feat(profile): general update.

apparmor.d/profiles-s-z/YACReaderLibrary

@@ -34,9 +34,8 @@ profile YACReaderLibrary @{exec_path} flags=(attach_disconnected,mediate_deleted
 
   /etc/machine-id r,
 
-  owner @{user_books_dirs}/{,**} r,
+  owner @{user_books_dirs}/{,**} rw,
   owner @{user_books_dirs}/**/.yacreaderlibrary/{,**} rwk,
-  owner @{user_books_dirs}/**/None rw,
 
   owner @{user_cache_dirs}/YACReader/ rw,
   owner @{user_cache_dirs}/YACReader/YACReaderLibrary/ rw,

apparmor.d/profiles-s-z/steam-launch

@@ -23,6 +23,7 @@ profile steam-launch @{exec_path} {
   @{exec_path} mr,
 
   @{sh_path}         rix,
+  @{bin}/cmp         rix,
   @{bin}/cp          rix,
   @{bin}/dirname     rix,
   @{bin}/env         rix,
@@ -33,6 +34,8 @@ profile steam-launch @{exec_path} {
   @{lib}/steam/bin_steam.sh  rix,
   @{share_dirs}/steam.sh     rPx,
 
+  @{runtime_dirs}/@{arch}/steam-runtime-steam-remote rPUx,
+
   /usr/ r,
   /usr/local/ r,
 

apparmor.d/profiles-s-z/thunderbird-vaapitest

@@ -12,7 +12,7 @@ include <tunables/global>
 @{cache_dirs} = @{user_cache_dirs}/@{name}/
 
 @{exec_path} = @{lib_dirs}/vaapitest
-profile thunderbird-vaapitest @{exec_path} {
+profile thunderbird-vaapitest @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/graphics>
 

apparmor.d/profiles-s-z/waybar

@@ -1,4 +1,5 @@
 # apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2024 Alexandre Pujol <alexandre@pujol.io>
 # Copyright (C) 2024 odomingao
 # SPDX-License-Identifier: GPL-2.0-only
 

apparmor.d/profiles-s-z/whereis

@@ -30,7 +30,7 @@ profile whereis @{exec_path} {
   /opt/cni/bin/ r,
   /opt/containerd/bin/ r,
 
-  /etc/ r,
+  @{etc_ro}/ r,
 
   /snap/bin/ r,
   /var/lib/flatpak/exports/bin/ r,