feat(profile): general update.

apparmor.d/groups/gnome/gdm-session-worker

@@ -86,7 +86,8 @@ profile gdm-session-worker @{exec_path} flags=(attach_disconnected) {
 
   owner @{HOME}/.pam_environment r,
 
-  owner @{run}/user/@{uid}/keyring/control rw,
+  owner @{run}/systemd/seats/seat@{int} r,
+  owner @{run}/user/@{uid}/keyring/control rw, 
 
   @{run}/cockpit/active.motd r,
   @{run}/faillock/[a-zA-z0-9]* rwk,

apparmor.d/groups/gnome/gnome-calculator-search-provider

@@ -21,7 +21,7 @@ profile gnome-calculator-search-provider @{exec_path} {
 
   signal (send) set=kill peer=unconfined,
 
-  @{exec_path} mr,
+  @{exec_path} mrix,
   /{usr/,}bin/[a-z0-9]* rPUx,
 
   /usr/share/glib-2.0/schemas/gschemas.compiled r,

apparmor.d/groups/gvfs/gvfsd-metadata

@@ -16,11 +16,18 @@ profile gvfsd-metadata @{exec_path} {
 
   network netlink raw,
 
+  signal (receive) set=(usr1) peer=pacman,
+
   dbus bus=session path=/org/freedesktop/DBus
        interface=org.freedesktop.DBus
        member={RequestName,ReleaseName}
        peer=(name=org.freedesktop.DBus, label=dbus-daemon),
 
+  dbus receive bus=session
+       interface=org.freedesktop.DBus.Introspectable
+       member=Introspect 
+       peer=(name=:*, label=gnome-shell),
+
   dbus receive bus=session path=/org/gtk/vfs/metadata
        interface=org.freedesktop.DBus.Properties
        member=GetAll

apparmor.d/groups/pacman/pacman

@@ -28,6 +28,7 @@ profile pacman @{exec_path} {
   capability setgid,
   capability setuid,
   capability sys_chroot,
+  capability sys_ptrace,
   capability sys_resource,
 
   network inet stream,
@@ -39,6 +40,8 @@ profile pacman @{exec_path} {
 
   ptrace (read),
 
+  signal (send) set=(usr1) peer=gvfsd,
+
   @{exec_path} mrix,
 
   @{bin}/gpg{,2}      rCx -> gpg,

apparmor.d/profiles-a-f/aa-notify

@@ -36,7 +36,7 @@ profile aa-notify @{exec_path} {
   owner @{HOME}/.inputrc r,
   owner @{HOME}/.terminfo/@{int}/dumb r,
 
-  owner /tmp/[a-z0-9]* rw,
+  owner /tmp/_@{c}@{rand6} rw,
   owner /tmp/apparmor-bugreport-*.txt rw,
 
   @{PROC}/ r,

apparmor.d/profiles-s-z/spice-vdagent

@@ -53,6 +53,11 @@ profile spice-vdagent @{exec_path} {
        member=Embed
        peer=(name=org.a11y.atspi.Registry), # all peer's labels
 
+  dbus receive bus=session path=/
+       interface=org.freedesktop.DBus.Introspectable
+       member=Introspect 
+       peer=(name=:*, label=gnome-shell),
+
   @{exec_path} mr,
 
   /usr/share/pipewire/client-rt.conf r,

apparmor.d/profiles-s-z/vlc

@@ -19,6 +19,7 @@ profile vlc @{exec_path} {
   include <abstractions/fontconfig-cache-read>
   include <abstractions/fonts>
   include <abstractions/freedesktop.org>
+  include <abstractions/gstreamer>
   include <abstractions/gtk>
   include <abstractions/ibus>
   include <abstractions/mesa>
@@ -159,6 +160,8 @@ profile vlc @{exec_path} {
         /dev/shm/#@{int} rw,
         /dev/tty r,
   owner /dev/tty@{int} rw,
+        /dev/snd/ r,
+        /dev/video@{int} rw,
 
   # Silencer
   deny @{lib}/@{multiarch}/vlc/{,**} w,