feat(profiles): general update.

apparmor.d/groups/apt/apt-config

@@ -17,6 +17,8 @@ profile apt-config @{exec_path} {
 
   /{usr/,}bin/dpkg rPx -> child-dpkg,
 
+  owner /tmp/tmp*/apt.conf r,
+
   owner @{PROC}/@{pid}/fd/ r,
 
   include if exists <local/apt-config>

apparmor.d/groups/apt/apt-key

@@ -1,5 +1,6 @@
 # apparmor.d - Full set of apparmor profiles
-# Copyright (C) 2019-2021 Mikhail Morfikov
+# Copyright (C) 2019-2022 Mikhail Morfikov
+# Copyright (C) 2022 Alexandre Pujol <alexandre@pujol.io>
 # SPDX-License-Identifier: GPL-2.0-only
 
 abi <abi/3.0>,
@@ -14,21 +15,21 @@ profile apt-key @{exec_path} {
   @{exec_path} mr,
 
   /{usr/,}bin/{,ba,da}sh rix,
+  /{usr/,}bin/{,e}grep   rix,
+  /{usr/,}bin/cat        rix,
+  /{usr/,}bin/chmod      rix,
+  /{usr/,}bin/cmp        rix,
+  /{usr/,}bin/comm       rix,
+  /{usr/,}bin/cp         rix,
+  /{usr/,}bin/cut        rix,
+  /{usr/,}bin/find       rix,
+  /{usr/,}bin/id         rix,
+  /{usr/,}bin/mktemp     rix,
+  /{usr/,}bin/readlink   rix,
   /{usr/,}bin/rm         rix,
   /{usr/,}bin/sed        rix,
-  /{usr/,}bin/cp         rix,
-  /{usr/,}bin/cat        rix,
-  /{usr/,}bin/cmp        rix,
-  /{usr/,}bin/find       rix,
-  /{usr/,}bin/cut        rix,
-  /{usr/,}bin/mktemp     rix,
-  /{usr/,}bin/chmod      rix,
-  /{usr/,}bin/touch      rix,
-  /{usr/,}bin/readlink   rix,
   /{usr/,}bin/sort       rix,
-  /{usr/,}bin/comm       rix,
-  /{usr/,}bin/{,e}grep   rix,
-  /{usr/,}bin/id         rix,
+  /{usr/,}bin/touch      rix,
   /{usr/,}bin/tr         rix,
   /{usr/,}bin/uniq       rix,
   /{usr/,}bin/wc         rix,
@@ -73,6 +74,11 @@ profile apt-key @{exec_path} {
     /{usr/,}bin/gpg-agent         rix,
     /{usr/,}bin/gpg-connect-agent rix,
 
+    /usr/share/gnupg/sks-keyservers.netCA.pem r,
+  
+    /etc/hosts r,
+    /etc/inputrc r,
+
     /etc/apt/.#lk0x[a-f0-9]*.@{pid} rw,
     /etc/apt/.#lk0x[a-f0-9]*.@{pid}x rwl -> /etc/apt/.#lk0x[a-f0-9]*.@{pid},
     /etc/apt/trusted.gpg{,~,.tmp} rw,
@@ -86,18 +92,13 @@ profile apt-key @{exec_path} {
 
     owner /tmp/apt-key-gpghome.*/ rw,
     owner /tmp/apt-key-gpghome.*/** rwkl -> /tmp/apt-key-gpghome.*/**,
+    owner /tmp/apt-key-gpghome.*/gpgoutput.{log,err} w,
+  
+    owner @{run}/user/@{uid}/gnupg/d.*/ rw,
 
     owner @{PROC}/@{pid}/fd/ r,
     owner @{PROC}/@{pid}/task/@{tid}/comm rw,
 
-    /usr/share/gnupg/sks-keyservers.netCA.pem r,
-
-    /etc/hosts r,
-    /etc/inputrc r,
-
-    # File_inherit
-    owner /tmp/apt-key-gpghome.*/gpgoutput.{log,err} w,
-
   }
 
   include if exists <local/apt-key>

apparmor.d/groups/apt/dpkg-preconfigure

@@ -38,6 +38,8 @@ profile dpkg-preconfigure @{exec_path} {
   owner /var/cache/debconf/{config,passwords,templates}.dat{,-old,-new} rwk,
   owner /var/log/unattended-upgrades/unattended-upgrades-dpkg.log rw,
 
+  owner @{run}/user/@{uid}/pk-debconf-socket rw,
+
   # The following is needed when dpkg-preconfigure uses debcconf GUI frontends.
   include <abstractions/gtk>
   include <abstractions/fonts>

apparmor.d/groups/apt/unattended-upgrade

@@ -33,7 +33,7 @@ profile unattended-upgrade @{exec_path} flags=(attach_disconnected) {
 
   dbus receive bus=system path=/org/freedesktop/NetworkManager
        interface=org.freedesktop.DBus.Properties
-       member=PropertiesChanged,
+       member={PropertiesChanged,GetAll},
 
   dbus receive bus=system path=/org/freedesktop/NetworkManager
        interface=org.freedesktop.NetworkManager