feat(profile): improve attached paths definition.

apparmor.d/abstractions/app/systemctl

@@ -15,6 +15,8 @@
 
   @{bin}/systemctl mr,
 
+  @{att}/@{run}/systemd/private rw,
+
   owner @{run}/systemd/private rw,
 
           @{PROC}/1/cgroup r,

apparmor.d/abstractions/attached/consoles

@@ -5,8 +5,21 @@
 
   abi <abi/4.0>,
 
-        @{att}/dev/tty@{int} rw,
+  # There are the common ways to refer to consoles
-  owner @{att}/dev/pts/@{int} rw,
+  /dev/console          rw,
+  /dev/tty              rw,
+  /dev/tty@{u16}        rw,
+  @{att}/dev/tty        rw,
+  @{att}/dev/tty@{u16}  rw,
+
+  # These entries are a bit unfortunate; /dev/tty will always be
+  # associated with the controlling terminal by the kernel, but if a
+  # program uses the /dev/pts/ interface, it actually has access to
+  # -all- xterm, sshd, etc, terminals on the system.
+        /dev/pts/ r,
+  owner /dev/pts/@{u16} rw,
+        @{att}/pts/ r,
+  owner @{att}/dev/pts/@{u16} rw,
 
   include if exists <abstractions/attached/consoles.d>
 

apparmor.d/groups/systemd/systemd-coredump

@@ -43,6 +43,9 @@ profile systemd-coredump @{exec_path} flags=(attach_disconnected,mediate_deleted
 
   /var/lib/systemd/coredump/{,**} rwl,
 
+  @{att}/@{run}/systemd/coredump rw,
+  @{run}/systemd/coredump rw,
+
         @{PROC}/@{pids}/cgroup r,
         @{PROC}/@{pids}/cmdline r,
         @{PROC}/@{pids}/comm r,