feat(profiles): general update.

apparmor.d/groups/pacman/aurpublish

@@ -9,6 +9,15 @@ include <tunables/global>
 @{exec_path} = /usr/share/aurpublish/*.hook
 profile aurpublish @{exec_path} {
   include <abstractions/base>
+  include <abstractions/nameservice-strict>
+  include <abstractions/ssl_certs>
+  include <abstractions/openssl>
+
+  network inet dgram,
+  network inet6 dgram,
+  network inet stream,
+  network inet6 stream,
+  network netlink raw,
 
   signal (receive) peer=git,
 
@@ -44,7 +53,7 @@ profile aurpublish @{exec_path} {
   owner @{user_projects_dirs}/**/.SRCINFO rw,
   owner @{user_projects_dirs}/**/PKGBUILD r,
 
-  owner @{user_cache_dirs}/makepkg/src/* r,
+  owner @{user_cache_dirs}/makepkg/src/* rw,
   owner @{user_config_dirs}/pacman/makepkg.conf r,
 
   owner /tmp/tmp.* rw,

apparmor.d/groups/pacman/pacman-hook-code

@@ -15,10 +15,14 @@ profile pacman-hook-code @{exec_path} {
   @{exec_path} mr,
 
   /{usr/,}bin/{,ba}sh     rix,
-  /{usr/,}bin/sed         rix,
+  /{usr/,}bin/env         rix,
   /{usr/,}bin/grep        rix,
+  /{usr/,}bin/sed         rix,
 
+  /{usr/,}lib/code/product.json rw,
   /{usr/,}lib/code/sed?????? rw,
 
+  /dev/tty rw,
+
   include if exists <local/pacman-hook-code>
 }