feat(profiles): general update.

apparmor.d/groups/cron/cron

@@ -44,10 +44,11 @@ profile cron @{exec_path} flags=(attach_disconnected) {
   @{etc_ro}/security/limits.d/{,**} r,
 
   /var/spool/cron/crontabs/{,*} r,
+  /var/spool/cron/tabs/{,*} r,
 
-        @{run}/systemd/sessions/*.ref rw,
-  owner @{run}/crond.pid rwk,
-  owner @{run}/crond.reboot rw,
+  @{run}/crond.pid rwk,
+  @{run}/crond.reboot rw,
+  @{run}/systemd/sessions/*.ref rw,
 
   owner /tmp/#[0-9]*[0-9] rw,
 

apparmor.d/groups/network/ModemManager

@@ -11,6 +11,7 @@ profile ModemManager @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
   include <abstractions/consoles>
   include <abstractions/dbus-strict>
+  include <abstractions/devices-usb>
 
   network qipcrtr dgram,
   network netlink raw,

apparmor.d/groups/network/mullvad-daemon

@@ -36,6 +36,7 @@ profile mullvad-daemon @{exec_path} flags=(attach_disconnected) {
   /{usr/,}bin/ip  rix,
 
   "/opt/Mullvad VPN/resources/openvpn" rix,
+  "/opt/Mullvad VPN/resources/*.so*" mr,
   "/opt/Mullvad VPN/resources/*" r,
 
   /etc/mullvad-vpn/{,*} r,

apparmor.d/groups/network/openvpn

@@ -50,13 +50,8 @@ profile openvpn @{exec_path} {
 
   @{exec_path} mr,
 
-  # OpenVPN config
-  /etc/openvpn/*.{conf,ovpn} r,
-  /etc/openvpn/client/*.{conf,ovpn} r,
-  /etc/openvpn/client/*_userpass.txt r,
-  /etc/openvpn/server/*.{conf,ovpn} r,
-  /etc/openvpn/auth/*.auth r,
-  /etc/openvpn/certs/*.{key,crt} r,
+  /etc/openvpn/{,**} r,
+
   @{HOME}/.cert/{,**} r,
 
   /var/log/openvpn/*.log w,

apparmor.d/groups/systemd/systemd-userwork

@@ -12,6 +12,8 @@ profile systemd-userwork @{exec_path} flags=(attach_disconnected) {
   include <abstractions/nameservice-strict>
   include <abstractions/systemd-common>
 
+  capability sys_resource,
+
   @{exec_path} mr,
 
   /etc/machine-id r,