feat(profile): improve support for some profiles.

Most of the rules have come from the integration tests.

apparmor.d/profiles-g-l/ip

@@ -30,8 +30,10 @@ profile ip @{exec_path} flags=(attach_disconnected) {
   umount /sys/,
 
   @{exec_path} mrix,
+
+  # To run command with 'ip netns exec'
   @{shells_path} rUx,
-  @{bin}/sudo rPx,
+  @{bin}/sudo    rPx,
 
   @{att}/ r,
 
@@ -40,6 +42,7 @@ profile ip @{exec_path} flags=(attach_disconnected) {
 
   /usr/share/iproute2/{,**} r,
 
+        @{run}/netns/ r,
         @{run}/netns/* rw,
   owner @{run}/netns/ rwk,
 

apparmor.d/profiles-g-l/lspci

@@ -35,6 +35,7 @@ profile lspci @{exec_path} flags=(attach_disconnected) {
   @{sys}/bus/pci/devices/ r,
   @{sys}/bus/pci/slots/ r,
   @{sys}/bus/pci/slots/@{int}-@{int}/address r,
+  @{sys}/bus/pci/slots/@{int}/address r,
   @{sys}/devices/@{pci}/** r,
   @{sys}/module/compression r,