Update profiles.

apparmor.d/profiles-a-f/apparmor_parser

@@ -16,6 +16,7 @@ profile apparmor_parser @{exec_path} flags=(attach_disconnected) {
 
   /etc/apparmor/{,**} r,
   /etc/apparmor.d/{,**} r,
+  /etc/apparmor.d/cache.d/{,**} rw,
 
   owner /var/cache/apparmor/{,**} rw,
   owner /var/lib/docker/tmp/docker-default[0-9]* r,

apparmor.d/profiles-a-f/auditd

@@ -14,6 +14,7 @@ profile auditd @{exec_path} {
   capability audit_control,
   capability chown,
   capability fsetid,
+  capability sys_nice,
   capability sys_resource,
 
   network netlink raw,
@@ -24,11 +25,13 @@ profile auditd @{exec_path} {
 
   /var/log/audit/{,**} rw,
 
+  @{run}/auditd.pid rw,
   @{run}/systemd/userdb/ r,
 
   owner @{PROC}/@{pid}/attr/current r,
   owner @{PROC}/@{pid}/loginuid r,
-  owner @{PROC}/@{pid}/oom_score_adj r,
+  owner @{PROC}/@{pid}/sessionid r,
+  owner @{PROC}/@{pid}/oom_score_adj rw,
 
   include if exists <local/auditd>
 }

apparmor.d/profiles-a-f/firecfg

@@ -23,6 +23,7 @@ profile firecfg @{exec_path} flags=(attach_disconnected) {
 
   /etc/login.defs r,
   /etc/firejail/firejail.users r,
+  /etc/firejail/firecfg.config r,
 
   /usr/local/bin/ r,
   /usr/local/bin/* rw,

apparmor.d/profiles-a-f/fusermount

@@ -38,6 +38,7 @@ profile fusermount @{exec_path} {
   umount @{MOUNTS}/*/*/,
   umount /tmp/.mount_*/,
   umount @{run}/user/@{uid}/doc/,
+  umount @{run}/user/@{uid}/gvfs/,
 
   /etc/fuse.conf r,