feat(profile): general update.

apparmor.d/profiles-g-l/git

@@ -12,7 +12,7 @@ include <tunables/global>
 
 @{exec_path}  = @{bin}/git @{bin}/git-*
 @{exec_path} += @{lib_dirs}/git @{lib_dirs}/git-* @{lib_dirs}/mergetools/*
-profile git @{exec_path} {
+profile git @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/consoles>
   include <abstractions/nameservice-strict>
@@ -110,7 +110,7 @@ profile git @{exec_path} {
   deny /dev/shm/.org.chromium.Chromium* rw,
   deny owner @{code_config_dirs}/** rw,
 
-  profile gpg {
+  profile gpg flags=(attach_disconnected) {
     include <abstractions/base>
     include <abstractions/consoles>
 
@@ -127,7 +127,7 @@ profile git @{exec_path} {
     include if exists <local/git_gpg>
   }
 
-  profile ssh {
+  profile ssh flags=(attach_disconnected) {
     include <abstractions/base>
     include <abstractions/nameservice-strict>
 
@@ -156,7 +156,7 @@ profile git @{exec_path} {
     include if exists <local/git_ssh>
   }
 
-  profile exec {
+  profile exec flags=(attach_disconnected) {
     include <abstractions/base>
 
     owner @{user_build_dirs}/**/bin/* mr,
@@ -164,7 +164,7 @@ profile git @{exec_path} {
     include if exists <local/git_exec>
   }
 
-  profile editor {
+  profile editor flags=(attach_disconnected) {
     include <abstractions/base>
     include <abstractions/app/editor>
   

apparmor.d/profiles-g-l/ifup

@@ -119,6 +119,7 @@ profile ifup @{exec_path} {
     @{PROC}/sys/net/ipv6/conf/*/accept_ra rw,
     @{PROC}/sys/net/ipv6/conf/*/autoconf rw,
 
+    include if exists <local/ifup_sysctl>
   }
 
   include if exists <local/ifup>

apparmor.d/profiles-g-l/lsusb

@@ -13,6 +13,8 @@ profile lsusb @{exec_path} {
   include <abstractions/consoles>
   include <abstractions/devices-usb>
 
+  capability net_admin,
+
   network netlink raw,
 
   @{exec_path} mr,