feat(profiles): general update.

apparmor.d/groups/systemd/systemd-cgtop

@@ -9,6 +9,8 @@ include <tunables/global>
 @{exec_path} = @{bin}/systemd-cgtop
 profile systemd-cgtop @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
+  include <abstractions/systemd-common>
 
   @{exec_path} mr,
 

apparmor.d/groups/systemd/systemd-journald

@@ -49,6 +49,7 @@ profile systemd-journald @{exec_path} {
   @{run}/udev/data/+usb-serial:* r,
   @{run}/udev/data/+usb:*       r,
   @{run}/udev/data/+virtio:*    r,
+  @{run}/udev/data/b254:@{int} r,         # for /dev/zram*
   @{run}/udev/data/c1:@{int}    r,        # For RAM disk
   @{run}/udev/data/c4:@{int} r,           # For TTY devices
   @{run}/udev/data/c10:@{int}   r,        # For non-serial mice, misc features

apparmor.d/groups/systemd/systemd-logind

@@ -83,22 +83,23 @@ profile systemd-logind @{exec_path} flags=(attach_disconnected,complain) {
   @{run}/udev/static_node-tags/uaccess/ r,
 
   @{run}/udev/data/+backlight:* r,
-  @{run}/udev/data/+drm:card[0-9]-* r, # For screen outputs
-  @{run}/udev/data/+input* r,          # For mouse, keyboard, touchpad
-  @{run}/udev/data/+pci* r,
-  @{run}/udev/data/c10:[0-9]*   r,     # For non-serial mice, misc features
-  @{run}/udev/data/c13:[0-9]* r,       # For /dev/input/*
-  @{run}/udev/data/c14:[0-9]* r,       # Open Sound System (OSS)
-  @{run}/udev/data/c21:[0-9]* r,       # Generic SCSI access
-  @{run}/udev/data/c29:[0-9]* r,       # For /dev/fb[0-9]*
-  @{run}/udev/data/c116:[0-9]* r,      # For ALSA
-  @{run}/udev/data/c226:[0-9]* r,      # For /dev/dri/card*
-  @{run}/udev/data/c23[4-9]:[0-9]* r,  # For dynamic assignment range 234 to 254
-  @{run}/udev/data/c24[0-9]:[0-9]* r,
-  @{run}/udev/data/c25[0-4]:[0-9]* r,
-  @{run}/udev/data/c3[0-9]*:[0-9]* r,  # For dynamic assignment range 384 to 511
-  @{run}/udev/data/c4[0-9]*:[0-9]* r,
-  @{run}/udev/data/c5[0-9]*:[0-9]* r,
+  @{run}/udev/data/+drm:card[0-9]-* r,    # For screen outputs
+  @{run}/udev/data/+input:input@{int} r,  # for mouse, keyboard, touchpad
+  @{run}/udev/data/+pci:* r,
+  @{run}/udev/data/c10:@{int}   r,        # For non-serial mice, misc features
+  @{run}/udev/data/c13:@{int} r,          # For /dev/input/*
+  @{run}/udev/data/c14:@{int} r,          # Open Sound System (OSS)
+  @{run}/udev/data/c21:@{int} r,          # Generic SCSI access
+  @{run}/udev/data/c29:[0-9]* r,          # For /dev/fb[0-9]*
+  @{run}/udev/data/c81:@{int}  r,         # For video4linux
+  @{run}/udev/data/c116:@{int} r,         # For ALSA
+  @{run}/udev/data/c226:@{int} r,         # For /dev/dri/card*
+  @{run}/udev/data/c23[4-9]:@{int} r,     # For dynamic assignment range 234 to 254
+  @{run}/udev/data/c24[0-9]:@{int} r,
+  @{run}/udev/data/c25[0-4]:@{int} r,
+  @{run}/udev/data/c3[0-9]*:@{int} r,     # For dynamic assignment range 384 to 511
+  @{run}/udev/data/c4[0-9]*:@{int} r,
+  @{run}/udev/data/c5[0-9]*:@{int} r,
 
   @{run}/systemd/inhibit/ rw,
   @{run}/systemd/inhibit/.#* rw,

apparmor.d/groups/systemd/systemd-portabled

@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = @{lib}/systemd/systemd-portabled
 profile systemd-portabled @{exec_path} {
   include <abstractions/base>
+  include <abstractions/systemd-common>
 
   capability sys_ptrace,
 

apparmor.d/groups/systemd/systemd-tmpfiles

@@ -49,6 +49,7 @@ profile systemd-tmpfiles @{exec_path} flags=(attach_disconnected) {
   @{sys}/kernel/security/ r,
   @{sys}/kernel/security/{,**} rw,
 
+  @{sys}/class/net/ r,
   @{sys}/devices/system/cpu/microcode/reload w,
 
   @{PROC}/@{pid}/net/unix r,