General update

Signed-off-by: Jeroen Rijken <jeroen.rijken@xs4all.nl>

apparmor.d/profiles-a-f/flatpak

@@ -10,6 +10,8 @@ include <tunables/global>
 profile flatpak @{exec_path} flags=(attach_disconnected,mediate_deleted,complain) {
   include <abstractions/base>
   include <abstractions/consoles>
+  include <abstractions/bus-session>
+  include <abstractions/bus/org.freedesktop.Accounts>
   include <abstractions/dconf-write>
   include <abstractions/freedesktop.org>
   include <abstractions/nameservice-strict>
@@ -79,6 +81,7 @@ profile flatpak @{exec_path} flags=(attach_disconnected,mediate_deleted,complain
   owner @{run}/user/@{uid}/.flatpak/** rwlk -> @{run}/user/@{uid}/.flatpak/**,
   owner @{run}/user/@{uid}/app/ w,
   owner @{run}/user/@{uid}/app/*/ w,
+  owner @{run}/user/@{uid}/systemd/private rw,
 
   @{sys}/module/nvidia/version r,
 

apparmor.d/profiles-a-f/flatpak-app

@@ -23,10 +23,14 @@ include <tunables/global>
 profile flatpak-app flags=(attach_disconnected,mediate_deleted) {
   include <abstractions/base>
   include <abstractions/bwrap-app>
+  include <abstractions/bus-system>
+  include <abstractions/bus/org.freedesktop.NetworkManager>
 
   capability dac_override,
   capability dac_read_search,
   capability net_admin,
+  # When bwrap is setup with setuid privileges, it needs the setuid capability.
+  capability setuid,
   capability setpcap,
   capability sys_admin,
   capability sys_ptrace,

apparmor.d/profiles-a-f/fwupdmgr

@@ -57,6 +57,7 @@ profile fwupdmgr @{exec_path} flags=(attach_disconnected,complain) {
 
   owner /var/cache/private/fwupdmgr/fwupd/lvfs-metadata.xml.gz{,.asc}.* rw,
   owner /var/cache/private/fwupdmgr/fwupd/lvfs-metadata.xml.gz{,.asc} rw,
+  /var/lib/flatpak/exports/share/mime/mime.cache r,
 
   owner @{user_cache_dirs}/ rw,
         @{user_cache_dirs}/dconf/user rw,
@@ -67,6 +68,7 @@ profile fwupdmgr @{exec_path} flags=(attach_disconnected,complain) {
 
   owner @{PROC}/@{pid}/fd/ r,
 
+  /dev/i2c-@{int} rw,
   /dev/tty rw,
 
   profile dbus {