feat(profile): general update.

apparmor.d/profiles-a-f/borg

@@ -70,6 +70,7 @@ profile borg @{exec_path} {
   owner /tmp/tmp*/ rw,
   owner /tmp/tmp*/file rw,
   owner /tmp/tmp*/idx rw,
+  owner /var/lib/libuuid/clock.txt w,
   owner /var/tmp/* rw,
   owner /var/tmp/tmp*/ rw,
   owner /var/tmp/tmp*/file rw,
@@ -97,10 +98,14 @@ profile borg @{exec_path} {
 
   profile fusermount {
     include <abstractions/base>
+    include <abstractions/consoles>
     include <abstractions/nameservice-strict>
 
     capability sys_admin,
 
+    mount fstype=fuse borgfs -> @{MOUNTS}/,
+    mount fstype=fuse borgfs -> @{MOUNTS}/*/,
+
     umount @{MOUNTS}/,
     umount @{MOUNTS}/*/,
 

apparmor.d/profiles-a-f/fail2ban-server

@@ -31,6 +31,7 @@ profile fail2ban-server @{exec_path} flags=(attach_disconnected) {
   /var/lib/fail2ban/fail2ban.sqlite3 rwk,
   /var/log/auth.log r,
   /var/log/fail2ban.log w,
+  /var/log/journal/@{hex32}/system.journal r,
 
   @{run}/fail2ban/fail2ban.pid rw,
   @{run}/fail2ban/fail2ban.sock rw,

apparmor.d/profiles-a-f/firewalld

@@ -59,8 +59,7 @@ profile firewalld @{exec_path} {
   /usr/share/libalternatives/ebtables*/{,*} r,
   /usr/share/libalternatives/ip{,4,6}tables*/{,*} r,
 
-  /etc/firewalld/{,**} r,
-  /etc/firewalld/zones/{,**} rw,
+  /etc/firewalld/{,**} rw,
   /etc/iproute2/group r,
   /etc/iproute2/rt_realms r,
 

apparmor.d/profiles-a-f/fwupd

@@ -62,6 +62,7 @@ profile fwupd @{exec_path} flags=(complain,attach_disconnected) {
   /etc/pki/fwupd/{,**} r,
 
   /var/cache/fwupd/{,**} rw,
+  /var/lib/flatpak/exports/share/mime/mime.cache r,
   /var/lib/fwupd/{,**} rw,
   /var/lib/fwupd/pending.db rwk,
   /var/tmp/etilqs_@{hex} rw,