feat(profile): ssh: cleanup.

apparmor.d/groups/ssh/ssh-agent

@@ -13,6 +13,7 @@ profile ssh-agent @{exec_path} {
   include <abstractions/nameservice-strict>
 
   signal receive set=term peer=cockpit-bridge,
+  signal receive set=term peer=cockpit-session,
   signal receive set=term peer=gnome-keyring-daemon,
 
   @{exec_path} mr,

apparmor.d/groups/ssh/ssh-keygen

@@ -18,7 +18,8 @@ profile ssh-keygen @{exec_path} {
   /etc/ssh/moduli rw,
   /etc/ssh/ssh_host_*_key* rw,
 
-  owner @{HOME}/@{XDG_SSH_DIR}/{,*} rw,
+  owner @{HOME}/@{XDG_SSH_DIR}/ rw,
+  owner @{HOME}/@{XDG_SSH_DIR}/* rwl -> @{HOME}/@{XDG_SSH_DIR}/*,
 
   owner /tmp/snapd@{int}/*_*{,.pub} w,
   owner /tmp/snapd@{int}/*.key{,.pub} w,

apparmor.d/groups/ssh/sshd

@@ -102,7 +102,7 @@ profile sshd @{exec_path} flags=(attach_disconnected) {
   owner @{user_download_dirs}/{,**} rwl,
   owner @{user_sync_dirs}/{,**} rwl,
 
-  @{HOME}/@{XDG_SSH_DIR}/authorized_keys{,.*} r,
+  @{HOME}/@{XDG_SSH_DIR}/authorized_keys* r,
   owner @{user_cache_dirs}/{,motd*} rw,
 
   @{att}/@{run}/systemd/sessions/@{int}.ref rw,

apparmor.d/groups/ssh/sshfs

@@ -18,7 +18,7 @@ profile sshfs @{exec_path} flags=(complain) {
   mount fstype=fuse.sshfs -> @{MOUNTS}/*/,
   mount fstype=fuse.sshfs -> @{MOUNTS}/*/*/,
 
-  unix (connect, send, receive) type=stream peer=(label="sshfs//fusermount",addr=none),
+  unix (connect, send, receive) type=stream peer=(label="sshfs//fusermount"),
 
   @{exec_path} mr,