feat(profile): apply profile guideline on sing-box.

apparmor.d/profiles-s-z/sing-box

@@ -1,4 +1,5 @@
 # apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
 # https://github.com/SagerNet/sing-box
@@ -20,14 +21,17 @@ profile sing-box @{exec_path} {
   network inet dgram,
   network inet6 dgram,
 
-  /proc/meminfo r,
-  /sys/kernel/mm/transparent_hugepage/hpage_pmd_size r,
+  @{exec_path} mr,
 
   @{bin}/tor mrix,
-  @{bin}/sing-box mr,
-  /usr/{,local/}share/sing-box/geoip.db r,
-  /usr/{,local/}share/sing-box/geosite.db r,
 
-  owner /{,usr/local/}etc/sing-box/config.json r,
+  /usr/share/sing-box/* r,
+
+  @{etc_ro}/sing-box/config.json r,
+
   owner @{user_share_dirs}/certmagic/** rw,
+
+  @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,
+  
+  include if exists <local/sing-box>
 }

dists/flags/main.flags

@@ -292,6 +292,7 @@ s3fs complain
 sdcv complain
 sddm attach_disconnected,mediate_deleted,complain
 sftp-server complain
+sing-box complain
 slirp4netns attach_disconnected,complain
 snap complain
 snap-bootstrap complain