feat(abs): deny apparmor/.null in the base abstraction.

apparmor.d/profiles-g-l/gio-querymodules

@@ -19,7 +19,6 @@ profile gio-querymodules @{exec_path} flags=(attach_disconnected) {
   @{lib}/gtk-{3,4}.0/**/giomodule.cache{,.[0-9A-Z]*} w,
   @{lib}/gio/modules/giomodule.cache{,.[0-9A-Z]*} w,
 
-  deny /apparmor/.null rw,
   deny network inet stream,
   deny network inet6 stream,
 

apparmor.d/profiles-g-l/gtk-update-icon-cache

@@ -26,7 +26,5 @@ profile gtk-update-icon-cache @{exec_path} flags=(attach_disconnected) {
   owner @{user_share_dirs}/**/.icon-theme.cache rw,
   owner @{user_share_dirs}/**/icon-theme.cache rw,
 
-  deny /apparmor/.null rw,
-
   include if exists <local/gtk-update-icon-cache>
 }

apparmor.d/profiles-g-l/kmod

@@ -71,7 +71,6 @@ profile kmod @{exec_path} flags=(attach_disconnected) {
   /dev/tty@{int} rw,
 
   deny @{user_share_dirs}/gvfs-metadata/* r,
-  deny /apparmor/.null rw,
   deny unix (receive) type=stream,
 
   include if exists <local/kmod>

apparmor.d/profiles-g-l/lvm

@@ -48,7 +48,5 @@ profile lvm @{exec_path} flags=(attach_disconnected) {
   /dev/**/ r,
   /dev/mapper/control rw,
 
-  deny /apparmor/.null rw,
-
   include if exists <local/lvm>
 }