Merge Add a profile for ZNC

Some weirdnesses:
- The Perl abstraction specifies an ix execution mode for Perl, while my impression from the Python abstraction is that we shouldn't be specifying execution modes for the script interpreter in the abstractions. It's probably too late to change that though.
- Tcl apparently doesn't have an abstraction available. Given the way it's embedded into applications like ZNC, I'm assuming that Tcl doesn't have support files the way Python does.

Signed-off-by: Ryan Lee <ryan.lee@canonical.com>

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1376
Approved-by: Georgia Garcia <georgia.garcia@canonical.com>
Merged-by: John Johansen <john@jjmx.net>

profiles/apparmor.d/znc

@@ -0,0 +1,42 @@
+abi <abi/4.0>,
+
+include <tunables/global>
+
+profile znc /usr/bin/znc {
+  include <abstractions/base>
+  include <abstractions/nameservice>
+  include <abstractions/ssl_certs>
+
+  include <abstractions/perl>
+  include <abstractions/python>
+  # It seems that znc embeds a tcl interpreter and that there are no tcl-related abstractions
+
+  network tcp,
+
+  @{system_share_dirs}/znc/** r,
+
+  owner @{HOME}/.znc/ rw,
+  owner @{HOME}/.znc/** r,
+
+  owner @{HOME}/.znc/znc.pid rw,
+
+  owner @{HOME}/.znc/configs/ rw,
+  owner @{HOME}/.znc/configs/znc.conf rwk,
+  # Tilde version is used when the config is updated by ZNC
+  owner @{HOME}/.znc/configs/znc.conf~ rw,
+  owner @{HOME}/.znc/modules/ rw,
+  owner @{HOME}/.znc/modules/* mrw,
+  owner @{HOME}/.znc/moddata/ rw,
+  owner @{HOME}/.znc/moddata/** rw,
+  owner @{HOME}/.znc/users/ rw,
+  owner @{HOME}/.znc/users/** rw,
+
+  # Write perms on znc.pem only needed with --makeconf
+  owner @{HOME}/.znc/znc.pem rw,
+
+  # Python extensions will need to be run through a Python interpreter
+  # The Perl interpreter is already included in the abstractions file
+  /{usr/,}bin/python{3,3.[0-9],3.[1-9][0-9]} rix,
+
+  include if exists <local/znc>
+}