feat(profile): ubuntu: improve integration with ubuntu.

apparmor.d/profiles-g-l/gtk-query-immodules

@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = @{bin}/gtk-query-immodules-{2,3}.0
 profile gtk-query-immodules @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
 
   capability dac_override,
   capability dac_read_search,

apparmor.d/profiles-g-l/logrotate

@@ -50,19 +50,7 @@ profile logrotate @{exec_path} flags=(attach_disconnected) {
   @{bin}/squid                             rPUx,
 
   @{bin}/pgrep rCx -> pgrep,
-
-  # no new privs
-  #@{bin}/systemctl              rCx -> systemctl,
-  @{bin}/systemctl rix,
-  @{bin}/runlevel rix,
-  include <abstractions/wutmp>
-  ptrace (read),
-  capability sys_ptrace,
-  owner @{PROC}/@{pid}/stat r,
-        @{PROC}/1/environ r,
-        @{PROC}/1/sched r,
-        @{PROC}/cmdline r,
-        @{PROC}/sys/kernel/osrelease r,
+  @{bin}/systemctl rCx -> systemctl,
 
   /etc/ r,
   @{etc_ro}/logrotate.conf rk,
@@ -92,6 +80,8 @@ profile logrotate @{exec_path} flags=(attach_disconnected) {
     capability net_admin,
     capability sys_ptrace,
 
+    @{run}/utmp rk,
+
     include if exists <local/logrotate_systemctl>
   }