feat(profile): ubuntu: update upgrade process.

apparmor.d/groups/ubuntu/package-data-downloader

@@ -14,6 +14,8 @@ profile package-data-downloader @{exec_path} {
   include <abstractions/nameservice-strict>
   include <abstractions/python>
 
+  capability dac_read_search,
+
   @{exec_path} mr,
 
   /var/lib/update-notifier/package-data-downloads/{,**} rw,

apparmor.d/groups/ubuntu/ubuntu-report

@@ -21,7 +21,7 @@ profile ubuntu-report @{exec_path} {
 
   @{bin}/dpkg  rPx -> child-dpkg,
 
-  owner @{user_cache_dirs}/ubuntu-report/{,*} r,
+  owner @{user_cache_dirs}/ubuntu-report/{,*} rw,
 
   include if exists <local/ubuntu-report>
 }

apparmor.d/groups/ubuntu/update-notifier-crash

@@ -0,0 +1,20 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2025 Alexandre Pujol <alexandre@pujol.io>
+# SPDX-License-Identifier: GPL-2.0-only
+
+abi <abi/4.0>,
+
+include <tunables/global>
+
+@{exec_path} = @{lib}/update-notifier/update-notifier-crash
+profile update-notifier-crash @{exec_path} {
+  include <abstractions/base>
+
+  @{exec_path} mr,
+
+  /usr/share/apport/apport-checkreports Px,
+
+  include if exists <local/update-notifier-crash>
+}
+
+# vim:syntax=apparmor