feat: update profiles.

apparmor.d/profiles-m-r/mandb

@@ -30,7 +30,7 @@ profile mandb @{exec_path} flags=(complain) {
   /usr/{,/share}/man/{,**} r,
   /usr/local/{,/share/}/man/{,**} r,
 
-  /usr/share/*/man/man[0-9]*/*.[0-9]*.gz r,
+  /usr/share/**/man/man[0-9]*/*.[0-9]*.gz r,
 
   include if exists <local/mandb>
 }

apparmor.d/profiles-m-r/mount

@@ -14,17 +14,11 @@ profile mount @{exec_path} flags=(complain) {
   include <abstractions/nameservice-strict>
 
   capability chown,
-
-  # To be able to mount anything
-  #  mount("/dev/sdb1", "/mnt", "ext4", 0, NULL) = -1 EPERM (Operation not permitted)
-  #  write(2, "/mnt: permission denied.", 24) = 24
-  capability sys_admin,
-
-  # For NTFS mounts
+  capability dac_read_search,
   capability setgid,
   capability setuid,
-
-  capability dac_read_search,
+  capability sys_admin,
+  capability sys_rawio,
 
   mount,