feat(profiles): general update.

apparmor.d/profiles-a-f/amarok

@@ -107,7 +107,7 @@ profile amarok @{exec_path} {
   owner @{HOME}/.kde{,4}/share/apps/amarok/ rw,
   owner @{HOME}/.kde{,4}/share/apps/amarok/albumcovers/ rw,
   owner @{HOME}/.kde{,4}/share/apps/amarok/albumcovers/cache/ rw,
-  owner @{HOME}/.kde{,4}/share/apps/amarok/albumcovers/cache/[0-9]*@[0-9a-f]* rw,
+  owner @{HOME}/.kde{,4}/share/apps/amarok/albumcovers/cache/[0-9]*@@{hex} rw,
   owner @{HOME}/.kde{,4}/share/apps/amarok/albumcovers/cache/[0-9]*@nocover.png rw,
   owner @{HOME}/.kde{,4}/share/apps/amarok/albumcovers/cache rw,
 

apparmor.d/profiles-a-f/findmnt

@@ -7,10 +7,12 @@ abi <abi/3.0>,
 include <tunables/global>
 
 @{exec_path} = /{usr/,}bin/findmnt
-profile findmnt @{exec_path} flags=(complain) {
+profile findmnt @{exec_path} flags=(attach_disconnected,complain) {
   include <abstractions/base>
   include <abstractions/consoles>
 
+  capability dac_read_search,
+
   @{exec_path} mr,
 
   /etc/fstab r,
@@ -18,5 +20,7 @@ profile findmnt @{exec_path} flags=(complain) {
   
   @{PROC}/@{pids}/mountinfo r,
 
+  deny /apparmor/.null rw,
+
   include if exists <local/findmnt>
 }

apparmor.d/profiles-a-f/fwupd

@@ -65,6 +65,8 @@ profile fwupd @{exec_path} flags=(complain,attach_disconnected) {
 
   @{exec_path} mr,
 
+  /{usr/,}lib/fwupd/fwupd-detect-cet rix,
+
   /{usr/,}bin/gpg         rCx -> gpg,
   /{usr/,}bin/gpgconf     rCx -> gpg,
   /{usr/,}bin/gpgsm       rCx -> gpg,