feat(profile): general update.

apparmor.d/groups/gnome/gnome-software

@@ -130,6 +130,7 @@ profile gnome-software @{exec_path} {
     owner /tmp/ostree-gpg-*/ r,
     owner /tmp/ostree-gpg-*/** rwkl -> /tmp/ostree-gpg-*/**,
 
+    include if exists <local/gnome-software_gpg>
   }
 
   profile fusermount {
@@ -149,6 +150,7 @@ profile gnome-software @{exec_path} {
 
     /dev/fuse rw,
 
+    include if exists <local/gnome-software_fusermount>
   }
 
   include if exists <local/gnome-software>

apparmor.d/groups/systemd/systemd-generator-cryptsetup

@@ -16,5 +16,9 @@ profile systemd-generator-cryptsetup @{exec_path} flags=(attach_disconnected) {
 
   /etc/crypttab r,
 
+  @{run}/systemd/generator/{,**} rw,
+
+  @{PROC}/@{pid}/cgroup r,
+
   include if exists <local/systemd-generator-cryptsetup>
 }

apparmor.d/groups/systemd/systemd-generator-environment-flatpak

@@ -9,10 +9,13 @@ include <tunables/global>
 @{exec_path} = @{lib}/systemd/system-environment-generators/60-flatpak-system-only
 profile systemd-generator-environment-flatpak @{exec_path} {
   include <abstractions/base>
+  include <abstractions/nameservice-strict>
 
   @{exec_path} mr,
 
   @{bin}/flatpak rix,
 
+  /dev/tty rw,
+
   include if exists <local/systemd-generator-environment-flatpak>
 }

apparmor.d/groups/systemd/systemd-generator-ostree

@@ -12,5 +12,7 @@ profile systemd-generator-ostree @{exec_path} flags=(attach_disconnected) {
 
   @{exec_path} mr,
 
+  @{PROC}/cmdline r,
+
   include if exists <local/systemd-generator-ostree>
 }

apparmor.d/groups/systemd/systemd-udevd

@@ -46,13 +46,16 @@ profile systemd-udevd @{exec_path} flags=(attach_disconnected,complain) {
   @{bin}/dmsetup          rPUx,
   @{bin}/ethtool           rix,
   @{bin}/kmod              rPx,
+  @{bin}/less              rPx -> child-pager,
   @{bin}/ln                rix,
   @{bin}/logger            rix,
   @{bin}/lvm               rPx,
   @{bin}/mknod             rPx,
+  @{bin}/more              rPx -> child-pager,
   @{bin}/multipath         rPx,
   @{bin}/nfsrahead         rix,
   @{bin}/nohup             rix,
+  @{bin}/pager             rPx -> child-pager,
   @{bin}/perl              rix,
   @{bin}/readlink          rix,
   @{bin}/sed               rix,

apparmor.d/profiles-a-f/file-roller

@@ -40,6 +40,9 @@ profile file-roller @{exec_path} {
   @{bin}/zstd          rix,
   @{lib}/p7zip/7z      rix,
 
+  @{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop  rPx -> child-open,
+  @{lib}/gio-launch-desktop                           rPx -> child-open,
+
   /usr/share/themes/{,**} r,
   /usr/share/X11/xkb/{,**} r,
 

apparmor.d/profiles-a-f/flatpak-app

@@ -19,9 +19,9 @@ profile flatpak-app flags=(attach_disconnected,mediate_deleted) {
   network inet6 stream,
   network netlink raw,
 
-  ptrace peer=flatpak-bwrap//&flatpak-app,
+  ptrace peer=flatpak-app//&flatpak-bwrap,
 
-  signal peer=flatpak-bwrap//&flatpak-app,
+  signal peer=flatpak-app//&flatpak-bwrap,
 
   @{bin}/**                       rmix,
   @{lib}/**                       rmix,

apparmor.d/profiles-a-f/flatpak-bwrap

@@ -31,9 +31,9 @@ profile flatpak-bwrap flags=(attach_disconnected,mediate_deleted) {
   pivot_root oldroot=/newroot/ -> /newroot/,
   pivot_root oldroot=/tmp/oldroot/ -> /tmp/,
 
-  ptrace peer=flatpak-bwrap//&flatpak-app,
+  ptrace peer=flatpak-app//&flatpak-bwrap,
 
-  signal peer=flatpak-bwrap//&flatpak-app,
+  signal peer=flatpak-app//&flatpak-bwrap,
 
   @{bin}/**                         rmix,
   @{lib}/**                         rmix,