feat(profile): add new userns rule.

apparmor.d/groups/apps/discord

@@ -29,6 +29,8 @@ profile discord @{exec_path} {
   include <abstractions/thumbnails-cache-read>
   include <abstractions/chromium-common>
 
+  # userns,
+
   signal (send) set=(kill, term) peer=@{profile_name}//lsb_release,
 
   # Needed for Game Activity

apparmor.d/groups/kde/plasmashell

@@ -25,6 +25,8 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
   include <abstractions/recent-documents-write>
   include <abstractions/thumbnails-cache-read>
 
+  # userns,
+
   network inet dgram,
   network inet6 dgram,
   network inet stream,

apparmor.d/groups/systemd/systemd-coredump

@@ -14,6 +14,8 @@ profile systemd-coredump @{exec_path} flags=(attach_disconnected,mediate_deleted
   include <abstractions/openssl>
   include <abstractions/systemd-common>
 
+  # userns,
+
   capability dac_override,
   capability dac_read_search,
   capability net_admin,

apparmor.d/profiles-a-f/element-desktop

@@ -18,6 +18,8 @@ profile element-desktop @{exec_path} {
   include <abstractions/ssl_certs>
   include <abstractions/video>
 
+  # userns,
+
   capability sys_ptrace,
 
   network inet dgram,

apparmor.d/profiles-a-f/flatpak

@@ -17,7 +17,8 @@ profile flatpak @{exec_path} flags=(attach_disconnected,mediate_deleted,complain
   include <abstractions/nameservice-strict>
   include <abstractions/openssl>
   include <abstractions/ssl_certs>
-  include <abstractions/X-strict>
+
+  # userns,
 
   capability dac_override,
   capability dac_read_search,

apparmor.d/profiles-s-z/steam

@@ -20,6 +20,8 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted,complain)
   include <abstractions/nameservice-strict>
   include <abstractions/ssl_certs>
 
+  # userns,
+
   capability sys_ptrace,
 
   network inet dgram,