feat: update profiles.

apparmor.d/profiles-m-r/pass

@@ -82,6 +82,11 @@ profile pass @{exec_path} {
     owner @{HOME}/.fzf/plugin/ r,
     owner @{HOME}/.fzf/plugin/fzf.vim r,
     owner @{HOME}/.viminfo{,.tmp} rw,
+
+    owner @{HOME}/.password-store/ r,
+    owner @{HOME}/@{XDG_PROJECTS_DIR}/**/*-store/ r,
+    owner @{user_config_dirs}/password-store/ r,
+
     owner @{user_cache_dirs}/vim/{,**} rw,
     owner @{user_config_dirs}/vim/{,**} rw,
     /dev/shm/pass.*/{,*} rw,

apparmor.d/profiles-m-r/pkttyagent

@@ -10,6 +10,8 @@ include <tunables/global>
 profile pkttyagent @{exec_path} {
   include <abstractions/base>
 
+  capability sys_nice,
+
   ptrace (read),
   signal (receive),
 

apparmor.d/profiles-m-r/ps

@@ -62,5 +62,7 @@ profile ps @{exec_path} flags=(attach_disconnected) {
   owner /dev/tty[0-9]* rw,
   owner @{HOME}/.xsession-errors w,
 
+  deny @{user_share_dirs}/gvfs-metadata/* r,
+
   include if exists <local/ps>
 }

apparmor.d/profiles-m-r/run-parts

@@ -38,6 +38,9 @@ profile run-parts @{exec_path} {
   /etc/kernel/prerm.d/ r,
   /etc/kernel/prerm.d/dkms                rCx -> kernel-pre-post,
 
+  /etc/molly-guard/run.d/ r,
+  /etc/cron.hourly/ r,
+
   owner /tmp/#[0-9]*[0-9] rw,
 
 
@@ -48,8 +51,9 @@ profile run-parts @{exec_path} {
     /etc/update-motd.d/[0-9]*-[a-z]* r,
 
     /{usr/,}bin/{,ba,da}sh rix,
-    /{usr/,}bin/uname      rix,
     /{usr/,}bin/cat        rix,
+    /{usr/,}bin/tr         rix,
+    /{usr/,}bin/uname      rix,
 
     /usr/share/unattended-upgrades/update-motd-unattended-upgrades rix,