feat: cleanup ignored profile list.

apparmor.d/profiles-a-f/code-wrapper

@@ -0,0 +1,25 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2021-2023 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{bin}/code{,-oss}
+profile code-wrapper @{exec_path} {
+  include <abstractions/base>
+  include <abstractions/consoles>
+
+  @{exec_path} r,
+
+  @{bin}/{,ba,da}sh               rix,
+  @{lib}/electron@{int}/electron  rPx -> code,
+
+  owner @{user_config_dirs}/code-flags.conf r,
+  owner @{user_config_dirs}/electron@{int}-flags.conf r,
+
+  deny owner @{user_share_dirs}/gvfs-metadata/{,*} r,
+
+  include if exists <local/code-wrapper>
+}

dists/ignore/main.ignore

@@ -2,21 +2,22 @@
 # One ignore by line. Can be a profile name or a directory to ignore
 
 # Contains profiles and configuration for full system confinement, only included
-# when ./configure is given the --full option
+# when built with 'make full'
 apparmor.d/groups/_full
-root/etc/initramfs-tools
 root/usr/lib/initcpio
 root/usr/lib/systemd/
+root/usr/share/initramfs-tools
 
+# Apps that should be sandboxed
 apparmor.d/groups/apps
 code
 code-wrapper
+
+# Work in progress profiles
 plasma-discover
+snap
 steam
 steam-fossilize
 steam-game
 steam-gameoverlayui
 steam-reaper
-
-anki
-man