feat(profile): general update.

apparmor.d/groups/pacman/makepkg

@@ -11,15 +11,15 @@ profile makepkg @{exec_path} {
   include <abstractions/base>
   include <abstractions/consoles>
 
-  signal send set=winch peer=pacman,
-  signal send set=winch peer=pacman//systemctl,
-
   network inet stream,
   network inet6 stream,
   network inet dgram,
   network inet6 dgram,
   network netlink raw,
 
+  signal send set=winch peer=pacman,
+  signal send set=winch peer=pacman//systemctl,
+
   file,
 
   @{bin}/gpg{,2}  Cx -> gpg,
@@ -74,6 +74,9 @@ profile makepkg @{exec_path} {
 
     ptrace read,
 
+    signal send set=winch peer=pacman,           
+    signal send set=winch peer=pacman//systemctl,
+
     @{bin}/pacman Px,
 
     include if exists <local/makepkg_sudo>

apparmor.d/groups/pacman/pacman-hook-gtk4-querymodules

@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = /usr/share/libalpm/scripts/gtk4-querymodules
 profile pacman-hook-gtk4-querymodules @{exec_path} {
   include <abstractions/base>
+  include <abstractions/consoles>
 
   capability dac_read_search,
 

apparmor.d/groups/pacman/pacman-key

@@ -65,9 +65,10 @@ profile pacman-key @{exec_path} {
     owner @{PROC}/@{pid}/task/@{tid}/comm rw,
     owner @{PROC}/@{pid}/task/@{tid}/stat rw,
 
-   /dev/pts/@{int} rw,
-   /dev/tty@{int} rw,
+    /dev/pts/@{int} rw,
+    /dev/tty@{int} rw,
 
+    include if exists <local/pacman-key_gpg>
   }
 
   include if exists <local/pacman-key>

apparmor.d/groups/pacman/reflector

@@ -29,9 +29,10 @@ profile reflector @{exec_path} flags=(attach_disconnected) {
   /etc/xdg/reflector/reflector.conf r,
   /etc/pacman.d/mirrorlist rw,
 
-  owner @{user_cache_dirs}/mirrorstatus.json rw,
   /var/cache/reflector/mirrorstatus.json rw,
 
+  owner @{user_cache_dirs}/mirrorstatus.json r,
+
   @{PROC}/1/environ r,
   @{PROC}/cmdline r,
   @{PROC}/sys/kernel/osrelease r,