feat(profile): ensure nautilus can access root files.

apparmor.d/groups/gvfs/gvfsd-admin

@@ -22,14 +22,15 @@ profile gvfsd-admin @{exec_path} {
 
   /usr/share/mime/mime.cache r,
 
-  @{MOUNTS}/{,**} rw,
+  #aa:lint ignore=too-wide
-
+  # Full access to system's data, but no write access to sensitive system directories
-  @{run}/mount/utab r,
+  / r,
-  @{run}/user/@{uid}/gvfsd/socket-@{rand8} rw,
+  /*/ r,
-
+  /*/** rw,
-  @{PROC}/@{pid}/fdinfo/@{int} r,
+  deny @{sys}/** w,
-  @{PROC}/@{pid}/mountinfo r,
+  deny @{PROC}/** w,
-  @{PROC}/@{pid}/stat r,
+  deny @{efi}/** w,
+  deny /dev/** w,
 
   include if exists <local/gvfsd-admin>
 }