feat(abs): use nss-systemd in nameservice-strict.

apparmor.d/abstractions/nameservice-strict

@@ -6,6 +6,8 @@
 # Many programs wish to perform nameservice-like operations, such as looking up
 # users by name or id, groups by name or id, hosts by name or IP, etc.
 
+  include <abstractions/nss-systemd>
+
   @{etc_ro}/default/nss r,
   @{etc_ro}/gai.conf r,
   @{etc_ro}/group r,
@@ -31,23 +33,6 @@
   @{run}/systemd/resolve/resolv.conf r,
   @{run}/systemd/resolve/stub-resolv.conf r,
 
-  # NSS records from systemd-userdbd.service
-  #
-  # Allow User/Group lookups via common VarLink socket APIs. Applications need
-  # to either consult all of them or the io.systemd.Multiplexer frontend.
-  #
-  #   https://systemd.io/USER_GROUP_API/
-  #   https://systemd.io/USER_RECORD/
-  #   https://www.freedesktop.org/software/systemd/man/nss-systemd.html
-  #
-  @{run}/systemd/userdb/ r,
-  @{run}/systemd/userdb/io.systemd.DynamicUser rw,        # systemd-exec users
-  @{run}/systemd/userdb/io.systemd.Home rw,               # systemd-home dirs
-  @{run}/systemd/userdb/io.systemd.Machine rw,            # systemd-machined
-  @{run}/systemd/userdb/io.systemd.Multiplexer rw,
-  @{run}/systemd/userdb/io.systemd.NameServiceSwitch rw,  # UNIX/glibc NSS
-  @{PROC}/sys/kernel/random/boot_id r,
-
-  include if exists <abstractions/nameservice-strict.d>
+  include if exists <abstractions/nameservice-strict.d> 
 
 # vim:syntax=apparmor