mrwkl,
=== modified file 'profiles/apparmor.d/abstractions/samba'
--- profiles/apparmor.d/abstractions/samba 2017-08-29 11:31:20 +0000
+++ profiles/apparmor.d/abstractions/samba 2017-09-15 13:02:48 +0000
@@ -20,8 +20,8 @@
/var/log/samba/cores/ rw,
/var/log/samba/cores/** rw,
/var/log/samba/log.* w,
- /{,var/}run/samba/ w,
- /{,var/}run/samba/*.tdb rw,
+ /run/samba/ w,
+ /run/samba/*.tdb rw,
# required for clustering
/var/lib/ctdb/** rwk,
=== modified file 'profiles/apparmor.d/abstractions/ubuntu-browsers.d/java'
--- profiles/apparmor.d/abstractions/ubuntu-browsers.d/java 2014-10-09 19:56:34 +0000
+++ profiles/apparmor.d/abstractions/ubuntu-browsers.d/java 2017-09-15 13:02:48 +0000
@@ -12,8 +12,8 @@
/usr/lib/jvm/java-*-sun-1.*/jre/bin/java{,_vm} cx -> browser_java,
/usr/lib/jvm/java-*-sun-1.*/jre/lib/*/libnp*.so cx -> browser_java,
/usr/lib/j2*-ibm/jre/bin/java cx -> browser_java,
- owner /{,var/}run/user/*/icedteaplugin-*/ rw,
- owner /{,var/}run/user/*/icedteaplugin-*/** rwk,
+ owner /run/user/*/icedteaplugin-*/ rw,
+ owner /run/user/*/icedteaplugin-*/** rwk,
# Profile for the supported OpenJDK in Ubuntu. This doesn't require the
# unfortunate workarounds of the proprietary Javas, so have a separate
=== modified file 'profiles/apparmor.d/abstractions/ubuntu-konsole'
--- profiles/apparmor.d/abstractions/ubuntu-konsole 2013-01-02 23:34:38 +0000
+++ profiles/apparmor.d/abstractions/ubuntu-konsole 2017-09-15 13:02:48 +0000
@@ -9,7 +9,7 @@
@{PROC}/@{pid}/status r,
@{PROC}/@{pid}/stat r,
@{PROC}/@{pid}/cmdline r,
- /{,var/}run/utmp r,
+ /run/utmp r,
/dev/ptmx rw,
# do not use ux or Ux here. Use at a minimum ix
=== modified file 'profiles/apparmor.d/abstractions/ubuntu-xterm'
--- profiles/apparmor.d/abstractions/ubuntu-xterm 2011-07-14 12:57:57 +0000
+++ profiles/apparmor.d/abstractions/ubuntu-xterm 2017-09-15 13:02:48 +0000
@@ -5,7 +5,7 @@
#include <abstractions/consoles>
/dev/ptmx rw,
- /{,var/}run/utmp r,
+ /run/utmp r,
/etc/X11/app-defaults/XTerm r,
# do not use ux or Ux here. Use at a minimum ix
=== modified file 'profiles/apparmor.d/abstractions/wayland'
--- profiles/apparmor.d/abstractions/wayland 2017-08-05 13:47:27 +0000
+++ profiles/apparmor.d/abstractions/wayland 2017-09-15 13:06:50 +0000
@@ -9,6 +9,6 @@
#
# ------------------------------------------------------------------
- owner /var/run/user/*/weston-shared-* rw,
+ owner /run/user/*/weston-shared-* rw,
owner /run/user/*/wayland-[0-9]* rw,
owner /run/user/*/{mesa,mutter,sdl,wayland-cursor,weston,xwayland}-shared-* rw,
=== modified file 'profiles/apparmor.d/abstractions/wutmp'
--- profiles/apparmor.d/abstractions/wutmp 2011-08-16 10:26:44 +0000
+++ profiles/apparmor.d/abstractions/wutmp 2017-09-15 13:02:48 +0000
@@ -13,4 +13,4 @@
# connection information
/var/log/lastlog rwk,
/var/log/wtmp wk,
- /{,var/}run/utmp rwk,
+ /run/utmp rwk,
=== modified file 'profiles/apparmor.d/apache2.d/phpsysinfo'
--- profiles/apparmor.d/apache2.d/phpsysinfo 2015-10-20 21:12:35 +0000
+++ profiles/apparmor.d/apache2.d/phpsysinfo 2017-09-15 13:02:48 +0000
@@ -43,6 +43,6 @@
/var/lib/{misc,usbutils}/usb.ids r,
/var/log/apache2/access.log w,
/var/log/apache2/error.log w,
- /{,var/}run/utmp rk,
+ /run/utmp rk,
/usr/share/misc/pci.ids r,
}
=== modified file 'profiles/apparmor.d/sbin.klogd'
--- profiles/apparmor.d/sbin.klogd 2015-03-07 20:16:11 +0000
+++ profiles/apparmor.d/sbin.klogd 2017-09-15 13:02:48 +0000
@@ -26,9 +26,9 @@
/{usr/,}sbin/klogd rmix,
/var/log/boot.msg rwl,
- /{,var/}run/klogd.pid krwl,
- /{,var/}run/klogd/klogd.pid krwl,
- /{,var/}run/klogd/kmsg r,
+ /run/klogd.pid krwl,
+ /run/klogd/klogd.pid krwl,
+ /run/klogd/kmsg r,
# Site-specific additions and overrides. See local/README for details.
#include <local/sbin.klogd>
=== modified file 'profiles/apparmor.d/sbin.syslog-ng'
--- profiles/apparmor.d/sbin.syslog-ng 2016-10-13 18:29:17 +0000
+++ profiles/apparmor.d/sbin.syslog-ng 2017-09-15 13:08:05 +0000
@@ -53,13 +53,13 @@
@{CHROOT_BASE}/var/lib/*/dev/log w,
@{CHROOT_BASE}/var/lib/syslog-ng/syslog-ng.persist* rw,
@{CHROOT_BASE}/var/log/** w,
- @{CHROOT_BASE}/{,var/}run/syslog-ng.pid krw,
- @{CHROOT_BASE}/{,var/}run/syslog-ng.ctl rw,
- /{var,var/run,run}/log/journal/ r,
- /{var,var/run,run}/log/journal/*/ r,
- /{var,var/run,run}/log/journal/*/*.journal r,
- /{var/,}run/syslog-ng.ctl a,
- /{var/,}run/syslog-ng/additional-log-sockets.conf r,
+ @{CHROOT_BASE}/run/syslog-ng.pid krw,
+ @{CHROOT_BASE}/run/syslog-ng.ctl rw,
+ /{var,run}/log/journal/ r,
+ /{var,run}/log/journal/*/ r,
+ /{var,run}/log/journal/*/*.journal r,
+ /run/syslog-ng.ctl a,
+ /run/syslog-ng/additional-log-sockets.conf r,
# Site-specific additions and overrides. See local/README for details.
#include <local/sbin.syslog-ng>
=== modified file 'profiles/apparmor.d/sbin.syslogd'
--- profiles/apparmor.d/sbin.syslogd 2015-03-07 20:16:11 +0000
+++ profiles/apparmor.d/sbin.syslogd 2017-09-15 13:02:48 +0000
@@ -34,8 +34,8 @@
/etc/syslog.conf r,
/{usr/,}sbin/syslogd rmix,
/var/log/** rw,
- /{,var/}run/syslogd.pid krwl,
- /{,var/}run/utmp rw,
+ /run/syslogd.pid krwl,
+ /run/utmp rw,
/var/spool/compaq/nic/messages_fifo rw,
# Site-specific additions and overrides. See local/README for details.
=== modified file 'profiles/apparmor.d/usr.lib.dovecot.auth'
--- profiles/apparmor.d/usr.lib.dovecot.auth 2017-01-26 20:41:38 +0000
+++ profiles/apparmor.d/usr.lib.dovecot.auth 2017-09-15 13:08:48 +0000
@@ -40,9 +40,9 @@
/run/dovecot/auth-master rw,
/run/dovecot/auth-worker rw,
/run/dovecot/login/login rw,
- /{var/,}run/dovecot/auth-token-secret.dat{,.tmp} rw,
- /{var/,}run/dovecot/stats-user rw,
- /{var/,}run/dovecot/anvil-auth-penalty rw,
+ /run/dovecot/auth-token-secret.dat{,.tmp} rw,
+ /run/dovecot/stats-user rw,
+ /run/dovecot/anvil-auth-penalty rw,
/var/spool/postfix/private/auth w,
=== modified file 'profiles/apparmor.d/usr.lib.dovecot.dovecot-auth'
--- profiles/apparmor.d/usr.lib.dovecot.dovecot-auth 2014-06-27 19:14:53 +0000
+++ profiles/apparmor.d/usr.lib.dovecot.dovecot-auth 2017-09-15 13:02:48 +0000
@@ -24,7 +24,7 @@
@{PROC}/@{pid}/mounts r,
/usr/lib/dovecot/dovecot-auth mr,
- /{,var/}run/dovecot/** rw,
+ /run/dovecot/** rw,
# required for postfix+dovecot integration
/var/spool/postfix/private/dovecot-auth w,
=== modified file 'profiles/apparmor.d/usr.lib.dovecot.dovecot-lda'
--- profiles/apparmor.d/usr.lib.dovecot.dovecot-lda 2017-04-06 22:12:53 +0000
+++ profiles/apparmor.d/usr.lib.dovecot.dovecot-lda 2017-09-15 13:08:48 +0000
@@ -25,7 +25,7 @@
/etc/dovecot/** r,
/proc/*/mounts r,
owner /tmp/dovecot.lda.* rw,
- /{var/,}run/dovecot/mounts r,
+ /run/dovecot/mounts r,
/run/dovecot/auth-userdb rw,
/usr/bin/doveconf mrix,
/usr/lib/dovecot/dovecot-lda mrix,
@@ -76,9 +76,9 @@
/usr/sbin/sendmail mrix,
/usr/sbin/sendmail.postfix mrix,
/usr/sbin/sendmail.sendmail mrix,
- /{var/,}run/sendmail.pid rwl,
- /{var/,}run/sm-client.pid rwl,
- /{var/,}run/utmp rw,
+ /run/sendmail.pid rwl,
+ /run/sm-client.pid rwl,
+ /run/utmp rw,
/var/spool/clientmqueue/* rwl,
/var/spool/mail/* rwl,
/var/spool/mqueue/* rwl,
=== modified file 'profiles/apparmor.d/usr.lib.dovecot.imap'
--- profiles/apparmor.d/usr.lib.dovecot.imap 2017-01-26 20:41:38 +0000
+++ profiles/apparmor.d/usr.lib.dovecot.imap 2017-09-15 13:02:48 +0000
@@ -36,8 +36,8 @@
/usr/lib/dovecot/imap mrix,
/usr/share/dovecot/** r,
/run/dovecot/login/imap rw,
- /{,var/}run/dovecot/auth-master rw,
- /{,var/}run/dovecot/mounts r,
+ /run/dovecot/auth-master rw,
+ /run/dovecot/mounts r,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.lib.dovecot.imap>
=== modified file 'profiles/apparmor.d/usr.lib.dovecot.imap-login'
--- profiles/apparmor.d/usr.lib.dovecot.imap-login 2017-01-26 20:41:38 +0000
+++ profiles/apparmor.d/usr.lib.dovecot.imap-login 2017-09-15 13:02:48 +0000
@@ -25,9 +25,9 @@
network unix stream,
/usr/lib/dovecot/imap-login mr,
- /{,var/}run/dovecot/anvil rw,
- /{,var/}run/dovecot/login/ r,
- /{,var/}run/dovecot/login/* rw,
+ /run/dovecot/anvil rw,
+ /run/dovecot/login/ r,
+ /run/dovecot/login/* rw,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.lib.dovecot.imap-login>
=== modified file 'profiles/apparmor.d/usr.lib.dovecot.lmtp'
--- profiles/apparmor.d/usr.lib.dovecot.lmtp 2016-10-05 18:46:03 +0000
+++ profiles/apparmor.d/usr.lib.dovecot.lmtp 2017-09-15 13:08:48 +0000
@@ -30,7 +30,7 @@
/proc/*/mounts r,
/tmp/dovecot.lmtp.* rw,
/usr/lib/dovecot/lmtp mr,
- /{var/,}run/dovecot/mounts r,
+ /run/dovecot/mounts r,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.lib.dovecot.lmtp>
=== modified file 'profiles/apparmor.d/usr.lib.dovecot.managesieve-login'
--- profiles/apparmor.d/usr.lib.dovecot.managesieve-login 2014-07-07 21:35:18 +0000
+++ profiles/apparmor.d/usr.lib.dovecot.managesieve-login 2017-09-15 13:02:48 +0000
@@ -27,8 +27,8 @@
network inet6 stream,
/usr/lib/dovecot/managesieve-login mr,
- /{,var/}run/dovecot/login/ r,
- /{,var/}run/dovecot/login/* rw,
+ /run/dovecot/login/ r,
+ /run/dovecot/login/* rw,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.lib.dovecot.managesieve-login>
=== modified file 'profiles/apparmor.d/usr.lib.dovecot.pop3-login'
--- profiles/apparmor.d/usr.lib.dovecot.pop3-login 2014-06-27 19:14:53 +0000
+++ profiles/apparmor.d/usr.lib.dovecot.pop3-login 2017-09-15 13:02:48 +0000
@@ -23,8 +23,8 @@
capability sys_chroot,
/usr/lib/dovecot/pop3-login mr,
- /{,var/}run/dovecot/login/ r,
- /{,var/}run/dovecot/login/* rw,
+ /run/dovecot/login/ r,
+ /run/dovecot/login/* rw,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.lib.dovecot.pop3-login>
=== modified file 'profiles/apparmor.d/usr.sbin.avahi-daemon'
--- profiles/apparmor.d/usr.sbin.avahi-daemon 2015-07-24 20:03:30 +0000
+++ profiles/apparmor.d/usr.sbin.avahi-daemon 2017-09-15 13:02:48 +0000
@@ -23,10 +23,10 @@
/usr/sbin/avahi-daemon mr,
/usr/share/avahi/introspection/*.introspect r,
/usr/share/dbus-1/interfaces/org.freedesktop.Avahi.*.xml r,
- /{,var/}run/avahi-daemon/ w,
- /{,var/}run/avahi-daemon/pid krw,
- /{,var/}run/avahi-daemon/socket w,
- /{,var/}run/systemd/notify w,
+ /run/avahi-daemon/ w,
+ /run/avahi-daemon/pid krw,
+ /run/avahi-daemon/socket w,
+ /run/systemd/notify w,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.sbin.avahi-daemon>
=== modified file 'profiles/apparmor.d/usr.sbin.dnsmasq'
--- profiles/apparmor.d/usr.sbin.dnsmasq 2016-11-06 09:48:34 +0000
+++ profiles/apparmor.d/usr.sbin.dnsmasq 2017-09-15 13:02:48 +0000
@@ -42,10 +42,10 @@
/usr/sbin/dnsmasq mr,
- /{,var/}run/*dnsmasq*.pid w,
- /{,var/}run/dnsmasq-forwarders.conf r,
- /{,var/}run/dnsmasq/ r,
- /{,var/}run/dnsmasq/* rw,
+ /run/*dnsmasq*.pid w,
+ /run/dnsmasq-forwarders.conf r,
+ /run/dnsmasq/ r,
+ /run/dnsmasq/* rw,
/var/lib/misc/dnsmasq.leases rw, # Required only for DHCP server usage
@@ -64,28 +64,28 @@
/var/lib/libvirt/dnsmasq/* r,
# libvirt pid files for dnsmasq
- /{,var/}run/libvirt/network/ r,
- /{,var/}run/libvirt/network/*.pid rw,
+ /run/libvirt/network/ r,
+ /run/libvirt/network/*.pid rw,
# libvirt lease helper
/usr/lib{,64}/libvirt/libvirt_leaseshelper Cx -> libvirt_leaseshelper,
# lxc-net pid and lease files
- /{,var/}run/lxc/dnsmasq.pid rw,
+ /run/lxc/dnsmasq.pid rw,
/var/lib/misc/dnsmasq.*.leases rw,
# lxd-bridge pid and lease files
- /{,var/}run/lxd-bridge/dnsmasq.pid rw,
+ /run/lxd-bridge/dnsmasq.pid rw,
/var/lib/lxd-bridge/dnsmasq.*.leases rw,
/var/lib/lxd/networks/*/dnsmasq.* r,
/var/lib/lxd/networks/*/dnsmasq.leases rw,
/var/lib/lxd/networks/*/dnsmasq.pid rw,
# NetworkManager integration
- /{,var/}run/nm-dns-dnsmasq.conf r,
- /{,var/}run/sendsigs.omit.d/*dnsmasq.pid w,
- /{,var/}run/NetworkManager/dnsmasq.conf r,
- /{,var/}run/NetworkManager/dnsmasq.pid w,
+ /run/nm-dns-dnsmasq.conf r,
+ /run/sendsigs.omit.d/*dnsmasq.pid w,
+ /run/NetworkManager/dnsmasq.conf r,
+ /run/NetworkManager/dnsmasq.pid w,
profile libvirt_leaseshelper {
#include <abstractions/base>
@@ -105,7 +105,7 @@
/var/lib/libvirt/dnsmasq/*.leases rw,
/var/lib/libvirt/dnsmasq/*.status* rw,
- /{,var/}run/leaseshelper.pid rwk,
+ /run/leaseshelper.pid rwk,
}
# Site-specific additions and overrides. See local/README for details.
=== modified file 'profiles/apparmor.d/usr.sbin.dovecot'
--- profiles/apparmor.d/usr.sbin.dovecot 2017-06-29 20:53:40 +0000
+++ profiles/apparmor.d/usr.sbin.dovecot 2017-09-15 13:02:48 +0000
@@ -58,9 +58,9 @@
/var/lib/dovecot/* rwkl,
/var/spool/postfix/private/auth w,
/var/spool/postfix/private/dovecot-lmtp w,
- /{,var/}run/dovecot/ rw,
- /{,var/}run/dovecot/** rw,
- link /{,var/}run/dovecot/** -> /var/lib/dovecot/**,
+ /run/dovecot/ rw,
+ /run/dovecot/** rw,
+ link /run/dovecot/** -> /var/lib/dovecot/**,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.sbin.dovecot>
=== modified file 'profiles/apparmor.d/usr.sbin.identd'
--- profiles/apparmor.d/usr.sbin.identd 2014-09-03 19:47:33 +0000
+++ profiles/apparmor.d/usr.sbin.identd 2017-09-15 13:02:48 +0000
@@ -23,9 +23,9 @@
/usr/sbin/identd rmix,
@{PROC}/net/tcp r,
@{PROC}/net/tcp6 r,
- /{,var/}run/identd.pid w,
- /{,var/}run/identd/ w,
- /{,var/}run/identd/identd.pid w,
+ /run/identd.pid w,
+ /run/identd/ w,
+ /run/identd/identd.pid w,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.sbin.identd>
=== modified file 'profiles/apparmor.d/usr.sbin.mdnsd'
--- profiles/apparmor.d/usr.sbin.mdnsd 2014-09-03 19:49:50 +0000
+++ profiles/apparmor.d/usr.sbin.mdnsd 2017-09-15 13:02:48 +0000
@@ -28,8 +28,8 @@
@{PROC}/net/ r,
@{PROC}/net/unix r,
- /{,var/}run/mdnsd lw,
- /{,var/}run/mdnsd.pid w,
+ /run/mdnsd lw,
+ /run/mdnsd.pid w,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.sbin.mdnsd>
=== modified file 'profiles/apparmor.d/usr.sbin.nmbd'
--- profiles/apparmor.d/usr.sbin.nmbd 2016-12-13 21:16:00 +0000
+++ profiles/apparmor.d/usr.sbin.nmbd 2017-09-15 13:02:48 +0000
@@ -23,7 +23,7 @@
/var/cache/samba/msg/ rw,
/var/cache/samba/msg/* w,
- /{,var/}run/samba/** rwk,
+ /run/samba/** rwk,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.sbin.nmbd>
=== modified file 'profiles/apparmor.d/usr.sbin.nscd'
--- profiles/apparmor.d/usr.sbin.nscd 2016-12-09 16:49:54 +0000
+++ profiles/apparmor.d/usr.sbin.nscd 2017-09-15 13:08:20 +0000
@@ -24,12 +24,12 @@
/etc/netgroup r,
/etc/nscd.conf r,
/usr/sbin/nscd rmix,
- /{,var/}run/.nscd_socket wl,
- /{,var/}run/nscd/ rw,
- /{,var/}run/nscd/db* rwl,
- /{,var/}run/nscd/socket wl,
- /{var/cache,var/lib,var/run,run}/nscd/{passwd,group,services,hosts,netgroup} rw,
- /{,var/}run/{nscd/,}nscd.pid rwl,
+ /run/.nscd_socket wl,
+ /run/nscd/ rw,
+ /run/nscd/db* rwl,
+ /run/nscd/socket wl,
+ /{var/cache,var/lib,run}/nscd/{passwd,group,services,hosts,netgroup} rw,
+ /run/{nscd/,}nscd.pid rwl,
/var/lib/libvirt/dnsmasq/ r,
/var/lib/libvirt/dnsmasq/*.status r,
/var/log/nscd.log rw,
=== modified file 'profiles/apparmor.d/usr.sbin.ntpd'
--- profiles/apparmor.d/usr.sbin.ntpd 2016-11-14 23:41:53 +0000
+++ profiles/apparmor.d/usr.sbin.ntpd 2017-09-15 13:02:48 +0000
@@ -50,15 +50,15 @@
/var/lib/ntp/etc/* r,
/var/lib/ntp/ntp.drift rw,
/var/lib/ntp/ntp.drift.TEMP rw,
- /var/lib/ntp/{,var/}run/ntp/ntpd.pid w,
+ /var/lib/ntp/run/ntp/ntpd.pid w,
/var/log/ntp w,
/var/log/ntp.log w,
/var/log/ntpstats/loopstats* lrw,
/var/log/ntpstats/peerstats* lrw,
/var/opt/novell/xad/rpc/xadsd rw,
- /{,var/}run/nscd/services r,
- /{,var/}run/ntpd.pid w,
- /{,var/}run/ntp/ntpd.pid w,
+ /run/nscd/services r,
+ /run/ntpd.pid w,
+ /run/ntp/ntpd.pid w,
/var/tmp/ntp* rwl,
@{PROC}/@{pid}/net/if_inet6 r,
=== modified file 'profiles/apparmor.d/usr.sbin.smbd'
--- profiles/apparmor.d/usr.sbin.smbd 2016-04-13 13:24:46 +0000
+++ profiles/apparmor.d/usr.sbin.smbd 2017-09-15 13:02:48 +0000
@@ -42,13 +42,13 @@
/var/{cache,lib}/samba/printing/printers.tdb mrw,
/var/lib/samba/** rwk,
/var/lib/sss/pubconf/kdcinfo.* r,
- /{,var/}run/dbus/system_bus_socket rw,
- /{,var/}run/samba/** rk,
- /{,var/}run/samba/ncalrpc/ rw,
- /{,var/}run/samba/ncalrpc/** rw,
- /{,var/}run/samba/smbd.pid rw,
- /{,var/}run/samba/msg.lock/ rw,
- /{,var/}run/samba/msg.lock/[0-9]* rwk,
+ /run/dbus/system_bus_socket rw,
+ /run/samba/** rk,
+ /run/samba/ncalrpc/ rw,
+ /run/samba/ncalrpc/** rw,
+ /run/samba/smbd.pid rw,
+ /run/samba/msg.lock/ rw,
+ /run/samba/msg.lock/[0-9]* rwk,
/var/spool/samba/** rw,
@{HOMEDIRS}/** lrwk,
=== modified file 'profiles/apparmor.d/usr.sbin.winbindd'
--- profiles/apparmor.d/usr.sbin.winbindd 2017-08-29 11:31:20 +0000
+++ profiles/apparmor.d/usr.sbin.winbindd 2017-09-15 13:08:48 +0000
@@ -28,9 +28,9 @@
/var/cache/krb5rcache/* rw,
/var/cache/samba/*.tdb rwk,
/var/log/samba/log.winbindd rw,
- /{var/,}run/samba/winbindd.pid rwk,
- /{var/,}run/samba/winbindd/ rw,
- /{var/,}run/samba/winbindd/pipe w,
+ /run/samba/winbindd.pid rwk,
+ /run/samba/winbindd/ rw,
+ /run/samba/winbindd/pipe w,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.sbin.winbindd>
signature.asc
Description: This is a digitally signed message part
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
