Various updates (#201)

apparmor.d/groups/kde/kded5

@@ -115,6 +115,7 @@ profile kded5 @{exec_path} {
   owner @{user_share_dirs}/services5/{,**} r,
 
         @{run}/mount/utab r,
+        @{run}/udev/data/c189:@{int} r,                # for /dev/bus/usb/**
   owner @{run}/user/@{uid}/#@{int} rw,
   owner @{run}/user/@{uid}/gvfs/ r,
   owner @{run}/user/@{uid}/kded5*kioworker.socket rwl,

apparmor.d/groups/kde/plasmashell

@@ -167,7 +167,8 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
 
   @{sys}/bus/ r,
   @{sys}/bus/usb/devices/ r,
-  @{sys}/class/{,*} r,
+  @{sys}/class/{,**} r,
+  @{sys}/devices/platform/** r,
 
   @{sys}/devices/pci[0-9]*/**/name r,
   @{sys}/devices/virtual/thermal/thermal_zone@{int}/hwmon@{int}/ r,

apparmor.d/groups/pacman/pacman

@@ -56,6 +56,7 @@ profile pacman @{exec_path} {
   @{bin}/archlinux-java              rPx,
   @{bin}/bootctl                     rPx,
   @{bin}/cat                         rix,
+  @{bin}/cert-sync                   rPx,
   @{bin}/checkrebuild                rPUx,
   @{bin}/chgrp                       rix,
   @{bin}/chmod                       rix,

apparmor.d/groups/systemd/systemd-binfmt

@@ -30,6 +30,9 @@ profile systemd-binfmt @{exec_path} flags=(attach_disconnected) {
         @{PROC}/sys/kernel/osrelease r,
   owner @{PROC}/@{pid}/stat r,
 
+  /dev/tty@{int} rw,
+  /dev/pts/@{int} rw,
+
   deny /apparmor/.null rw,
 
   include if exists <local/systemd-binfmt>

apparmor.d/profiles-s-z/swapoff

@@ -22,6 +22,8 @@ profile swapoff @{exec_path} {
   # SWAP file common locations
   owner /swapfile rw,
 
+  /dev/pts/@{int} rw,
+
   include if exists <local/swapoff>
 }
 

apparmor.d/profiles-s-z/swapon

@@ -23,5 +23,7 @@ profile swapon @{exec_path} {
 
   @{PROC}/swaps r,
 
+  /dev/pts/@{int} rw,
+
   include if exists <local/swapon>
 }