feat(profile): update some core profiles.

apparmor.d/profiles-s-z/snap

@@ -29,6 +29,7 @@ profile snap @{exec_path} {
   mount options=(ro, silent) -> /tmp/snapd-auto-import-mount-@{int}/,
 
   #aa:dbus own bus=session name=io.snapcraft.Launcher
+  #aa:dbus own bus=session name=io.snapcraft.SessionAgent
   #aa:dbus own bus=session name=io.snapcraft.Settings
 
   #aa:dbus talk bus=session name=org.freedesktop.systemd1 label="@{p_systemd_user}"
@@ -45,6 +46,7 @@ profile snap @{exec_path} {
   @{bin}/gpg{,2}          rCx -> gpg,
   @{bin}/systemctl        rCx -> systemctl,
 
+  @{lib_dirs}/**          mr,
   @{lib_dirs}/snapd/snap-confine     rPx,
   @{lib_dirs}/snapd/snap-seccomp     rPx,
   @{lib_dirs}/snapd/snapd            rPx,
@@ -108,6 +110,9 @@ profile snap @{exec_path} {
 
     network unix stream,
 
+    owner @{run}/user/@{uid}/systemd/notify rw,
+    owner @{run}/user/@{uid}/systemd/private rw,
+
     include if exists <local/snap_systemctl>
   }
 

apparmor.d/profiles-s-z/snap-update-ns

@@ -23,11 +23,17 @@ profile snap-update-ns @{exec_path} {
   mount -> /tmp/.snap/**,
   mount -> /usr/**,
   mount -> /var/lib/dhcp/,
+
   umount /snap/**,
   umount /var/lib/dhcp/,
+  umount @{lib}/@{multiarch}/webkit2gtk-@{version}/,
+  umount /usr/share/xml/iso-codes/,          
 
   @{exec_path} mr,
 
+  @{lib}/@{multiarch}/webkit2gtk-@{version}/ w,
+  /usr/share/xml/iso-codes/ w,
+
   /var/lib/snapd/mount/{,*} r,
 
   / r,

apparmor.d/profiles-s-z/snapd-apparmor

@@ -17,6 +17,7 @@ profile snapd-apparmor @{exec_path} {
   @{bin}/systemd-detect-virt         rPx,
   @{bin}/apparmor_parser             rPx,
 
+  @{lib_dirs}/** mr,
   @{lib_dirs}/snapd/apparmor_parser  rPx -> apparmor_parser,
   @{lib_dirs}/snapd/info r,
 

apparmor.d/profiles-s-z/uuidd

@@ -17,6 +17,7 @@ profile uuidd @{exec_path} flags=(attach_disconnected) {
 
   owner /var/lib/libuuid/clock.txt rwk,
 
+  @{run}/uuidd/request w,
   @{att}/@{run}/uuidd/request w,
 
   include if exists <local/uuidd>