feat(profile): enable abi 4 rules by default.

apparmor.d/groups/gnome/nautilus

@@ -26,7 +26,7 @@ profile nautilus @{exec_path} flags=(attach_disconnected) {
   include <abstractions/nameservice-strict>
   include <abstractions/trash-strict>
 
-  # mqueue r type=posix /,
+  mqueue r type=posix /,
 
   #aa:dbus own bus=session name=org.gnome.Nautilus interface=org.gtk.{Application,Actions}
   #aa:dbus own bus=session name=org.freedesktop.FileManager1

apparmor.d/groups/kde/plasmashell

@@ -28,7 +28,7 @@ profile plasmashell @{exec_path} flags=(mediate_deleted) {
   include <abstractions/ssl_certs>
   include <abstractions/thumbnails-cache-read>
 
-  # userns,
+  userns,
 
   capability sys_ptrace,
 

apparmor.d/groups/systemd/systemd-coredump

@@ -13,7 +13,7 @@ profile systemd-coredump @{exec_path} flags=(attach_disconnected,mediate_deleted
   include <abstractions/nameservice-strict>
   include <abstractions/common/systemd>
 
-  # userns,
+  userns,
 
   capability dac_override,
   capability dac_read_search,

apparmor.d/groups/systemd/systemd-logind

@@ -27,7 +27,7 @@ profile systemd-logind @{exec_path} flags=(attach_disconnected) {
 
   network netlink raw,
 
-  # mqueue r type=posix /,
+  mqueue r type=posix /,
 
   unix (bind) type=stream addr=@@{hex16}/bus/systemd-logind/system,
 

apparmor.d/groups/ubuntu/package-system-locked

@@ -17,7 +17,7 @@ profile package-system-locked @{exec_path} flags=(attach_disconnected) {
   network inet dgram,
   network inet6 dgram,
 
-  # mqueue r type=posix /,
+  mqueue r type=posix /,
 
   ptrace (read),
 

apparmor.d/groups/virt/virtiofsd

@@ -10,7 +10,7 @@ include <tunables/global>
 profile virtiofsd @{exec_path} {
   include <abstractions/base>
 
-  # userns,
+  userns,
 
   capability chown,
   capability dac_override,