feat(profile): general update.

apparmor.d/groups/gnome/epiphany-search-provider

@@ -36,6 +36,7 @@ profile epiphany-search-provider @{exec_path} {
   owner /tmp/Serialized* rw, 
 
   @{sys}/devices/virtual/dmi/id/chassis_type r,
+  @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/user@@{uid}.service/app.slice/*org.gnome.Epiphany.SearchProvider.slice/*/memory.* r,
   @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/user@@{uid}.service/session.slice/dbus.service/memory.* r,
 
         @{PROC}/driver/nvidia/params r,

apparmor.d/groups/gnome/gdm-session-worker

@@ -60,12 +60,13 @@ profile gdm-session-worker @{exec_path} flags=(attach_disconnected) {
   @{exec_path} mrix,
 
   @{bin}/gnome-keyring-daemon             rPx,
+  @{bin}/unix_chkpwd                      rPx,
+  @{etc_ro}/X11/xdm/Xstartup             rPUx,
   @{lib}/{,gdm/}gdm-wayland-session       rPx,
   @{lib}/{,gdm/}gdm-x-session             rPx,
   /etc/gdm{3,}/{Pre,Post}Session/Default  rix,
   /etc/gdm{3,}/PostLogin/Default          rix,
   /etc/gdm{3,}/PrimeOff/Default           rix,
-  @{etc_ro}/X11/xdm/Xstartup             rPUx,
 
   /usr/share/gdm/gdm.schemas r,
   /usr/share/wayland-sessions/*.desktop r,

apparmor.d/groups/gnome/gjs-console

@@ -72,6 +72,7 @@ profile gjs-console @{exec_path} flags=(attach_disconnected) {
   owner @{user_cache_dirs}/gstreamer-1.0/ rw,
   owner @{user_cache_dirs}/gstreamer-1.0/registry.*.bin{,.tmp@{rand6}} rw,
 
+  owner @{PROC}/@{pid}/cmdline r,
   owner @{PROC}/@{pid}/fd/ r,
   owner @{PROC}/@{pid}/mounts r,
   owner @{PROC}/@{pid}/stat r,

apparmor.d/groups/gnome/gnome-contacts-search-provider

@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = @{lib}/gnome-contacts-search-provider
 profile gnome-contacts-search-provider @{exec_path} {
   include <abstractions/base>
+  include <abstractions/bus-session>
   include <abstractions/dconf-write>
   include <abstractions/gnome-strict>
   include <abstractions/graphics>
@@ -16,6 +17,8 @@ profile gnome-contacts-search-provider @{exec_path} {
 
   signal (send) set=(term) peer=unconfined,
 
+  # dbus own bus=session name=org.gnome.Contacts.SearchProvider
+
   @{exec_path} mr,
 
   owner @{user_share_dirs}/folks/{,**/} rw,

apparmor.d/groups/gnome/gnome-control-center

@@ -145,6 +145,7 @@ profile gnome-control-center @{exec_path} flags=(attach_disconnected) {
   owner @{PROC}/@{pid}/cgroup r,
   owner @{PROC}/@{pid}/cmdline r,
   owner @{PROC}/@{pid}/fd/ r,
+  owner @{PROC}/@{pid}/fdinfo/@{int} r,
   owner @{PROC}/@{pid}/loginuid r,
   owner @{PROC}/@{pid}/maps r,
   owner @{PROC}/@{pid}/mountinfo r,

apparmor.d/groups/gnome/gnome-control-center-goa-helper

@@ -44,6 +44,7 @@ profile gnome-control-center-goa-helper @{exec_path} {
 
   @{lib}/{,@{multiarch}/}webkit{,2}gtk-*/WebKitNetworkProcess rix,
 
+  /usr/share/cracklib/* r,
   /usr/share/publicsuffix/public_suffix_list.dafsa r,
 
   /var/lib/flatpak/exports/share/icons/{,**} r,

apparmor.d/groups/gnome/gnome-shell

@@ -373,6 +373,7 @@ profile gnome-shell @{exec_path} flags=(attach_disconnected) {
         @{PROC}/sys/kernel/osrelease r,
         @{PROC}/sys/net/ipv{4,6}/conf/all/disable_ipv{4,6} r,
   owner @{PROC}/@{pid}/fd/ r,
+  owner @{PROC}/@{pid}/fdinfo/@{int} r,
   owner @{PROC}/@{pid}/mountinfo r,
   owner @{PROC}/@{pid}/mounts r,
   owner @{PROC}/@{pid}/task/@{pid}/cmdline r,

apparmor.d/groups/gnome/org.gnome.NautilusPreviewer

@@ -38,6 +38,7 @@ profile org.gnome.NautilusPreviewer @{exec_path} {
 
   @{run}/udev/data/c@{dynamic}:@{int} r,  # For dynamic assignment range 234 to 254, 384 to 511
 
+  @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/user@@{uid}.service/app.slice/a*org.gnome.NautilusPreviewer.slice/*/memory.* r,
   @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/user@@{uid}.service/session.slice/dbus.service/memory.* r,
 
         @{PROC}/@{pid}/cgroup r,