Profiles update.

apparmor.d/groups/desktop/xwayland

@@ -32,7 +32,7 @@ profile xwayland @{exec_path} flags=(attach_disconnected) {
 
   @{sys}/bus/pci/devices/ r,
 
-  owner @{PROC}/@{pids}/cmdline r,
+        @{PROC}/@{pids}/cmdline r,
   owner @{PROC}/@{pids}/comm r,
 
   /dev/tty[0-9]* rw,

apparmor.d/groups/gnome/gnome-shell

@@ -144,18 +144,18 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
   @{sys}/devices/pci[0-9]*/**/net/*/statistics/{rx_bytes,tx_bytes} r,
   @{sys}/devices/pci[0-9]*/**/drm/ r,
 
-  owner @{PROC}/@{pid}/attr/current r,
-  owner @{PROC}/@{pid}/cgroup r,
   owner @{PROC}/@{pid}/comm r,
   owner @{PROC}/@{pid}/fd/ r,
   owner @{PROC}/@{pid}/mountinfo r,
   owner @{PROC}/@{pid}/mounts r,
+        @{PROC}/@{pid}/attr/current r,
+        @{PROC}/@{pid}/cgroup r,
+        @{PROC}/@{pid}/net/* r,
         @{PROC}/@{pid}/stat r,
         @{PROC}/@{pid}/task/@{tid}/stat r,
-        @{PROC}/@{pid}/net/* r,
-        @{PROC}/sys/kernel/osrelease r,
         @{PROC}/1/cgroup r,
         @{PROC}/cmdline r,
+        @{PROC}/sys/kernel/osrelease r,
 
   /dev/input/event[0-9]* rw,
 

apparmor.d/groups/gnome/tracker-extract

@@ -11,6 +11,7 @@ profile tracker-extract @{exec_path} {
   include <abstractions/base>
   include <abstractions/fonts>
   include <abstractions/gstreamer>
+  include <abstractions/opencl-nvidia>
   include <abstractions/openssl>
 
   network netlink raw,

apparmor.d/groups/pacman/pacman

@@ -47,8 +47,11 @@ profile pacman @{exec_path} {
   /{usr/,}{s,}bin/ldconfig                rix,
   /{usr/,}bin/{,ba}sh                     rix,
   /{usr/,}bin/cat                         rix,
+  /{usr/,}bin/chgrp                       rix,
+  /{usr/,}bin/chmod                       rix,
   /{usr/,}bin/dot                         rix,
   /{usr/,}bin/env                         rix,
+  /{usr/,}bin/getent                      rix,
   /{usr/,}bin/gettext                     rix,
   /{usr/,}bin/ghc-pkg-*                   rix,
   /{usr/,}bin/grep                        rix,
@@ -63,6 +66,7 @@ profile pacman @{exec_path} {
   /{usr/,}bin/fc-cache                    rPx,
   /{usr/,}bin/gdk-pixbuf-query-loaders    rPx,
   /{usr/,}bin/glib-compile-schemas        rPx,
+  /{usr/,}bin/groupadd                    rPx,
   /{usr/,}bin/gtk-query-immodules-{2,3}.0 rPx,
   /{usr/,}bin/install-info                rPx,
   /{usr/,}bin/journalctl                  rPx,

apparmor.d/groups/systemd/systemd-hostnamed

@@ -17,11 +17,12 @@ profile systemd-hostnamed @{exec_path} {
 
   @{exec_path} mr,
 
-  @{sys}/devices/virtual/dmi/id/product_name r,
-  @{sys}/devices/virtual/dmi/id/sys_vendor r,
-  @{sys}/devices/virtual/dmi/id/board_vendor r,
   @{sys}/devices/virtual/dmi/id/bios_vendor r,
+  @{sys}/devices/virtual/dmi/id/board_vendor r,
   @{sys}/devices/virtual/dmi/id/chassis_type r,
+  @{sys}/devices/virtual/dmi/id/product_name r,
+  @{sys}/devices/virtual/dmi/id/product_version r,
+  @{sys}/devices/virtual/dmi/id/sys_vendor r,
   @{sys}/devices/virtual/dmi/id/uevent r,
 
   @{run}/udev/data/+dmi:id r,

apparmor.d/profiles-m-r/pipewire-pulse

@@ -12,7 +12,8 @@ profile pipewire-pulse @{exec_path} {
   include <abstractions/base>
   include <abstractions/nameservice-strict>
 
-  # Needed for all sound/music apps.
+  capability sys_ptrace,
+
   ptrace (read),
 
   @{exec_path} mr,