feat(profile): general update.

apparmor.d/groups/virt/cockpit-certificate-helper

@@ -10,6 +10,7 @@ include <tunables/global>
 profile cockpit-certificate-helper @{exec_path} {
   include <abstractions/base>
   include <abstractions/nameservice-strict>
+  include <abstractions/openssl>
 
   @{exec_path} mr,
 
@@ -18,11 +19,13 @@ profile cockpit-certificate-helper @{exec_path} {
   @{bin}/id rix,
   @{bin}/mkdir rix,
   @{bin}/mv rix,
+  @{bin}/openssl rix,
   @{bin}/rm rix,
   @{bin}/sscg rix,
   @{bin}/tr rix,
 
   /etc/machine-id r,
+  /etc/cockpit/ws-certs.d/* w,
 
   owner @{run}/cockpit/certificate-helper/{,**} rw,
 

apparmor.d/groups/virt/cockpit-session

@@ -24,6 +24,8 @@ profile cockpit-session @{exec_path} flags=(attach_disconnected) {
 
   @{exec_path} mr,
 
+  @{bin}/unix_chkpwd rPx,
+
   @{bin}/{,z,ba,da}sh    rix,
   @{bin}/cockpit-bridge  rPx,
   @{lib}/cockpit/cockpit-pcp  rPx,

apparmor.d/groups/virt/libvirtd

@@ -115,7 +115,7 @@ profile libvirtd @{exec_path} flags=(attach_disconnected) {
   @{bin}/virtiofsd                            rux, # TODO: WIP
   @{bin}/virtlogd                             rPx,
 
-  @{shells_path}                rix,
+  @{sh_path}                    rix,
   @{bin}/ip                     rix,
   @{bin}/qemu-img               rUx, # TODO: Integration with virt-aa-helper
   @{bin}/qemu-system*           rUx, # TODO: Integration with virt-aa-helper