General update

apparmor.d/groups/freedesktop/pulseaudio

@@ -39,7 +39,7 @@ profile pulseaudio @{exec_path} {
        member={GetState,AddService,AddServiceSubtype,Commit}
        peer=(name=org.freedesktop.Avahi),
 
-  dbus receive bus=session path=/Client0/EntryGroup[0-9]*
+  dbus receive bus=system path=/Client0/EntryGroup[0-9]*
        interface=org.freedesktop.Avahi.EntryGroup
        member=StateChanged
        peer=(name=org.freedesktop.Avahi),
@@ -102,8 +102,8 @@ profile pulseaudio @{exec_path} {
        member=Get
        peer=(name=/org/freedesktop/hostname[0-9]),
 
-  dbus send bus=system path=/org.freedesktop.hostname[0-9]
+  dbus send bus=system path=/org/freedesktop/hostname[0-9]
-       interface=org.freedesktop.DBus.Prope
+       interface=org.freedesktop.DBus.Properties
        member=Get
        peer=(name=/org/freedesktop/hostname[0-9]),
 

apparmor.d/groups/virt/cni-calico

@@ -32,8 +32,11 @@ profile cni-calico @{exec_path} flags=(attach_disconnected) {
   
   /var/lib/calico/{,**} r,
   /var/log/calico/cni/ r,
+  /var/log/calico/cni/cni.log rw,
   /var/log/calico/cni/cni-@{date}T@{time}.[0-9]*.log rw,
   
+  /usr/share/mime/globs2 r,
+  
   @{run}/calico/ rw,
   @{run}/calico/ipam.lock rwk,
   @{run}/netns/cni-@{uuid} r,

apparmor.d/groups/virt/containerd

@@ -53,14 +53,15 @@ profile containerd @{exec_path} flags=(attach_disconnected) {
 
   / r,
 
-  /opt/cni/bin/loopback rPx,
+  /opt/cni/bin/loopback  rPx,
-  /opt/cni/bin/portmap rPx,
+  /opt/cni/bin/portmap   rPx,
   /opt/cni/bin/bandwidth rPx,
-  /opt/cni/bin/calico rPx,
+  /opt/cni/bin/calico    rPx,
 
-  /etc/cni/              rw,
+  /etc/calico/ rw,
-  /etc/cni/{,**}         r,
+  /etc/cni/ rw,
-  /etc/cni/net.d/        rw,
+  /etc/cni/{,**} r,
+  /etc/cni/net.d/ rw,
   /etc/containerd/*.toml r,
 
   /opt/containerd/{,**} rw,

apparmor.d/profiles-s-z/thermald

@@ -18,6 +18,12 @@ profile thermald @{exec_path} {
      bus=system
      name=org.freedesktop.thermald,
   
+  dbus (send)
+     bus=system
+     path=/org/freedesktop/DBus
+     interface=org.freedesktop.DBus
+     member=RequestName
+
   @{exec_path} mr,
 
   owner @{run}/thermald/ rw,

apparmor.d/profiles-s-z/whereis

@@ -34,6 +34,7 @@ profile whereis @{exec_path} flags=(complain) {
   /snap/bin/ r,
   /var/lib/flatpak/exports/bin/ r,
 
+  owner @{HOME}/{.local/,}/{.,}bin/ r,
   owner @{HOME}/.krew/bin/ r,
   owner @{HOME}/{.,}go/bin/ r,
   owner @{HOME}/{.local/,}{.,}bin/ r,

apparmor.d/profiles-s-z/zed

@@ -45,6 +45,7 @@ profile zed @{exec_path} {
 
   @{sys}/bus/pci/slots/ r,
   @{sys}/bus/pci/slots/[0-9]*/address r,
+  @{sys}/module/zfs/parameters/zfs_zevent_len_max rw,
   
         @{PROC}/@{pids}/mounts r,
   owner @{PROC}/@{pids}/fd/ r,