update apparmor profiles

apparmor.d/synaptic

@@ -1,7 +1,7 @@
 # vim:syntax=apparmor
 # ------------------------------------------------------------------
 #
-#    Copyright (C) 2019-2020 Mikhail Morfikov
+#    Copyright (C) 2019-2021 Mikhail Morfikov
 #
 #    This program is free software; you can redistribute it and/or
 #    modify it under the terms of version 2 of the GNU General Public
@@ -66,6 +66,7 @@ profile synaptic @{exec_path} {
   # Needed? (##FIXME##)
   capability kill,
   capability fsetid,
+  deny capability net_admin,
   deny capability sys_nice,
 
   signal (send) peer=apt-methods-*,
@@ -133,6 +134,9 @@ profile synaptic @{exec_path} {
   /var/lib/dpkg/** r,
   /var/lib/dpkg/lock{,-frontend} rwk,
 
+  /var/lib/dbus/machine-id r,
+  /etc/machine-id r,
+
         /tmp/ r,
   owner /tmp/apt-dpkg-install-*/ rw,
   owner /tmp/apt-dpkg-install-*/[0-9]*-*.deb w,
@@ -148,13 +152,15 @@ profile synaptic @{exec_path} {
   owner @{PROC}/@{pid}/fd/ r,
   owner @{PROC}/@{pid}/mountinfo r,
 
+  # To remove the following error:
+  #  Internal Error: impossible to fork children. Synaptics is going to stop. Please report.
+  #  errorcode: 2
+  /dev/ptmx rw,
+
   /usr/share/glib-2.0/schemas/gschemas.compiled r,
 
   /etc/fstab r,
 
-  /var/lib/dbus/machine-id r,
-  /etc/machine-id r,
-
   # Synaptic is a GUI app started by root, so without "owner"
   @{HOME}/.Xauthority r,