feat(profile): add some unix rules with local address.

apparmor.d/groups/systemd/busctl

@@ -17,6 +17,8 @@ profile busctl @{exec_path} {
 
   ptrace (read),
 
+  unix (bind) type=stream addr=@@{hex}/bus/busctl/busctl,
+
   @{exec_path} mr,
 
   @{bin}/less  rPx -> child-pager,

apparmor.d/groups/systemd/systemd-localed

@@ -17,6 +17,8 @@ profile systemd-localed @{exec_path} flags=(attach_disconnected) {
   # Needed?
   audit capability net_admin,
 
+  unix (bind) type=stream addr=@@{hex}/bus/systemd-localed/system,
+
   # dbus: own bus=system name=org.freedesktop.locale1
 
   @{exec_path} mr,

apparmor.d/groups/systemd/systemd-timesyncd

@@ -22,6 +22,7 @@ profile systemd-timesyncd @{exec_path} flags=(attach_disconnected) {
   network inet6 stream,
 
   unix (bind) type=stream addr=@@{hex}/bus/systemd-timesyn/bus-api-timesync,
+  unix (send, receive) type=dgram addr=none peer=(label=@{systemd}, addr=none),
 
   # dbus: own bus=system name=org.freedesktop.timesync1