feat(profile): general update.

apparmor.d/groups/systemd/busctl

@@ -10,6 +10,10 @@ include <tunables/global>
 profile busctl @{exec_path} {
   include <abstractions/base>
   include <abstractions/nameservice-strict>
+  include <abstractions/systemd-common>
+
+  capability net_admin,
+  capability sys_ptrace,
 
   ptrace (read),
 

apparmor.d/groups/systemd/systemd-generator-environment-flatpak

@@ -15,6 +15,8 @@ profile systemd-generator-environment-flatpak @{exec_path} {
 
   @{bin}/flatpak rix,
 
+  /usr/{local/,}share/gvfs/remote-volume-monitors/{,*}  r,
+
   /dev/tty rw,
 
   include if exists <local/systemd-generator-environment-flatpak>

apparmor.d/groups/systemd/systemd-hostnamed

@@ -23,6 +23,7 @@ profile systemd-hostnamed @{exec_path}  flags=(attach_disconnected) {
   @{etc_rw}/.#hostname* rw,
   @{etc_rw}/hostname rw,
   /etc/.#machine-info@{rand6} rw,
+  /etc/machine-id r,
   /etc/machine-info rw,
 
   @{run}/systemd/default-hostname rw,

apparmor.d/groups/systemd/systemd-journald

@@ -55,6 +55,7 @@ profile systemd-journald @{exec_path} {
   @{run}/udev/data/+usb:*       r,
   @{run}/udev/data/+virtio:*    r,
   @{run}/udev/data/b254:@{int} r,         # for /dev/zram*
+  @{run}/udev/data/b259:@{int} r,
   @{run}/udev/data/c1:@{int}    r,        # For RAM disk
   @{run}/udev/data/c4:@{int} r,           # For TTY devices
   @{run}/udev/data/c10:@{int}   r,        # For non-serial mice, misc features

apparmor.d/groups/systemd/systemd-vconsole-setup

@@ -34,6 +34,7 @@ profile systemd-vconsole-setup @{exec_path} {
 
   @{sys}/module/vt/parameters/default_utf8 w,
 
+  /dev/console k,
   /dev/tty@{int} rwk,
 
   include if exists <local/systemd-vconsole-setup>