Merge initial fusermount3 profile

Initial profile for fusermount3. Feedback welcome 😄

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1514
Approved-by: Georgia Garcia <georgia.garcia@canonical.com>
Merged-by: John Johansen <john@jjmx.net>

profiles/apparmor.d/fusermount3

@@ -0,0 +1,34 @@
+abi <abi/4.0>,
+include <tunables/global>
+
+@{fuse_types} = {fuse,fuse.*,fuseblk,fusectl}
+profile fusermount3 /usr/bin/fusermount3 {
+  include <abstractions/base>
+  include <abstractions/nameservice-strict>
+
+  capability sys_admin,
+  capability dac_read_search,
+
+  mount fstype=@{fuse_types} options=(nosuid,nodev,rw) -> @{HOME}/**/,
+  mount fstype=@{fuse_types} options=(nosuid,nodev,rw) -> /mnt/{,**/},
+  mount fstype=@{fuse_types} options=(nosuid,nodev,rw) -> @{run}/user/@{uid}/*/,
+  mount fstype=@{fuse_types} options=(nosuid,nodev,rw) -> /media/**/,
+  mount fstype=@{fuse_types} options=(nosuid,nodev,rw) -> /tmp/**/,
+ 
+  umount @{HOME}/**/,
+  umount /mnt/{,**/},
+  umount @{run}/user/@{uid}/*/,
+  umount /media/**/,
+  umount /tmp/**/,
+
+  /dev/fuse rw,
+
+  @{etc_ro}/fuse.conf r,
+  @{PROC}/@{pid}/mounts r,
+
+  /usr/bin/fusermount3 mr,
+
+  include if exists <local/fusermount3>
+}
+
+# vim:syntax=apparmor