fix: minor profiles fixes.

apparmor.d/groups/systemd/systemd-journald

@@ -31,7 +31,7 @@ profile systemd-journald @{exec_path} {
   @{run}/log/ rw,
   /{run,var}/log/journal/ rw,
   /{run,var}/log/journal/@{md5}/ rw,
-  /{run,var}/log/journal/@{md5}/* rw -> /{run,var}/log/journal/@{md5}/#@{int},
+  /{run,var}/log/journal/@{md5}/* rwl -> /{run,var}/log/journal/@{md5}/#@{int},
 
   owner @{run}/systemd/journal/{,**} rw,
   owner @{run}/systemd/notify rw,

apparmor.d/groups/systemd/systemd-udevd

@@ -119,7 +119,7 @@ profile systemd-udevd @{exec_path} flags=(attach_disconnected,complain) {
 
   deny /apparmor/.null rw,
 
-  profile systemctl {
+  profile systemctl flags=(attach_disconnected,complain) {
     include <abstractions/base>
     include <abstractions/systemd-common>
 

apparmor.d/profiles-a-f/aa-enforce

@@ -19,7 +19,7 @@ profile aa-enforce @{exec_path} {
   @{bin}/ r,
   @{bin}/apparmor_parser     rPx,
 
-  /usr/share/terminfo/x/* r,
+  /usr/share/terminfo/{,**} r,
 
   /etc/apparmor/logprof.conf r,
   /etc/apparmor.d/{,**} rw,

apparmor.d/profiles-a-f/adduser

@@ -1,5 +1,6 @@
 # apparmor.d - Full set of apparmor profiles
 # Copyright (C) 2019-2021 Mikhail Morfikov
+# Copyright (C) 2021-2023 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
 abi <abi/3.0>,
@@ -42,12 +43,12 @@ profile adduser @{exec_path} {
   /etc/adduser.conf r,
   /etc/skel/{,.*} r,
 
-  @{run}/adduser wk,
-
   # To create user dirs and copy files from /etc/skel/ to them
   @{HOME}/ rw,
   @{HOME}/.* w,
   /var/lib/*/{,*} rw,
 
+  @{run}/adduser wk,
+
   include if exists <local/adduser>
 }

apparmor.d/profiles-s-z/snap

@@ -102,6 +102,7 @@ profile snap @{exec_path} {
     owner @{HOME}/.snap/gnupg/ rw,
     owner @{HOME}/.snap/gnupg/** rwkl,
 
+    include if exists <local/snap_gpg>
   }
 
   include if exists <local/snap>