feat(profile): improve dpkg-scripts.

apparmor.d/groups/apt/dpkg-scripts

@@ -11,6 +11,7 @@ profile dpkg-scripts @{exec_path} {
   include <abstractions/base>
   include <abstractions/common/debconf>
   include <abstractions/disks-read>
+  include <abstractions/python>
 
   capability chown,
   capability dac_read_search,
@@ -24,6 +25,7 @@ profile dpkg-scripts @{exec_path} {
   # Common program found in maintainer scripts
   @{sh_path}                                     rix,
   @{coreutils_path}                              rix,
+  @{python_path}                                 rix,
   @{bin}/run-parts                               rix,
 
   @{bin}/envsubst                                 ix,
@@ -51,8 +53,8 @@ profile dpkg-scripts @{exec_path} {
   @{bin}/**                                       PUx,
   @{sbin}/**                                      PUx,
   @{lib}/**                                       PUx,
+  /etc/**                                         PUx,
   /usr/share/**                                   PUx,
-  /etc/init.d/*                                   PUx,
 
   # Maintainer's scripts can update a lot of files
   / r,

apparmor.d/groups/apt/unattended-upgrade-shutdown

@@ -20,6 +20,10 @@ profile unattended-upgrade-shutdown @{exec_path} flags=(attach_disconnected) {
 
   @{bin}/ischroot  Px,
 
+  @{lib}/@{python_name}/**/__pycache__/ w,
+  @{lib}/@{python_name}/**/__pycache__/**.pyc w,
+  @{lib}/@{python_name}/**/__pycache__/**.pyc.@{u64} w,
+
   /usr/share/unattended-upgrades/{,*} r,
 
   owner /var/log/unattended-upgrades/*.log* rw,