feat(profile): general update.

apparmor.d/groups/freedesktop/fc-cache

@@ -11,7 +11,6 @@ include <tunables/global>
 profile fc-cache @{exec_path} {
   include <abstractions/base>
   include <abstractions/consoles>
-  include <abstractions/fontconfig-cache-write>
   include <abstractions/fonts>
 
   capability dac_read_search,

apparmor.d/groups/freedesktop/plymouthd

@@ -18,6 +18,7 @@ profile plymouthd @{exec_path} {
   capability sys_admin,
   capability sys_chroot,
   capability sys_tty_config,
+  capability syslog,
 
   network netlink raw,
 
@@ -63,6 +64,7 @@ profile plymouthd @{exec_path} {
   owner @{PROC}/@{pid}/cmdline r,
   owner @{PROC}/@{pid}/stat r,
 
+  /dev/kmsg rw,
   /dev/ptmx rw,
   /dev/tty@{int} rw,
   /dev/ttyS@{int} rw,

apparmor.d/groups/freedesktop/xdg-desktop-portal-rewrite-launchers

@@ -9,8 +9,8 @@ include <tunables/global>
 @{exec_path} = @{lib}/xdg-desktop-portal-rewrite-launchers
 profile xdg-desktop-portal-rewrite-launchers @{exec_path} {
   include <abstractions/base>
-  include <abstractions/bus/org.gtk.vfs.MountTracker>
   include <abstractions/bus-session>
+  include <abstractions/bus/org.gtk.vfs.MountTracker>
 
   @{exec_path} mr,
 

apparmor.d/groups/freedesktop/xdg-email

@@ -13,7 +13,7 @@ profile xdg-email @{exec_path} flags=(complain) {
 
   @{exec_path}  r,
 
-  @{sh_path}         rix,
+  @{sh_path}          rix,
   @{bin}/{,e}grep     rix,
   @{bin}/{m,g,}awk    rix,
   @{bin}/basename     rix,

apparmor.d/groups/freedesktop/xorg

@@ -20,9 +20,11 @@ profile xorg @{exec_path} flags=(attach_disconnected) {
   include <abstractions/graphics-full>
   include <abstractions/nameservice-strict>
 
+  capability chown,
   capability dac_override,
   capability dac_read_search,
   capability ipc_owner,
+  capability mknod,
   capability net_admin,
   capability perfmon,
   capability setgid,