feat(profile): improve integration with Tumbleweed.

see #576

apparmor.d/groups/systemd/systemd-escape

@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = @{bin}/systemd-escape
 profile systemd-escape @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
   include <abstractions/common/systemd>
 
   @{exec_path} mr,

apparmor.d/groups/systemd/systemd-hwdb

@@ -16,11 +16,11 @@ profile systemd-hwdb @{exec_path} flags=(attach_disconnected,mediate_deleted) {
   @{exec_path} mr,
 
   @{lib}/udev/#@{int} rwl,
-  @{lib}/udev/.#hwdb.bin@{hex} wl -> @{lib}/udev/#@{int},
+  @{lib}/udev/.#hwdb.bin@{hex16} wl -> @{lib}/udev/#@{int},
   @{lib}/udev/hwdb.bin w,
 
-  /etc/udev/.#hwdb.bind* rw,
-  /etc/udev/hwdb.bin rw,
+  /etc/udev/.#hwdb.bin@{hex16} wl ->  /etc/udev/#@{int},
+  /etc/udev/hwdb.bin w,
   /etc/udev/hwdb.d/{,*} r,
 
   owner @{PROC}/@{pid}/stat r,

apparmor.d/groups/systemd/systemd-journald

@@ -64,6 +64,7 @@ profile systemd-journald @{exec_path} {
   @{run}/udev/data/b259:@{int} r,         # Block Extended Major
   @{run}/udev/data/c1:@{int}    r,        # For RAM disk
   @{run}/udev/data/c4:@{int} r,           # For TTY devices
+  @{run}/udev/data/b8:@{int} r,           # for /dev/sd*
   @{run}/udev/data/c10:@{int}   r,        # For non-serial mice, misc features
   @{run}/udev/data/c108:@{int} r,         # For /dev/ppp
   @{run}/udev/data/c18[8-9]:@{int} r,     # USB devices & USB serial converters

apparmor.d/groups/systemd/systemd-sysusers

@@ -19,9 +19,9 @@ profile systemd-sysusers @{exec_path} flags=(attach_disconnected) {
   @{exec_path} mr,
 
   # Config file locations
-  /etc/sysusers.d/*.conf r,
-  @{run}/sysusers.d/*.conf r,
-  /usr/lib/sysusers.d/*.conf r,
+  /etc/sysusers.d/{,*.conf} r,
+  @{run}/sysusers.d/{,*.conf} r,
+  /usr/lib/sysusers.d/{,*.conf} r,
 
   # Where the users can be created,
   /home/{,*} rw,