Small fixes

apparmor.d/abstractions/disks-read

@@ -8,7 +8,7 @@
 
   /dev/ r,
   /dev/block/ r,
-  /dev/disk/*/ r,
+  /dev/disk/{,*/} r,
 
   # Regular disk/partition devices
   /dev/{s,v}d[a-z]* rk,
@@ -37,14 +37,14 @@
 
   # LUKS/LVM (device-mapper) devices
   /dev/dm-[0-9]* rk,
-  /dev/mapper/* r,
+  /dev/mapper/{,*} r,
   @{sys}/devices/virtual/block/dm-[0-9]*/ r,
   @{sys}/devices/virtual/block/dm-[0-9]*/** r,
 
   # ZFS devices
   /dev/zd[0-9]* rk,
-  /dev/zvol/ r,
+  /dev/zvol/{,*/} r,
-  /dev/zvol/*/ r,
+  /dev/*pool/ r,
   @{sys}/devices/virtual/block/zd[0-9]*/ r,
   @{sys}/devices/virtual/block/zd[0-9]*/** r,
 

apparmor.d/groups/virt/cni-loopback

@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path} = /{usr/,}lib/cni/loopback /opt/cni/bin/loopback
-profile cni-loopback @{exec_path} {
+profile cni-loopback @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
 
   @{exec_path} mr,

apparmor.d/groups/virt/containerd

@@ -56,7 +56,7 @@ profile containerd @{exec_path} flags=(attach_disconnected) {
 
   /opt/containerd/{,**} rw,
 
-  /var/lib/cni/results/cni-loopback-@{uuid}-lo l,
+  /var/lib/cni/results/cni-loopback-@{uuid}-lo wl,
   /var/lib/containerd/{,**} rwk,
   /var/lib/containerd/tmpmounts/containerd-mount[0-9]*/** l,
   /var/lib/docker/containerd/{,**} rwk,