feat(profiles): general update.

apparmor.d/groups/gnome/gnome-disk-image-mounter

@@ -13,6 +13,7 @@ profile gnome-disk-image-mounter @{exec_path} {
   include <abstractions/fonts>
   include <abstractions/freedesktop.org>
   include <abstractions/gtk>
+  include <abstractions/X-strict>
 
   @{exec_path} mr,
 

apparmor.d/groups/gvfs/gvfsd-fuse

@@ -60,6 +60,7 @@ profile gvfsd-fuse @{exec_path} {
 
     /dev/fuse rw,
 
+    include if exists <local/gvfsd-fuse_fusermount>
   }
 
   include if exists <local/gvfsd-fuse>

apparmor.d/groups/pacman/aurpublish

@@ -38,7 +38,7 @@ profile aurpublish @{exec_path} {
   @{bin}/mv          rix,
   @{bin}/nproc       rix,
   @{bin}/rm          rix,
-  @{bin}/sha512sum   rix,
+  @{bin}/sha*sum     rix,
   @{bin}/tput        rix,
   @{bin}/wc          rix,
 

apparmor.d/groups/systemd/systemd-journald

@@ -14,8 +14,11 @@ profile systemd-journald @{exec_path} {
   include <abstractions/systemd-common>
 
   capability audit_control,
+  capability audit_read,
+  capability chown,
+  capability dac_override,
   capability dac_read_search,
-  capability kill,
+  capability fowner,
   capability setgid,
   capability setuid,
   capability sys_admin,

apparmor.d/groups/ubuntu/ubuntu-report

@@ -12,6 +12,11 @@ profile ubuntu-report @{exec_path} {
   include <abstractions/nameservice-strict>
   include <abstractions/ssl_certs>
 
+  network inet stream,
+  network inet6 stream,
+  network inet dgram,
+  network inet6 dgram,
+
   @{exec_path} mr,
 
   @{bin}/dpkg  rPx -> child-dpkg,

apparmor.d/groups/virt/containerd-shim-runc-v2

@@ -47,6 +47,7 @@ profile containerd-shim-runc-v2 @{exec_path} flags=(attach_disconnected) {
 
   @{sys}/fs/cgroup/{,**} rw,
   @{sys}/fs/cgroup/kubepods/{,**} rw,
+  @{sys}/kernel/mm/hugepages/ r,
   @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,
 
   @{PROC}/@{pids}/cgroup r,

apparmor.d/profiles-a-f/aa-notify

@@ -36,7 +36,7 @@ profile aa-notify @{exec_path} {
   owner @{HOME}/.inputrc r,
   owner @{HOME}/.terminfo/@{int}/dumb r,
 
-  owner /tmp/_@{c}@{rand6} rw,
+  owner /tmp/*@{rand6} rw,
   owner /tmp/apparmor-bugreport-*.txt rw,
 
   @{PROC}/ r,

apparmor.d/profiles-a-f/cctk

@@ -12,6 +12,7 @@ profile cctk @{exec_path} {
   include <abstractions/consoles>
 
   capability mknod,
+  capability sys_admin,
   capability sys_rawio,
 
   @{exec_path} mr,
@@ -19,6 +20,8 @@ profile cctk @{exec_path} {
   @{lib}/ r,
   /opt/dell/dcc/*.so* mr,
   /opt/dell/srvadmin/{,**} r,
+  /opt/dell/srvadmin/lib64/*.so* rm,
+  /opt/dell/srvadmin/var/lib/openmanage/.ipc/* rwk,
 
   @{sys}/firmware/dmi/tables/DMI r,
   @{sys}/firmware/dmi/tables/smbios_entry_point r,

apparmor.d/profiles-g-l/install-info

@@ -20,6 +20,7 @@ profile install-info @{exec_path} {
 
   /usr/share/info/{,**} r,
   /usr/share/info/dir rw,
+  /usr/share/info/dir-@{rand6} rw,
 
   /dev/tty rw,
 

apparmor.d/profiles-s-z/s3fs

@@ -65,6 +65,8 @@ profile s3fs @{exec_path} {
     @{PROC}/@{pids}/mounts r,
 
     /dev/fuse rw,
+
+    include if exists <local/s3fs_fusermount>
   }
 
   include if exists <local/s3fs>