feat(profiles): general update.

apparmor.d/groups/gnome/gnome-disk-image-mounter

@@ -13,6 +13,7 @@ profile gnome-disk-image-mounter @{exec_path} {
   include <abstractions/fonts>
   include <abstractions/freedesktop.org>
   include <abstractions/gtk>
+  include <abstractions/X-strict>
 
   @{exec_path} mr,
 

apparmor.d/groups/gvfs/gvfsd-fuse

@@ -60,6 +60,7 @@ profile gvfsd-fuse @{exec_path} {
 
     /dev/fuse rw,
 
+    include if exists <local/gvfsd-fuse_fusermount>
   }
 
   include if exists <local/gvfsd-fuse>

apparmor.d/groups/pacman/aurpublish

@@ -38,7 +38,7 @@ profile aurpublish @{exec_path} {
   @{bin}/mv          rix,
   @{bin}/nproc       rix,
   @{bin}/rm          rix,
-  @{bin}/sha512sum   rix,
+  @{bin}/sha*sum     rix,
   @{bin}/tput        rix,
   @{bin}/wc          rix,
 

apparmor.d/groups/systemd/systemd-journald

@@ -14,8 +14,11 @@ profile systemd-journald @{exec_path} {
   include <abstractions/systemd-common>
 
   capability audit_control,
+  capability audit_read,
+  capability chown,
+  capability dac_override,
   capability dac_read_search,
-  capability kill,
+  capability fowner,
   capability setgid,
   capability setuid,
   capability sys_admin,

apparmor.d/groups/ubuntu/ubuntu-report

@@ -12,6 +12,11 @@ profile ubuntu-report @{exec_path} {
   include <abstractions/nameservice-strict>
   include <abstractions/ssl_certs>
 
+  network inet stream,
+  network inet6 stream,
+  network inet dgram,
+  network inet6 dgram,
+
   @{exec_path} mr,
 
   @{bin}/dpkg  rPx -> child-dpkg,

apparmor.d/groups/virt/containerd-shim-runc-v2

@@ -47,6 +47,7 @@ profile containerd-shim-runc-v2 @{exec_path} flags=(attach_disconnected) {
 
   @{sys}/fs/cgroup/{,**} rw,
   @{sys}/fs/cgroup/kubepods/{,**} rw,
+  @{sys}/kernel/mm/hugepages/ r,
   @{sys}/kernel/mm/transparent_hugepage/hpage_pmd_size r,
 
   @{PROC}/@{pids}/cgroup r,