fix(profile): ensure PAM & systemd-homed compatibility.

see #321

apparmor.d/abstractions/app/sudo

@@ -39,6 +39,7 @@
   @{etc_ro}/sudoers.d/{,*} r,
 
   / r,
+  /etc/machine-id r,
 
   owner /var/lib/sudo/ts/ rw,   
   owner /var/lib/sudo/ts/@{uid} rwk,

apparmor.d/profiles-g-l/groups

@@ -11,14 +11,10 @@ include <tunables/global>
 profile groups @{exec_path} {
   include <abstractions/base>
   include <abstractions/consoles>
+  include <abstractions/nameservice-strict>
 
   @{exec_path} mr,
 
-  /etc/group r,
-  /etc/nsswitch.conf r,
-
-  @{run}/systemd/userdb r,
-
   @{PROC}/sys/kernel/random/boot_id r,
 
   /dev/tty@{int} rw,

apparmor.d/profiles-s-z/unix-chkpwd

@@ -19,6 +19,7 @@ profile unix-chkpwd @{exec_path} {
 
   @{exec_path} mr,
 
+  /etc/machine-id r,
   /etc/shadow r,
 
   # systemd userdb, used in nspawn