From 1f8507548f55cea1388a947704d609f2d0029397 Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Fri, 29 Mar 2024 19:33:55 +0000
Subject: [PATCH] feat(fsp): update the default profile.

Note: it is still not usable.
---
 apparmor.d/groups/_full/default | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/apparmor.d/groups/_full/default b/apparmor.d/groups/_full/default
index 379653a5..a92304d1 100644
--- a/apparmor.d/groups/_full/default
+++ b/apparmor.d/groups/_full/default
@@ -11,8 +11,7 @@ include <tunables/global>
 @{exec_path} = /**
 profile default @{exec_path} flags=(attach_disconnected,mediate_deleted) {
   include <abstractions/base>
-  include <abstractions/audio>
-  include <abstractions/bash>
+  include <abstractions/audio-client>
   include <abstractions/consoles>
   include <abstractions/dbus-session>
   include <abstractions/dconf-write>
@@ -21,9 +20,9 @@ profile default @{exec_path} flags=(attach_disconnected,mediate_deleted) {
   include <abstractions/graphics>
   include <abstractions/nameservice-strict>
   include <abstractions/p11-kit>
+  include <abstractions/shells>
   include <abstractions/ssl_certs>
   include <abstractions/video>
-  include <abstractions/zsh>
 
   capability dac_override,
   capability dac_read_search,
@@ -77,7 +76,6 @@ profile default @{exec_path} flags=(attach_disconnected,mediate_deleted) {
 
   owner @{run}/user/@{uid}/{,**} rw,
 
-  @{run}/systemd/userdb/ r,
   @{run}/motd.dynamic.new rw,
 
   @{run}/udev/data/+input:input@{int} r,  # for mouse, keyboard, touchpad
@@ -102,7 +100,6 @@ profile default @{exec_path} flags=(attach_disconnected,mediate_deleted) {
 
         @{PROC}/cmdline r,
         @{PROC}/sys/kernel/core_pattern r,
-        @{PROC}/sys/kernel/random/boot_id r,
         @{PROC}/sys/kernel/seccomp/actions_avail r,
         @{PROC}/zoneinfo r,
   owner @{PROC}/@{pid}/cgroup r,