feat(profile): general update.

apparmor.d/profiles-m-r/mount

@@ -49,7 +49,6 @@ profile mount @{exec_path} flags=(attach_disconnected) {
   @{MOUNTS}/ rw,
   @{MOUNTS}/*/ rw,
   @{MOUNTS}/*/*/ rw,
-  /media/cdrom[0-9]/ r,
 
   # Mount iso/img files
   owner @{user_img_dirs}/{,**} rwk,

apparmor.d/profiles-m-r/ntfs-3g

@@ -9,8 +9,9 @@ include <tunables/global>
 
 @{exec_path}  = @{bin}/{low,}ntfs{,-3g}
 @{exec_path} += @{bin}/mount.{low,}ntfs{,-3g}
-profile ntfs-3g @{exec_path} {
+profile ntfs-3g @{exec_path} flags=(attach_disconnected) {
   include <abstractions/base>
+  include <abstractions/consoles>
   include <abstractions/disks-write>
   include <abstractions/nameservice-strict>
 

apparmor.d/profiles-m-r/ollama

@@ -47,4 +47,6 @@ profile ollama @{exec_path} flags=(attach_disconnected) {
   owner @{PROC}/@{pid}/task/@{tid}/comm w,
 
   include if exists <local/ollama>
-}
+}
+
+# vim:syntax=apparmor

apparmor.d/profiles-m-r/pam-tmpdir-helper

@@ -15,7 +15,7 @@ profile pam-tmpdir-helper @{exec_path} {
 
   @{exec_path} mr,
 
-  owner @{tmp}/user/ rw,
+  owner /tmp/user/ rw,
   owner @{tmp}/ rw,
 
   /dev/ptmx rw,

apparmor.d/profiles-m-r/run-parts

@@ -137,7 +137,7 @@ profile run-parts @{exec_path} {
 
   owner @{tmp}/#@{int} rw,
   owner @{tmp}/$anacron* rw,
-  owner @{tmp}/file@{rand6} ra,
+  owner @{tmp}/file@{rand6} rw,
   
   owner @{sys}/class/power_supply/            r,