feat(profiles): general update.

apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome

@@ -20,6 +20,7 @@ profile xdg-desktop-portal-gnome @{exec_path} {
   include <abstractions/freedesktop.org>
   include <abstractions/gtk>
   include <abstractions/mesa>
+  include <abstractions/nvidia>
   include <abstractions/user-download>
   include <abstractions/vulkan>
   include <abstractions/wayland>

apparmor.d/groups/freedesktop/xdg-email

@@ -16,6 +16,7 @@ profile xdg-email @{exec_path} flags=(complain) {
   @{bin}/{,ba,da}sh  rix,
   @{bin}/{,e}grep    rix,
   @{bin}/basename    rix,
+  @{bin}/cut         rix,
   @{bin}/gio         rPx,
   @{bin}/readlink    rix,
   @{bin}/sed         rix,

apparmor.d/groups/gnome/gnome-shell

@@ -590,7 +590,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
   owner @{run}/user/@{uid}/gvfsd/socket-[0-9A-Za-z]* rw,
   owner @{run}/user/@{uid}/snap.snap*/wayland-cursor-shared-* rw,
   owner @{run}/user/@{uid}/systemd/notify rw,
-  owner @{run}/user//@{uid}/wayland-[0-9]* rwk,
+  owner @{run}/user/@{uid}/wayland-[0-9]* rwk,
 
   owner /dev/shm/.org.chromium.Chromium.* rw,
   owner /dev/shm/wayland.mozilla.ipc.[0-9]* rw,

apparmor.d/groups/gnome/gnome-software

@@ -75,7 +75,7 @@ profile gnome-software @{exec_path} {
 
   owner @{HOME}/.var/app/{,**} rw,
 
-  owner @{user_cache_dirs}/flatpak/{,**} rw,
+  owner @{user_cache_dirs}/flatpak/{,**} rwl,
   owner @{user_cache_dirs}/gnome-software/{,**} rw,
 
   owner @{user_config_dirs}/pulse/*.conf r,

apparmor.d/groups/gnome/mutter-x11-frames

@@ -16,10 +16,13 @@ profile mutter-x11-frames @{exec_path} {
   include <abstractions/freedesktop.org>
   include <abstractions/gtk>
   include <abstractions/mesa>
+  include <abstractions/nameservice-strict>
   include <abstractions/vulkan>
   include <abstractions/wayland>
 
   @{exec_path} mr,
 
+  owner @{run}/user/@{uid}/.mutter-Xwaylandauth.[0-9A-Z]* rw,
+
   include if exists <local/mutter-x11-frames>
 }

apparmor.d/groups/network/mullvad-gui

@@ -18,6 +18,7 @@ profile mullvad-gui @{exec_path} flags=(attach_disconnected)  {
   include <abstractions/gtk>
   include <abstractions/mesa>
   include <abstractions/nameservice-strict>
+  include <abstractions/nvidia>
   include <abstractions/vulkan>
 
   capability sys_chroot,

apparmor.d/groups/pacman/pacman

@@ -139,6 +139,7 @@ profile pacman @{exec_path} {
   owner /tmp/checkup-db-[0-9]*/db.lck rw,
 
         @{PROC}/@{pids}/ r,
+        @{PROC}/@{pids}/cgroup r,
         @{PROC}/@{pids}/cmdline r,
         @{PROC}/@{pids}/stat r,
         @{PROC}/1/environ r,

apparmor.d/groups/systemd/systemd-backlight

@@ -31,9 +31,11 @@ profile systemd-backlight @{exec_path} {
   @{sys}/devices/pci[0-9]*/**/backlight/**/{uevent,type} r,
   @{sys}/devices/pci[0-9]*/**/backlight/**/brightness rw,
   @{sys}/devices/pci[0-9]*/**/class r,
+  @{sys}/devices/pci[0-9]*/**/drm/**/ r,
   @{sys}/devices/pci[0-9]*/**/drm/card[0-9]*/**/{max_brightness,actual_brightness} r,
   @{sys}/devices/pci[0-9]*/**/drm/card[0-9]*/**/{uevent,type} r,
   @{sys}/devices/pci[0-9]*/**/drm/card[0-9]*/**/brightness rw,
+  @{sys}/devices/pci[0-9]*/**/i2c-[0-9]*/ r,
   @{sys}/devices/pci[0-9]*/**/uevent r,
 
   @{sys}/devices/platform/**/leds/*backlight*/brightness rw,

apparmor.d/groups/ubuntu/software-properties-gtk

@@ -14,6 +14,7 @@ profile software-properties-gtk @{exec_path} {
   include <abstractions/dbus-strict>
   include <abstractions/dconf-write>
   include <abstractions/fonts>
+  include <abstractions/freedesktop.org>
   include <abstractions/nameservice-strict>
   include <abstractions/openssl>
   include <abstractions/python>
@@ -39,6 +40,7 @@ profile software-properties-gtk @{exec_path} {
 
   @{bin}/ r,
 
+  @{bin}/{,da,ba}sh               rix,
   @{bin}/aplay                    rPx,
   @{bin}/apt-key                  rPx,
   @{bin}/dpkg                     rPx -> child-dpkg,

apparmor.d/groups/virt/libvirtd

@@ -105,6 +105,7 @@ profile libvirtd @{exec_path} flags=(attach_disconnected) {
 
   @{bin}/dmidecode                            rPx,
   @{bin}/dnsmasq                              rPx,
+  @{bin}/kmod                                 rPx,
   @{bin}/lvm                                 rPUx,
   @{bin}/mdevctl                              rPx,
   @{bin}/swtpm                                rPx,
@@ -192,10 +193,13 @@ profile libvirtd @{exec_path} flags=(attach_disconnected) {
   @{run}/udev/data/n[0-9]* r,
 
   @{sys}/bus/[a-z]*/devices/ r,
+  @{sys}/bus/pci/drivers_probe w,
+  @{sys}/bus/pci/drivers/*/unbind w,
   @{sys}/class/[a-z]*/ r,
   @{sys}/devices/**/uevent r,
   @{sys}/devices/pci[0-9]*/**/{class,revision,subsystem_vendor,subsystem_device} r,
   @{sys}/devices/pci[0-9]*/**/{config,numa_node,device,vendor} r,
+  @{sys}/devices/pci[0-9]*/**/driver_override w,
   @{sys}/devices/pci[0-9]*/**/mdev_supported_types/{,**} r,
   @{sys}/devices/pci[0-9]*/**/mdev_supported_types/*/create w,
   @{sys}/devices/pci[0-9]*/**/net/*/{,**} r,

apparmor.d/profiles-a-f/agetty

@@ -30,6 +30,7 @@ profile agetty @{exec_path} {
   /{etc,run,lib,usr/lib}/issue r,
   /{etc,run,lib,usr/lib}/issue.d/{,*} r,
   /etc/inittab r,
+  /etc/login.defs r,
   /etc/os-release r,
 
         @{run}/resolvconf/resolv.conf r,

apparmor.d/profiles-a-f/cupsd

@@ -51,6 +51,7 @@ profile cupsd @{exec_path} flags=(attach_disconnected) {
   @{bin}/chmod               rix,
   @{bin}/cp                  rix,
   @{bin}/grep                rix,
+  @{bin}/gs                  rix,
   @{bin}/gsc                 rix,
   @{bin}/hostname            rix,
   @{bin}/ippfind             rix,

apparmor.d/profiles-m-r/molly-guard

@@ -18,8 +18,8 @@ profile molly-guard @{exec_path} {
   @{exec_path} mr,
 
   @{bin}/{,ba,da}sh  rix,
-  @{bin}/hostname    rix,
   @{bin}/{,e,p}grep  rix,
+  @{bin}/hostname    rix,
   @{bin}/run-parts   rix,
   @{bin}/systemctl   rPx -> child-systemctl,
   @{bin}/tr          rix,