Minor fixes.

apparmor.d/groups/gnome/gsd-wacom

@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /{usr/,}lib/gsd-wacom
 profile gsd-wacom @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
+  include <abstractions/fontconfig-cache-write>
   include <abstractions/fonts>
   include <abstractions/gtk>
 

apparmor.d/groups/gvfs/gvfsd-trash

@@ -29,5 +29,10 @@ profile gvfsd-trash @{exec_path} {
   owner @{run}/user/[0-9]*/gvfsd/ rw,
   owner @{run}/user/[0-9]*/gvfsd/socket-[a-zA-z0-9]* rw,
 
+  # Can restore all user files
+  owner @{HOME}/{,**} rw,
+  owner /media/*/{,**} rw,
+  owner /mnt/*/{,**} rw,
+
   include if exists <local/gvfsd-trash>
 }

apparmor.d/profiles-a-l/aa-notify

@@ -12,6 +12,8 @@ profile aa-notify @{exec_path} {
   include <abstractions/python>
   include <abstractions/nameservice-strict>
 
+  capability sys_ptrace,
+
   ptrace (read),
 
   @{exec_path} mr,

apparmor.d/profiles-a-l/auditd

@@ -11,6 +11,7 @@ profile auditd @{exec_path} {
   include <abstractions/base>
   include <abstractions/nameservice-strict>
 
+  capability audit_control,
   capability fsetid,
   capability chown,
 

apparmor.d/profiles-a-l/freefall

@@ -16,7 +16,7 @@ profile freefall @{exec_path} {
 
   @{exec_path} mr,
 
-  /dev/freefall r,
+  /dev/freefall rw,
   /dev/sd[a-z] rk,
   /dev/sd[a-z][0-9]* rk,
 

profiles.manifest

@@ -174,7 +174,6 @@ nm-initrd-generator complain
 nm-openvpn-auth-dialog complain
 nm-openvpn-service complain
 nm-openvpn-service-openvpn-helper complain
-notify-send complain
 ntfs-3g complain
 ntfs-3g-probe complain
 obex-folder-listing complain