Ubuntu 22.04, first batch and misc

apparmor.d/profiles-m-r/rsyslogd

@@ -26,8 +26,14 @@ profile rsyslogd @{exec_path} {
   # for creating new log files and changing their owner/group
   capability chown,
 
+  # downgrade privileges on Ubuntu
+  capability setgid,
+  capability setuid,
+
   # Needed?
   deny capability sys_nice,
+#  capability sys_ptrace,
+#  ptrace (read),
 
   @{exec_path} mr,
 
@@ -50,5 +56,12 @@ profile rsyslogd @{exec_path} {
   /etc/CA/*.crt r,
   /etc/CA/*.key r,
 
+  @{PROC}/1/environ r,
+  @{PROC}/cmdline r,
+  @{PROC}/sys/kernel/osrelease r,
+
+  @{run}/systemd/userdb/io.systemd.Machine rw,
+  @{run}/systemd/notify w,
+
   include if exists <local/rsyslogd>
 }