feat(profiles): small profiles update.

apparmor.d/groups/gnome/gjs-console

@@ -86,10 +86,11 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) {
   /usr/share/icu/{,**} r,
   /usr/share/X11/xkb/** r,
 
-  /var/lib/gdm{3,}/greeter-dconf-defaults r,
-  /var/lib/gdm{3,}/.config/dconf/user r,
+  /var/lib/gdm{3,}/.cache/fontconfig/[a-f0-9]*.cache-?{,.NEW,.LCK,.TMP-*} r,
   /var/lib/gdm{3,}/.cache/gstreamer-1.0/ rw,
   /var/lib/gdm{3,}/.cache/gstreamer-1.0/registry.*.bin{,.tmp*} rw,
+  /var/lib/gdm{3,}/.config/dconf/user r,
+  /var/lib/gdm{3,}/greeter-dconf-defaults r,
 
   /tmp/ r,
   /var/tmp/ r,

apparmor.d/groups/gpg/gpg

@@ -45,6 +45,9 @@ profile gpg @{exec_path} {
   owner /var/lib/*/.gnupg/ rw,
   owner /var/lib/*/.gnupg/** rwkl -> /var/lib/*/.gnupg/**,
 
+  owner /tmp/ostree-gpg-*/ r,
+  owner /tmp/ostree-gpg-*/** rwkl -> /tmp/ostree-gpg-*/**,
+
   owner /tmp/tmp.[a-zA-Z0-9]* rw,
 
   owner @{PROC}/@{pid}/fd/ r,

apparmor.d/groups/grub/grub-mkrelpath

@@ -21,6 +21,11 @@ profile grub-mkrelpath @{exec_path} {
   / r,
   /usr/share/grub/* r,
 
+  /boot/grub/themes/{,**} r,
+
+  /tmp/grub-btrfs.*/@snapshots/[0-9]*/snapshot/boot/ r,
+  /tmp/grub-btrfs.*/ r,
+
   @{PROC}/@{pids}/mountinfo r,
 
   include if exists <local/grub-mkrelpath>

apparmor.d/groups/grub/grub-probe

@@ -25,6 +25,8 @@ profile grub-probe @{exec_path} {
   / r,
   /usr/share/grub/* r,
 
+  /boot/grub/themes/{,**} r,
+
   @{PROC}/@{pids}/mountinfo r,
   @{PROC}/devices r,
   

apparmor.d/groups/network/mullvad-gui

@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path} = /opt/Mullvad*/mullvad-gui
-profile mullvad-gui @{exec_path} {
+profile mullvad-gui @{exec_path} flags=(attach_disconnected)  {
   include <abstractions/base>
   include <abstractions/chromium-common>
   include <abstractions/dconf-write>
@@ -52,9 +52,12 @@ profile mullvad-gui @{exec_path} {
   owner "/tmp/.org.chromium.Chromium.*/Mullvad VPN*.png" rw,
   owner @{run}/user/@{uid}/.mutter-Xwaylandauth.[a-zA-z0-9]* r,
 
+  @{run}/systemd/inhibit/*.ref rw,
+
   @{sys}/bus/pci/devices/ r,
-  @{sys}/devices/virtual/tty/tty[0-9]*/active r,
   @{sys}/devices/pci[0-9]*/**/{vendor,device,class,config,resource,irq} r,
+  @{sys}/devices/system/cpu/** r,
+  @{sys}/devices/virtual/tty/tty[0-9]*/active r,
 
         @{PROC}/ r,
         @{PROC}/sys/fs/inotify/max_user_watches r,

apparmor.d/groups/virt/containerd-shim-runc-v2

@@ -48,6 +48,7 @@ profile containerd-shim-runc-v2 @{exec_path} flags=(attach_disconnected) {
   @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,
 
   @{PROC}/@{pids}/cgroup r,
+  @{PROC}/@{pids}/mountinfo r,
   @{PROC}/@{pids}/oom_score_adj rw,
   @{PROC}/sys/net/core/somaxconn r,
 

apparmor.d/profiles-a-f/augenrules

@@ -23,7 +23,7 @@ profile augenrules @{exec_path} {
   /{usr/,}bin/mktemp    rix,
   /{usr/,}bin/rm        rix,
 
-  /etc/audit/audit.rules r,
+  /etc/audit/audit.rules rw,
   /etc/audit/rules.d/ r,
 
   owner /tmp/aurules.* rw,

apparmor.d/profiles-m-r/os-prober

@@ -52,9 +52,9 @@ profile os-prober @{exec_path} flags=(attach_disconnected) {
 
   @{MOUNTS}/ r,
   / r,
-  /boot/ r,
-  /boot/EFI/ r,
-  /boot/EFI/*/ r,
+  /boot/{efi/,} r,
+  /boot/{efi/,}EFI/ r,
+  /boot/{efi/,}EFI/*/ r,
 
   owner /tmp/os-prober.*/{,**} rw,