feat(profiles): general update.

apparmor.d/abstractions/X-strict

@@ -13,6 +13,7 @@
   unix type=stream addr="@/tmp/.X11-unix/X[0-9]*",
   /tmp/.X11-unix/* rw,
   /tmp/.ICE-unix/* rw,
+  /tmp/.X{0,1}-lock rw,
 
   # Available Xsessions
   /usr/share/xsessions/{,*.desktop} r,
@@ -23,10 +24,10 @@
 
   # Xauthority files required for X connections, per user
   owner @{HOME}/.Xauthority r,
-  owner /tmp/xauth_@{rand6} r,
+  owner /tmp/xauth_@{rand6} rl -> /tmp/#@{int},
   owner @{run}/user/@{uid}/gdm{[1-9],}/Xauthority r,
   owner @{run}/user/@{uid}/X11/Xauthority r,
-  owner @{run}/user/@{uid}/xauth_@{rand6} rl,
+  owner @{run}/user/@{uid}/xauth_@{rand6} rl -> @{run}/user/@{uid}/#@{int},
 
   # Xwayland
   owner @{run}/user/@{uid}/.mutter-Xwaylandauth.@{rand6} rw,

apparmor.d/abstractions/deny-sensitive-home

@@ -28,8 +28,8 @@
   deny @{HOME}/.fetchmail*                mrwkl,
   deny @{HOME}/.lesshst*                  mrwkl,
   deny @{HOME}/.mozilla/{,**}             mrwkl,
-  deny @{HOME}/.mutt**                    mrwkl,
-  deny @{HOME}/.thunderbird               mrwkl,
+  deny @{HOME}/.mutt*                     mrwkl,
+  deny @{HOME}/.thunderbird/{,**}         mrwkl,
   deny @{HOME}/.viminfo*                  mrwkl,
   deny @{HOME}/.wget-hsts                 mrwkl,
   deny @{HOME}/@{XDG_GPG_DIR}/{,**}       mrwkl,

apparmor.d/abstractions/systemd-common

@@ -18,5 +18,6 @@
   /dev/kmsg w,
 
   @{sys}/firmware/efi/efivars/SecureBoot-@{uuid} r,
+  @{sys}/fs/cgroup/system.slice/@{profile_name}.service/memory.pressure rw,
 
   include if exists <abstractions/systemd-common.d>