feat(profile): general update.

apparmor.d/groups/virt/cockpit-session

@@ -31,6 +31,7 @@ profile cockpit-session @{exec_path} flags=(attach_disconnected) {
   @{etc_ro}/security/limits.d/{,*.conf} r,
   /etc/cockpit/disallowed-users r,
   /etc/group r,
+  /etc/machine-id r,
   /etc/motd r,
   /etc/motd.d/ r,
   /etc/shells r,

apparmor.d/groups/virt/libvirtd

@@ -66,10 +66,11 @@ profile libvirtd @{exec_path} flags=(attach_disconnected) {
   mount options=(rw, move) @{run}/libvirt/qemu/*.dev/ -> /dev/,
   mount options=(rw, move) @{run}/libvirt/qemu/*{,/} -> /dev/**,
 
-  ptrace (read,trace) peer=unconfined,
   ptrace (read,trace) peer=@{profile_name},
   ptrace (read,trace) peer=dnsmasq,
   ptrace (read,trace) peer=libvirt-@{uuid},
+  ptrace (read,trace) peer=libvirt-dbus,
+  ptrace (read,trace) peer=unconfined,
   ptrace (read,trace) peer=virt-manager,
 
   signal (read,send) peer=libvirt-@{uuid},

apparmor.d/groups/virt/virtnodedevd

@@ -61,9 +61,11 @@ profile virtnodedevd @{exec_path} flags=(attach_disconnected) {
   @{run}/udev/data/c13:@{int} r,          # For /dev/input/*
   @{run}/udev/data/c21:@{int} r,          # Generic SCSI access
   @{run}/udev/data/c29:@{int} r,          # For /dev/fb[0-9]*
+  @{run}/udev/data/c81:@{int}  r,         # For video4linux
   @{run}/udev/data/c90:@{int} r,          # For RAM, ROM, Flash
   @{run}/udev/data/c116:@{int} r,         # For ALSA
   @{run}/udev/data/c202:@{int} r,         # CPU model-specific registers
+  @{run}/udev/data/c203:@{int} r,         # CPU CPUID information
   @{run}/udev/data/c226:@{int} r,         # For /dev/dri/card[0-9]*
   @{run}/udev/data/c@{dynamic}:@{int} r,  # For dynamic assignment range 234 to 254, 384 to 511
   @{run}/udev/data/n@{int} r,