Novell LINUX ENTERPRISE SERVER 11 - SECURITY Manual page 261

Globbing (or regular expression matching) is when you modify the directory path using
wild cards to include a group of files or subdirectories. File resources can be specified
with a globbing syntax similar to that used by popular shells, such as csh, Bash, and
zsh.
* Substitutes for any number of any characters, except /.
Example: An arbitrary number of file path elements.
** Substitutes for any number of characters, including /.
Example: An arbitrary number of path elements, including entire
directories.
? Substitutes for any single character, except /.
[abc] Substitutes for the single character a, b, or c.
Example: a rule that matches /home[01]/*/.plan allows a
program to access .plan files for users in both /home0 and
/home1.
[a-c] Substitutes for the single character a, b, or c.
{ab,cd} Expands to one rule to match ab and one rule to match cd.
Example: a rule that matches /{usr,www}/pages/** grants
access to Web pages in both /usr/pages and /www/pages.
[ ^a ] Substitutes for any character except a.
21.6.1 Using Variables in Profiles
AppArmor allows to use variables holding paths in profiles. Use global variables to
make your profiles portable and local variables to create shortcuts for paths.
A typical example when global variables come in handy are network scenarios in which
user home directories are mounted in different locations. Instead of rewriting paths to
Profile Components and Syntax 247