feat(profiles): general update.

apparmor.d/groups/gvfs/gvfsd-dav

@@ -30,5 +30,7 @@ profile gvfsd-dav @{exec_path} {
   owner @{run}/user/@{uid}/gvfsd/ rw,
   owner @{run}/user/@{uid}/gvfsd/socket-[a-zA-z0-9]* rw,
 
+  @{PROC}/sys/net/ipv6/conf/all/disable_ipv6 r,
+
   include if exists <local/gvfsd-dav>
 }

apparmor.d/groups/gvfs/gvfsd-sftp

@@ -18,6 +18,8 @@ profile gvfsd-sftp @{exec_path} {
 
   /{usr/,}bin/ssh  rPx,
 
+  owner @{run}/user/@{uid}/gvfsd-sftp/ rw,
+
   owner @{PROC}/@{pid}/fd/ r,
 
   /dev/ptmx rw,

apparmor.d/groups/systemd/systemd-udevd

@@ -9,7 +9,7 @@ include <tunables/global>
 
 @{exec_path}  = /{usr/,}bin/udevadm
 @{exec_path} += /{usr/,}lib/systemd/systemd-udevd
-profile systemd-udevd @{exec_path} flags=(attach_disconnected complain) {
+profile systemd-udevd @{exec_path} flags=(attach_disconnected,complain) {
   include <abstractions/base>
   include <abstractions/consoles>
   include <abstractions/nameservice-strict>
@@ -60,6 +60,7 @@ profile systemd-udevd @{exec_path} flags=(attach_disconnected complain) {
   /{usr/,}lib/crda/*                      rPUx,
   /{usr/,}lib/gdm-runtime-config           rPx,
   /{usr/,}lib/systemd/systemd-*            rPx,
+  @{libexec}/nfsrahead                    rPUx,
   /{usr/,}lib/udev/*                      rPUx,
   /{usr/,}lib/open-iscsi/net-interface-handler rPUx,
   /usr/share/hplip/config_usb_printer.py  rPUx,

apparmor.d/groups/virt/cockpit-tls

@@ -10,6 +10,7 @@ include <tunables/global>
 profile cockpit-tls @{exec_path} {
   include <abstractions/base>
 
+  network inet stream,
   network inet6 stream,
 
   @{exec_path} mr,