feat(profile): general update.

apparmor.d/profiles-s-z/sudo

@@ -21,15 +21,9 @@ profile sudo @{exec_path} flags=(attach_disconnected) {
   network inet dgram,
   network inet6 dgram,
 
-  ptrace (read),
+  ptrace read,
 
-  signal (send,receive) peer=cockpit-bridge,
-  signal (send) peer=@{p_systemd},
-  signal (send) set=(cont,hup,winch) peer=su,
-  signal (send) set=(winch) peer=child-pager,
-  signal (send) set=(winch) peer=journalctl,
-  signal (send) set=(winch) peer=pacman,
-  signal (send) set=(winch, hup, term) peer=rpm,
+  signal send set=(winch, hup, term),
 
   @{bin}/@{shells}                  rUx,
   @{lib}/**                         PUx,

apparmor.d/profiles-s-z/udisksd

@@ -48,6 +48,8 @@ profile udisksd @{exec_path} flags=(attach_disconnected) {
   mount options=(rw move) -> @{MOUNTS}/,
   mount options=(rw move) -> @{MOUNTS}/*/,
 
+  mount fstype=vfat -> /boot/efi/,
+
   # Allow mounting on temporary mount point
   mount -> @{run}/udisks2/temp-mount-*/,
   mount / -> @{MOUNTS}/*/,
@@ -56,6 +58,7 @@ profile udisksd @{exec_path} flags=(attach_disconnected) {
   umount @{MOUNTS}/,
   umount @{MOUNTS}/*/,
   umount @{run}/udisks2/temp-mount-*/,
+  umount /boot/efi/,
   umount /media/cdrom@{int}/,
 
   signal receive set=int peer=@{p_systemd},

apparmor.d/profiles-s-z/virt-manager

@@ -89,6 +89,7 @@ profile virt-manager @{exec_path} flags=(attach_disconnected) {
 
         @{PROC}/@{pids}/net/route r,
   owner @{PROC}/@{pid}/cgroup r,
+  owner @{PROC}/@{pid}/cmdline r,
   owner @{PROC}/@{pid}/fd/ r,
   owner @{PROC}/@{pid}/mountinfo r,
   owner @{PROC}/@{pid}/mounts r,