feat(profiles): general update.

apparmor.d/profiles-m-r/nvtop

@@ -23,8 +23,11 @@ profile nvtop @{exec_path} flags=(attach_disconnected) {
 
   /usr/share/terminfo/x/xterm-256color r,
 
+  owner @{user_config_dirs}/nvtop/{,**} rw,
+
   @{run}/systemd/inhibit/*.ref r,
   @{run}/udev/data/+drm:* r,
+  @{run}/udev/data/+pci* r,
   @{run}/udev/data/c226:[0-9]* r,
   @{run}/udev/data/c236:[0-9]* r,
 

apparmor.d/profiles-m-r/packagekitd

@@ -15,6 +15,7 @@ profile packagekitd @{exec_path} flags=(attach_disconnected) {
   include <abstractions/ssl_certs>
   include if exists <abstractions/apt-common>
 
+  capability net_admin,
   capability sys_nice,
 
   network inet stream,

apparmor.d/profiles-m-r/pacmd

@@ -24,7 +24,11 @@ profile pacmd @{exec_path} {
 
   /app/lib/libzypak*.so* mr,
 
+  owner @{run}/user/@{uid}/pulse rw,
+
   owner @{PROC}/@{pids}/stat r,
 
+  deny @{user_share_dirs}/gvfs-metadata/* r,
+
   include if exists <local/pacmd>
 }

apparmor.d/profiles-m-r/pactl

@@ -31,5 +31,7 @@ profile pactl @{exec_path} {
   owner @{HOME}/.xsession-errors w,
   owner @{HOME}/.anyRemote/anyremote.stdout w,
 
+  deny @{user_share_dirs}/gvfs-metadata/* r,
+
   include if exists <local/pactl>
 }

apparmor.d/profiles-m-r/rngd

@@ -12,6 +12,7 @@ profile rngd @{exec_path} {
   include <abstractions/base>
   include <abstractions/devices-usb>
   include <abstractions/nameservice-strict>
+  include <abstractions/openssl>
 
   @{exec_path} mr,