feat(profile): general update.

apparmor.d/groups/_full/default

@@ -16,20 +16,14 @@ profile default @{exec_path} flags=(attach_disconnected,mediate_deleted) {
   include <abstractions/consoles>
   include <abstractions/dbus-session>
   include <abstractions/dconf-write>
+  include <abstractions/desktop>
   include <abstractions/devices-usb>
-  include <abstractions/dri-common>
-  include <abstractions/dri-enumerate>
-  include <abstractions/gnome-strict>
-  include <abstractions/mesa>
+  include <abstractions/graphics>
   include <abstractions/nameservice-strict>
-  include <abstractions/opencl-intel>
-  include <abstractions/opencl-mesa>
-  include <abstractions/opencl-nvidia>
   include <abstractions/openssl>
   include <abstractions/p11-kit>
   include <abstractions/ssl_certs>
   include <abstractions/video>
-  include <abstractions/vulkan>
   include <abstractions/zsh>
 
   capability dac_override,

apparmor.d/groups/freedesktop/xdg-user-dirs-update

@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = @{bin}/xdg-user-dirs-update
 profile xdg-user-dirs-update @{exec_path} {
   include <abstractions/base>
+  include <abstractions/xdg-desktop>
 
   @{exec_path} mr,
 
@@ -39,7 +40,6 @@ profile xdg-user-dirs-update @{exec_path} {
   /var/lib/sddm/@{XDG_TEMPLATES_DIR}/ rw,
   /var/lib/sddm/@{XDG_VIDEOS_DIR}/ rw,
 
-  # new user; change to 'c'
   owner @{HOME}/@{XDG_DESKTOP_DIR}/ w,
   owner @{HOME}/@{XDG_DOCUMENTS_DIR}/ w,
   owner @{HOME}/@{XDG_DOWNLOAD_DIR}/ w,
@@ -48,7 +48,6 @@ profile xdg-user-dirs-update @{exec_path} {
   owner @{HOME}/@{XDG_PUBLICSHARE_DIR}/ w,
   owner @{HOME}/@{XDG_TEMPLATES_DIR}/ w,
   owner @{HOME}/@{XDG_VIDEOS_DIR}/ w,
-  owner @{user_config_dirs}/ w,
 
   owner @{user_config_dirs}/user-dirs.dirs rw,
   owner @{user_config_dirs}/user-dirs.dirs@{rand6} rw,

apparmor.d/groups/gnome/gnome-music

@@ -7,7 +7,7 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path} = @{bin}/gnome-music
-profile gnome-music @{exec_path} {
+profile gnome-music @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/audio>
   include <abstractions/dconf-write>
@@ -48,6 +48,7 @@ profile gnome-music @{exec_path} {
         @{run}/systemd/inhibit/[0-9]*.ref rw,
 
   owner /tmp/grilo-plugin-cache-[0-9A-Z]*/ rw,
+  owner /var/tmp/etilqs_@{hex} rw,
 
         @{PROC}/sys/net/ipv6/conf/all/disable_ipv6 r,
   owner @{PROC}/@{pid}/cmdline r,

apparmor.d/groups/gnome/nautilus

@@ -12,6 +12,7 @@ profile nautilus @{exec_path} flags=(attach_disconnected) {
   include <abstractions/bus-accessibility>
   include <abstractions/bus-session>
   include <abstractions/bus-system>
+  include <abstractions/bus/com.canonical.Unity.LauncherEntry>
   include <abstractions/bus/org.a11y>
   include <abstractions/bus/org.freedesktop.hostname1>
   include <abstractions/bus/org.freedesktop.portal.Desktop>
@@ -69,11 +70,6 @@ profile nautilus @{exec_path} flags=(attach_disconnected) {
        member=Print
        peer=(name=:*, label=nautilus),
 
-  dbus send bus=session path=/com/canonical/unity/launcherentry/@{int}
-       interface=com.canonical.Unity.LauncherEntry
-       member=Update
-       peer=(name=org.freedesktop.DBus, label=gnome-shell),
-
   dbus send bus=session path=/org/freedesktop/DBus
        interface=org.freedesktop.DBus
        member=ListActivatableNames

apparmor.d/groups/network/netplan.script

@@ -22,9 +22,9 @@ profile netplan.script @{exec_path} flags=(attach_disconnected) {
 
   /etc/netplan/{,*} r,
 
-  @{run}/NetworkManager/conf.d/10-globally-managed-devices.conf{,.@{rand6}} w,
+  @{run}/NetworkManager/conf.d/10-globally-managed-devices.conf{,.@{rand6}} rw,
   @{run}/NetworkManager/system-connections/ r,
-  @{run}/NetworkManager/system-connections/netplan-*.nmconnection{,.@{rand6}} w,
+  @{run}/NetworkManager/system-connections/netplan-*.nmconnection{,.@{rand6}} rw,
   @{run}/systemd/system/ r,
   @{run}/systemd/system/netplan-* rw,
   @{run}/systemd/system/systemd-networkd.service.wants/ r,
@@ -51,8 +51,12 @@ profile netplan.script @{exec_path} flags=(attach_disconnected) {
     include <abstractions/base>
     include <abstractions/systemd-common>
 
+    capability net_admin,
+
     @{bin}/systemctl mr,
 
+    owner @{run}/systemd/private rw,
+
     include if exists <local/netplan.script_systemctl>
   }