feat(profile): general update.

apparmor.d/profiles-s-z/scrcpy

@@ -9,6 +9,8 @@ include <tunables/global>
 @{exec_path} = @{bin}/scrcpy
 profile scrcpy @{exec_path} {
   include <abstractions/base>
+  include <abstractions/dconf-write>
+  include <abstractions/desktop>
   include <abstractions/graphics>
 
   network inet stream,

apparmor.d/profiles-s-z/snap

@@ -46,7 +46,7 @@ profile snap @{exec_path} {
   @{bin}/mount rix,
 
   @{bin}/gpg{,2}          rCx -> gpg,
-  @{bin}/systemctl        rPx -> child-systemctl,
+  @{bin}/systemctl        rCx -> systemctl,
 
   @{lib_dirs}/snapd/snap-confine     rPx,
   @{lib_dirs}/snapd/snap-seccomp     rPx,
@@ -58,8 +58,9 @@ profile snap @{exec_path} {
   /var/cache/snapd/commands.db rwk,
   /var/cache/snapd/names r,
 
-  /snap/{,**} rw,
   @{HOME}/snap/{,**} rw,
+  /snap/{,**} rw,
+  /var/lib/gdm{,3}/snap/{,**} rw,
 
   owner /tmp/snapd-auto-import-mount-@{int}/ rw,
 
@@ -104,5 +105,12 @@ profile snap @{exec_path} {
     include if exists <local/snap_gpg>
   }
 
+  profile systemctl {
+    include <abstractions/base>
+    include <abstractions/systemctl>
+  
+    include if exists <local/snap_systemctl>
+  }
+
   include if exists <local/snap>
 }

apparmor.d/profiles-s-z/snap-failure

@@ -14,7 +14,7 @@ profile snap-failure @{exec_path} {
 
   @{exec_path} mr,
 
-  @{bin}/systemctl         rPx -> child-systemctl,
+  @{bin}/systemctl         rCx -> systemctl,
   @{lib_dirs}/snapd/snapd  rPx,
 
   /var/lib/snapd/sequence/snapd.json r,
@@ -23,5 +23,12 @@ profile snap-failure @{exec_path} {
 
   @{PROC}/cmdline r,
 
+  profile systemctl {
+    include <abstractions/base>
+    include <abstractions/systemctl>
+  
+    include if exists <local/snap-failure_systemctl>
+  }
+
   include if exists <local/snap-failure>
 }

apparmor.d/profiles-s-z/terminator

@@ -33,6 +33,8 @@ profile terminator @{exec_path} flags=(attach_disconnected) {
   # The shell is not confined on purpose.
   @{bin}/@{shells}      rUx,
 
+  @{open_path} rPx,
+
   owner @{user_config_dirs}/terminator/{,**} rw,
 
   owner /tmp/#@{int} rw,

apparmor.d/profiles-s-z/udisksd

@@ -84,7 +84,7 @@ profile udisksd @{exec_path} flags=(attach_disconnected) {
   @{bin}/ntfsfix              rPx,
   @{bin}/sfdisk               rPx,
   @{bin}/sgdisk               rPx,
-  @{bin}/systemctl            rPx -> child-systemctl,
+  @{bin}/systemctl            rCx -> systemctl,
   @{bin}/systemd-escape       rPx,
 
   /etc/udisks2/{,**} r,
@@ -138,5 +138,12 @@ profile udisksd @{exec_path} flags=(attach_disconnected) {
   /dev/loop-control rw,
   /dev/null.@{int} rw,
 
+  profile systemctl {
+    include <abstractions/base>
+    include <abstractions/systemctl>
+
+    include if exists <local/udisksd_systemctl>
+  }
+
   include if exists <local/udisksd>
 }