Profile update.

apparmor.d/groups/gnome/gio-launch-desktop

@@ -38,5 +38,7 @@ profile gio-launch-desktop @{exec_path} flags=(attach_disconnected) {
 
   /dev/dri/card[0-9]* rw,
 
+  @{run}/mount/utab r,
+
   include if exists <local/gio-launch-desktop>
 }

apparmor.d/groups/gnome/gnome-shell-hotplug-sniffer

@@ -14,5 +14,8 @@ profile gnome-shell-hotplug-sniffer @{exec_path} {
 
   /usr/share/mime/mime.cache r,
 
+  owner @{MOUNTS}/*/ r,
+  owner @{MOUNTS}/** r,
+
   include if exists <local/gnome-shell-hotplug-sniffer>
 }

apparmor.d/groups/gnome/gsd-color

@@ -23,7 +23,7 @@ profile gsd-color @{exec_path} flags=(attach_disconnected) {
   /usr/share/X11/xkb/** r,
 
   /var/lib/gdm/.local/share/icc/ r,
-  /var/lib/gdm/.local/share/icc/edid-*.icc r,
+  /var/lib/gdm/.local/share/icc/edid-*.icc rw,
 
   owner @{run}/user/@{uid}/gdm/Xauthority r,
 
@@ -34,7 +34,7 @@ profile gsd-color @{exec_path} flags=(attach_disconnected) {
   /var/lib/gdm/.config/dconf/user r,
 
   owner @{user_share_dirs}/icc/ r,
-  owner @{user_share_dirs}/icc/edid-*.icc r,
+  owner @{user_share_dirs}/icc/edid-*.icc rw,
 
   owner /dev/tty[0-9]* rw,
 

apparmor.d/groups/gnome/gsd-power

@@ -9,9 +9,10 @@ include <tunables/global>
 @{exec_path} = /{usr/,}lib/gsd-power
 profile gsd-power @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
-  include <abstractions/nameservice-strict>
+  include <abstractions/audio>
   include <abstractions/fonts>
   include <abstractions/gtk>
+  include <abstractions/nameservice-strict>
 
   network netlink raw,
 
@@ -22,18 +23,12 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) {
   /usr/share/gdm/greeter-dconf-defaults r,
   /usr/share/glib-2.0/schemas/gschemas.compiled r,
   /usr/share/icons/{,**} r,
-  /usr/share/sounds/freedesktop/index.theme r,
-  /usr/share/sounds/freedesktop/stereo/*.oga r,
   /usr/share/X11/xkb/** r,
 
   /etc/machine-id r,
   /var/lib/dbus/machine-id r,
+  /var/lib/gdm/.cache/event-sound-cache.tdb.* rwk,
   /var/lib/gdm/.config/pulse/client.conf r,
-  /etc/pulse/client.conf r,
-
-  owner @{user_cache_dirs}/event-sound-cache.tdb.* rwk,
-  owner @{user_config_dirs}/pulse//client.conf r,
-  owner @{user_config_dirs}/pulse/cookie rk,
 
   include <abstractions/dconf>
   owner @{run}/user/@{uid}/dconf/ rw,
@@ -62,13 +57,11 @@ profile gsd-power @{exec_path} flags=(attach_disconnected) {
 
   @{run}/systemd/inhibit/[0-9]*.ref rw,
 
-  owner @{run}/user/@{uid}/pulse/ r,
   owner @{run}/user/@{uid}/gdm/Xauthority r,
 
   @{PROC}/cmdline r,
 
   owner /dev/tty[0-9]* rw,
-        /dev/shm/ r,
 
   include if exists <local/gsd-power>
 }

apparmor.d/profiles-m-z/xdg-mime

@@ -31,6 +31,8 @@ profile xdg-mime @{exec_path} {
   /{usr/,}bin/mimetype   rPx,
   /{usr/,}bin/xprop      rPx,
 
+  /usr/share/terminfo/x/xterm-256color r,
+
   # When xdg-mime is run as root, it wants to exec dbus-launch, and hence it creates the two
   # following root processes:
   #  dbus-launch --autolaunch e0a30ad97cd6421c85247839ccef9db2 --binary-syntax --close-stderr