feat(profile): more use @{etc_ro} when we know it is needed.

apparmor.d/profiles-s-z/snapd

@@ -98,9 +98,9 @@ profile snapd @{exec_path} {
   /usr/share/dbus-1/services/*snap* r,
   /usr/share/polkit-1/actions/{,**/} r,
 
+  @{etc_ro}/environment r,
   /etc/apparmor.d/*snapd.snap* r,
   /etc/dbus-1/system.d/{,**/} r,
-  /etc/environment r,
   /etc/fstab r,
   /etc/mime.types r,
   /etc/modprobe.d/{,**/} r,

apparmor.d/profiles-s-z/useradd

@@ -30,7 +30,7 @@ profile useradd @{exec_path} {
   @{bin}/pam_tally2 rCx -> pam_tally2,
 
   /etc/default/useradd r,
-  /etc/login.defs r,
+  @{etc_ro}/login.defs r,
 
   /etc/{passwd,shadow,gshadow,group,subuid,subgid} rw,
   /etc/{passwd,shadow,gshadow,group,subuid,subgid}- w,

apparmor.d/profiles-s-z/userdel

@@ -26,7 +26,7 @@ profile userdel @{exec_path} flags=(attach_disconnected) {
 
   @{exec_path} mr,
 
-  /etc/login.defs r,
+  @{etc_ro}/login.defs r,
 
   /etc/{passwd,shadow,gshadow,group,subuid,subgid} rw,
   /etc/{passwd,shadow,gshadow,group,subuid,subgid}.@{pid} w,

apparmor.d/profiles-s-z/usermod

@@ -28,7 +28,7 @@ profile usermod @{exec_path} flags=(attach_disconnected) {
 
   @{bin}/nscd rix,
 
-  /etc/login.defs r,
+  @{etc_ro}/login.defs r,
   /etc/subuid r,
 
   /etc/{passwd,shadow,gshadow,group} rw,

apparmor.d/profiles-s-z/vipw-vigr

@@ -18,7 +18,7 @@ profile vipw-vigr @{exec_path} {
   @{sh_path}             rix,
   @{editor_path}         rCx -> editor,
 
-  /etc/login.defs r,
+  @{etc_ro}/login.defs r,
 
   /etc/{passwd,shadow,gshadow,group}{,.edit} rw,
   /etc/{passwd,shadow,gshadow,group}.@{pid} rw,