fix(profile): fixes some issues raised by tests.

apparmor.d/abstractions/base.d/complete

@@ -10,6 +10,7 @@
   # Allow to receive some signals from new well-known profiles
   signal (receive)                           peer=btop,
   signal (receive)                           peer=htop,
+  signal (receive)                           peer=pkill,
   signal (receive)                           peer=sudo,
   signal (receive)                           peer=top,
   signal (receive) set=(cont,term,kill,stop) peer=systemd-shutdown,

apparmor.d/groups/utils/lsfd

@@ -11,15 +11,25 @@ profile lsfd @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/nameservice-strict>
 
+  capability bpf,
   capability checkpoint_restore,
   capability dac_read_search,
+  capability net_admin,
   capability sys_admin,
+  capability sys_chroot,
   capability sys_ptrace,
   capability sys_resource,
   capability syslog,
 
+  network inet dgram,
+  network inet stream,
+  network inet6 dgram,
+  network inet6 raw,
+  network inet6 stream,
+  network inet6 stream,
   network netlink dgram,
   network netlink raw,
+  network packet dgram,
 
   ptrace read,
   ptrace trace,
@@ -38,20 +48,20 @@ profile lsfd @{exec_path} flags=(attach_disconnected) {
 
   @{sys}/kernel/cpu_byteorder r,
 
-        @{PROC}/ r,
+  @{PROC}/ r,
-        @{PROC}/@{pid}/ r,
+  @{PROC}/@{pid}/ r,
-        @{PROC}/@{pid}/comm r,
+  @{PROC}/@{pid}/comm r,
-        @{PROC}/@{pid}/fd/ r,
+  @{PROC}/@{pid}/fd/ r,
-        @{PROC}/@{pid}/fdinfo/@{int} r,
+  @{PROC}/@{pid}/fdinfo/@{int} r,
-        @{PROC}/@{pid}/mountinfo r,
+  @{PROC}/@{pid}/mountinfo r,
-        @{PROC}/@{pid}/net/* r,
+  @{PROC}/@{pid}/net/* r,
-        @{PROC}/@{pid}/stat r,
+  @{PROC}/@{pid}/stat r,
-        @{PROC}/@{pid}/task/ r,
+  @{PROC}/@{pid}/syscall r,
-        @{PROC}/devices r,
+  @{PROC}/@{pid}/task/ r,
-        @{PROC}/misc r,
+  @{PROC}/devices r,
-        @{PROC}/partitions r,
+  @{PROC}/misc r,
-        @{PROC}/tty/drivers r,
+  @{PROC}/partitions r,
-  owner @{PROC}/@{pid}/syscall r,
+  @{PROC}/tty/drivers r,
 
   include if exists <local/lsfd>
 }

apparmor.d/groups/utils/lsipc

@@ -27,6 +27,8 @@ profile lsipc @{exec_path} {
   @{PROC}/sysvipc/sem r,
   @{PROC}/sysvipc/shm r,
 
+  /dev/mqueue/ r,
+
   include if exists <local/lsipc>
 }
 

apparmor.d/profiles-m-r/mkinitramfs

@@ -93,14 +93,14 @@ profile mkinitramfs @{exec_path} {
   owner /var/lib/kdump/initramfs-tools/** rw,
   owner /var/lib/kdump/initrd.* rw,
 
-        /var/tmp/ r,
+  /var/tmp/ r,
-        /var/tmp/mkinitramfs_@{rand6}/** w,
+  /var/tmp/mkinitramfs_@{rand6}/** w,
-        /var/tmp/modules_@{rand6} rw,
+  /var/tmp/modules_@{rand6} rw,
-  owner /var/tmp/mkinitramfs_@{rand6} rw,
+  /var/tmp/mkinitramfs_@{rand6} rw,
-  owner /var/tmp/mkinitramfs_@{rand6}/ rw,
+  /var/tmp/mkinitramfs_@{rand6}/ rw,
-  owner /var/tmp/mkinitramfs_@{rand6}/** rwl -> /var/tmp/mkinitramfs_@{rand6}/**,
+  /var/tmp/mkinitramfs_@{rand6}/** rwl -> /var/tmp/mkinitramfs_@{rand6}/**,
-  owner /var/tmp/mkinitramfs-@{rand6} rw,
+  /var/tmp/mkinitramfs-@{rand6} rw,
-  owner /var/tmp/mkinitramfs-*_@{rand6} rw,
+  /var/tmp/mkinitramfs-*_@{rand6} rw,
 
   owner /tmp/tmp.@{rand10}/mkinitramfs_@{rand6} rw,
   owner /tmp/tmp.@{rand10}/mkinitramfs_@{rand6}/ rw,