feat(profiles): general update.

apparmor.d/profiles-s-z/slirp4netns

@@ -23,7 +23,9 @@ profile slirp4netns @{exec_path} flags=(attach_disconnected) {
   mount,
   umount,
 
-  pivot_root oldroot=/tmp/old/ -> /tmp/,
+  pivot_root /tmp/**,
+  pivot_root /tmp/old/,
+  # pivot_root oldroot=/tmp/old/ -> /tmp/,
 
   @{exec_path} mr,
 
@@ -34,9 +36,6 @@ profile slirp4netns @{exec_path} flags=(attach_disconnected) {
         @{run}/user/@{uid}/netns/cni-* r,
   owner @{run}/user/@{uid}/libpod/tmp/slirp4netns-*.log r,
 
-  pivot_root /tmp/**,
-  pivot_root /tmp/old/,
-
   /dev/net/tun rw,
 
   include if exists <local/slirp4netns>

apparmor.d/profiles-s-z/steam

@@ -78,7 +78,7 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted,complain)
   /{usr/,}bin/uname                  rix,
   /{usr/,}bin/which                  rix,
   /{usr/,}bin/xdg-icon-resource      rPx,
-  /{usr/,}bin/xdg-user-dir           rPx,
+  /{usr/,}bin/xdg-user-dir           rix,
   /{usr/,}bin/xz                     rix,
   /{usr/,}bin/zenity                 rix,
   /{usr/,}lib{32,64}/ld-linux.so*    rix,
@@ -135,6 +135,7 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted,complain)
   owner @{user_config_dirs}/autostart/ r,
   owner @{user_config_dirs}/cef_user_data/{,**} r,
   owner @{user_config_dirs}/unity3d/{,**} rwk,
+  owner @{user_config_dirs}/user-dirs.dirs r,
 
   owner @{user_share_dirs}/ r,
   owner @{user_share_dirs}/applications/*.desktop w,

apparmor.d/profiles-s-z/sudo

@@ -87,6 +87,7 @@ profile sudo @{exec_path} {
 
   @{PROC}/@{pids}/cgroup r,
   @{PROC}/@{pids}/fd/ r,
+  @{PROC}/@{pids}/loginuid r,
   @{PROC}/@{pids}/stat r,
   @{PROC}/1/limits r,
   @{PROC}/sys/kernel/seccomp/actions_avail r,