feat(profile): general update (2).

apparmor.d/profiles-a-f/adduser

@@ -27,6 +27,7 @@ profile adduser @{exec_path} {
 
   @{bin}/{,ba,da}sh rix,
   @{bin}/find       rix,
+  @{bin}/logger     rix,
   @{bin}/rm         rix,
 
   @{bin}/chage         rPx,

apparmor.d/profiles-a-f/anacron

@@ -14,7 +14,7 @@ profile anacron @{exec_path} {
   @{exec_path} mr,
 
   @{bin}/{,ba,da}sh  rix,
-  @{bin}/run-parts   rPx,
+  @{bin}/run-parts   rCx -> run-parts,
 
   / r,
   /etc/anacrontab r,
@@ -25,5 +25,19 @@ profile anacron @{exec_path} {
 
   /tmp/file* rw,
 
+  profile run-parts {
+    include <abstractions/base>
+
+    @{bin}/run-parts mr,
+
+    /etc/cron.*/     r,
+    /etc/cron.*/* rPUx,
+
+    owner /tmp/#@{int} rw,
+    owner /tmp/file@{rand6} rw,
+
+   include if exists <local/anacron_run_parts>
+  }
+
   include if exists <local/anacron>
 }

apparmor.d/profiles-a-f/apparmor.systemd

@@ -24,7 +24,9 @@ profile apparmor.systemd @{exec_path} flags=(complain) {
   @{bin}/getconf              rix,
   @{bin}/ls                   rix,
   @{bin}/sed                  rix,
+  @{bin}/cat                  rix,
   @{bin}/sort                 rix,
+  @{bin}/sysctl               rix,
   @{bin}/systemd-detect-virt  rPx,
   @{bin}/xargs                rix,
 
@@ -41,6 +43,7 @@ profile apparmor.systemd @{exec_path} flags=(complain) {
   @{PROC}/@{pids}/maps r,
   @{PROC}/@{pids}/mounts r,
   @{PROC}/mounts r,
+  @{PROC}/sys/kernel/apparmor_restrict_unprivileged_userns r,
 
   /dev/tty rw,
 

apparmor.d/profiles-a-f/apparmor_parser

@@ -18,6 +18,7 @@ profile apparmor_parser @{exec_path} flags=(attach_disconnected) {
   @{exec_path} mr,
 
   @{lib_dirs}/snapd/apparmor.d/{,**} r,
+  @{lib_dirs}/snapd/apparmor/{,**} r,
 
   /etc/apparmor.d/{,**} r,
   /etc/apparmor.d/cache.d/{,**} rw,