feat(profiles): apply rule from #51.

apparmor.d/profiles-s-z/sudo

@@ -13,6 +13,7 @@ profile sudo @{exec_path} {
   include <abstractions/app-launcher-root>
   include <abstractions/authentication>
   include <abstractions/consoles>
+  include <abstractions/dbus-strict>
   include <abstractions/nameservice-strict>
   include <abstractions/wutmp>
 # include <pam/mappings>
@@ -32,9 +33,13 @@ profile sudo @{exec_path} {
 
   ptrace (read),
 
-  # signal,
   signal (send) set=(cont,hup) peer=su,
 
+  dbus send bus=system path=/org/freedesktop/login[0-9]
+       interface=org.freedesktop.login[0-9].Manager
+       member=CreateSession
+       peer=(name=org.freedesktop.login[0-9]),
+
   @{exec_path} mr,
 
   /run/ r,

apparmor.d/profiles-s-z/switcheroo-control

@@ -29,6 +29,7 @@ profile switcheroo-control @{exec_path} flags=(attach_disconnected) {
   @{exec_path} mr,
 
   @{run}/udev/data/+drm:* r,
+  @{run}/udev/data/+pci:* r,
 
   @{run}/udev/data/c226:[0-9]* r,   # for /dev/dri/card* 
 

apparmor.d/profiles-s-z/udisksd

@@ -14,6 +14,7 @@ profile udisksd @{exec_path} flags=(attach_disconnected) {
   include <abstractions/dbus-strict>
   include <abstractions/disks-write>
   include <abstractions/nameservice-strict>
+  include <abstractions/openssl>
 
   capability chown,
   capability dac_override,