Merge branch 'xfce' of github.com:nobody43/apparmor.d into nobody43-xfce

* 'xfce' of github.com:nobody43/apparmor.d:
  xfce, fixes
  Adapt to RO root
  xfce, flags
  xfce, proper abi
  xfce, new profiles
  xfce, updates

apparmor.d/profiles-m-r/nemo

@@ -21,7 +21,12 @@ profile nemo @{exec_path} {
 
   @{exec_path} mr,
 
+  @{open_path} rPx -> child-open,
+
+  @{bin}/gdk-pixbuf-thumbnailer rPx,
+
   /usr/share/nemo/** r,
+  /usr/share/thumbnailers/{,*.thumbnailer} r,
 
   # Full access to user's data
   / r,

apparmor.d/profiles-m-r/remmina

@@ -22,6 +22,7 @@ profile remmina @{exec_path} {
   include <abstractions/bus/org.kde.StatusNotifierWatcher>
   include <abstractions/dconf-write>
   include <abstractions/desktop>
+  include <abstractions/fontconfig-cache-read>
   include <abstractions/ibus>
   include <abstractions/nameservice-strict>
   include <abstractions/ssl_certs>
@@ -30,6 +31,8 @@ profile remmina @{exec_path} {
 
   network inet stream,
   network inet6 stream,
+  network inet dgram,
+  network inet6 dgram,
   network netlink raw,
 
   #aa:dbus own bus=session name=org.remmina.Remmina
@@ -63,6 +66,9 @@ profile remmina @{exec_path} {
 
   owner @{run}/user/@{uid}/keyring/ssh rw,
 
+  @{sys}/devices/system/node/ r,
+  @{sys}/devices/system/node/node@{int}/meminfo r,
+
   include if exists <local/remmina>
 }
 

apparmor.d/profiles-m-r/run-parts

@@ -255,6 +255,8 @@ profile run-parts @{exec_path} {
     @{run}/reboot-required w,
     @{run}/reboot-required.pkgs rw,
 
+    @{sys}/module/compression r,
+
     @{PROC}/devices r,
     @{PROC}/cmdline r,