feat(profiles): general update.

apparmor.d/profiles-m-r/mkinitramfs

@@ -105,8 +105,9 @@ profile mkinitramfs @{exec_path} {
     @{lib}/initramfs-tools/bin/* mr,
 
     @{lib}/@{multiarch}/ld-*.so*  rix,
-    @{lib}{,x}32/ld-*.so{,.2}     rix,
+    @{lib}/ld-*.so{,.2}           rix,
 
+    include if exists <local/mkinitramfs_ldd>
   }
 
   profile ldconfig {
@@ -133,6 +134,7 @@ profile mkinitramfs @{exec_path} {
     owner /var/tmp/mkinitramfs_*/var/cache/ldconfig/ rw,
     owner /var/tmp/mkinitramfs_*/var/cache/ldconfig/aux-cache{,~} rw,
 
+    include if exists <local/mkinitramfs_ldconfig>
   }
 
   profile find {
@@ -151,6 +153,7 @@ profile mkinitramfs @{exec_path} {
 
     owner /var/tmp/mkinitramfs_*/{,**/} r,
 
+    include if exists <local/mkinitramfs_find>
   }
 
   profile kmod {
@@ -169,9 +172,11 @@ profile mkinitramfs @{exec_path} {
 
     owner /var/tmp/mkinitramfs_*/usr/lib/modules/*/ r,
     owner /var/tmp/mkinitramfs_*/usr/lib/modules/*/modules.* rw,
+    owner /var/tmp/mkinitramfs_*/usr/lib/modules/*/updates/{,**} r,
     owner /var/tmp/mkinitramfs_*/usr/lib/modules/*/kernel/{,**/} r,
     owner /var/tmp/mkinitramfs_*/usr/lib/modules/*/kernel/**/*.ko r,
 
+    include if exists <local/mkinitramfs_kmod>
   }
 
   include if exists <local/mkinitramfs>

apparmor.d/profiles-m-r/pass

@@ -50,7 +50,7 @@ profile pass @{exec_path} {
 
   # Pass extensions
   @{bin}/oathtool       rix,   # pass-otp
-  @{bin}/python3.[0-9]* rPx -> pass-import,  # pass-import
+  @{bin}/python3.@{int} rPx -> pass-import,  # pass-import
   @{bin}/qrencode       rPUx,  # pass-otp
   @{bin}/tomb           rPUx,  # pass-tomb
 
@@ -59,8 +59,8 @@ profile pass @{exec_path} {
   owner @{user_password_store_dirs}/{,**} rw,
   owner /dev/shm/pass.*/{,*} rw,
 
-  @{PROC}/@{pids}/cmdline r,
   @{PROC}/ r,
+  @{PROC}/@{pids}/cmdline r,
   @{PROC}/sys/kernel/osrelease r,
   @{PROC}/uptime r,
 
@@ -122,7 +122,7 @@ profile pass @{exec_path} {
     owner @{user_password_store_dirs}/   rw,
     owner @{user_password_store_dirs}/** rwkl -> @{HOME}/.password-store/**,
 
-    owner /tmp/.git_vtag_tmp* rw,              # For git log --show-signature
+    owner /tmp/.git_vtag_tmp@{rand6} rw,  # For git log --show-signature
 
     include if exists <local/pass_git>
   }
@@ -141,6 +141,9 @@ profile pass @{exec_path} {
     owner @{user_password_store_dirs}/   rw,
     owner @{user_password_store_dirs}/** rwkl -> @{HOME}/.password-store/**,
     owner /dev/shm/pass.*/{,*} rw,
+    owner /tmp/.git_vtag_tmp@{rand6} rw,  # For git log --show-signature
+
+    owner /dev/pts/@{int} rw,
 
     include if exists <local/pass_gpg>
   }

apparmor.d/profiles-m-r/passwd

@@ -29,7 +29,7 @@ profile passwd @{exec_path} {
   /etc/nshadow rw,
   /etc/shadow rw,
   /etc/shadow- rw,
-  /etc/shadow.[0-9]* rw,
+  /etc/shadow.@{int} rw,
   /etc/shadow.lock rwl,
   /etc/shadow+ rw,
 

apparmor.d/profiles-m-r/pwck

@@ -19,10 +19,10 @@ profile pwck @{exec_path} {
   /etc/login.defs r,
   /etc/.pwd.lock wk,
   /etc/passwd rw,
-  /etc/passwd.[0-9]* rw,
+  /etc/passwd.@{int} rw,
   /etc/passwd.lock wl,
   /etc/shadow rw,
-  /etc/shadow.[0-9]* rw,
+  /etc/shadow.@{int} rw,
   /etc/shadow.lock wl,
 
   /etc/machine-id r,

apparmor.d/profiles-m-r/repo

@@ -51,7 +51,7 @@ profile repo @{exec_path} {
 
   /usr/share/git-core/{,**} r,
 
-  owner /tmp/.git_vtag_tmp* rw,
+  owner /tmp/.git_vtag_tmp@{rand6} rw,
   owner /tmp/ssh-*/ rw,
 
   owner @{PROC}/@{pid}/fd/ r,
@@ -82,7 +82,7 @@ profile repo @{exec_path} {
     owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**,
     owner @{HOME}/.repoconfig/gnupg/** rwkl -> @{HOME}/.repoconfig/gnupg/**,
 
-    owner /tmp/.git_vtag_tmp* r,
+    owner /tmp/.git_vtag_tmp@{rand6} r,
 
   }