feat(profile): general update and fixes.

apparmor.d/groups/bus/dbus-system

@@ -16,7 +16,7 @@ include <tunables/global>
 profile dbus-system flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/bus-system>
-  include <abstractions/consoles>
+  include <abstractions/attached/consoles>
   include <abstractions/deny-sensitive-home>
   include <abstractions/nameservice-strict>
 

apparmor.d/groups/freedesktop/xdg-desktop-portal-gnome

@@ -65,6 +65,7 @@ profile xdg-desktop-portal-gnome @{exec_path} flags=(attach_disconnected) {
   owner @{PROC}/@{pid}/cmdline r,
   owner @{PROC}/@{pid}/mountinfo r,
   owner @{PROC}/@{pid}/task/@{tid}/ r,
+  owner @{PROC}/@{pid}/task/@{tid}/comm rw,
   owner @{PROC}/@{pid}/task/@{tid}/status r,
 
   include if exists <local/xdg-desktop-portal-gnome>

apparmor.d/groups/freedesktop/xdg-desktop-portal-gtk

@@ -9,6 +9,7 @@ include <tunables/global>
 @{exec_path} = @{lib}/xdg-desktop-portal-gtk
 profile xdg-desktop-portal-gtk @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
+  include <abstractions/attached/consoles>
   include <abstractions/bus-accessibility>
   include <abstractions/bus-session>
   include <abstractions/bus-system>

apparmor.d/groups/kde/sddm

@@ -172,12 +172,13 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) {
   owner @{tmp}/#@{int} rw,
   owner @{tmp}/sddm-auth* rw,
 
+  @{att}/@{run}/systemd/sessions/{,@{l}}@{int}.ref rw,
+
         @{run}/faillock/@{user} rwk,
         @{run}/sddm.pid rw,
         @{run}/sddm/\{@{uuid}\} rw,
         @{run}/sddm/#@{int} rw,
         @{run}/sddm/xauth_@{rand6} rwl -> @{run}/sddm/#@{int},
-        @{run}/systemd/sessions/*.ref rw,
         @{run}/user/@{uid}/xauth_@{rand6} rwl,
   owner @{run}/sddm/ rw,
   owner @{run}/user/@{uid}/ r,

apparmor.d/groups/network/mullvad-daemon

@@ -59,9 +59,9 @@ profile mullvad-daemon @{exec_path} flags=(attach_disconnected) {
   owner @{tmp}/@{uuid} rw,
   owner @{tmp}/talpid-openvpn-@{uuid} rw,
 
+        @{PROC}/sys/net/ipv{4,6}/conf/all/src_valid_mark rw,
   owner @{PROC}/@{pid}/mounts r,
   owner @{PROC}/sys/net/ipv6/conf/all/disable_ipv6 r,
-        @{PROC}/sys/net/ipv{4,6}/conf/all/src_valid_mark rw,
 
   /dev/net/tun rw,
 

apparmor.d/groups/pacman/aurpublish

@@ -47,14 +47,15 @@ profile aurpublish @{exec_path} {
   /etc/makepkg.conf r,
   /etc/makepkg.conf.d/{,**} r,
 
-  owner @{user_build_dirs}/**/ w,
+  owner @{user_build_dirs}/{,**/} w,
   owner @{user_projects_dirs}/** r,
   owner @{user_projects_dirs}/**/.git/COMMIT_EDITMSG rw,
   owner @{user_projects_dirs}/**/.SRCINFO rw,
 
-  owner @{user_cache_dirs}/makepkg/src/* rw,
+  owner @{user_cache_dirs}/makepkg/src/** rw,
   owner @{user_config_dirs}/pacman/makepkg.conf r,
 
+  owner /tmp/*/src/ w,
   owner @{tmp}/tmp.@{rand10} rw,
 
   /dev/tty rw,
@@ -64,14 +65,26 @@ profile aurpublish @{exec_path} {
 
     @{bin}/gpg{,2} mr,
     @{bin}/gpgconf mr,
+    @{bin}/gpg-agent rix,
+    @{lib}/{,gnupg/}scdaemon rix,
 
     owner @{HOME}/@{XDG_GPG_DIR}/ rw,
     owner @{HOME}/@{XDG_GPG_DIR}/** rwkl -> @{HOME}/@{XDG_GPG_DIR}/**,
 
     owner @{user_cache_dirs}/makepkg/src/*.asc r,
 
+    owner @{run}/user/@{uid}/ r,
+    owner @{run}/user/@{uid}/gnupg/ r,
+    owner @{run}/user/@{uid}/gnupg/d.@{rand}/ rw,
+    owner @{run}/user/@{uid}/gnupg/d.@{rand}/S.gpg-agent rw,
+    owner @{run}/user/@{uid}/gnupg/d.@{rand}/S.gpg-agent.browser w,
+    owner @{run}/user/@{uid}/gnupg/d.@{rand}/S.gpg-agent.extra w,
+    owner @{run}/user/@{uid}/gnupg/d.@{rand}/S.gpg-agent.ssh w,
+
     owner @{tmp}/tmp.@{rand10} rw,
 
+    owner @{PROC}/@{pid}/fd/ r,
+
     include if exists <local/aurpublish_gpg>
   }