feat(profile): general update.

apparmor.d/groups/systemd/networkctl

@@ -16,14 +16,16 @@ profile networkctl @{exec_path} flags=(attach_disconnected) {
   capability sys_module,
   audit capability sys_resource,
 
-  ptrace (read) peer=@{systemd},
-
-  signal send peer=child-pager,
-
   network inet dgram,
   network inet6 dgram,
   network netlink raw,
 
+  signal send peer=child-pager,
+
+  ptrace (read) peer=@{systemd},
+
+  unix (bind) type=stream addr=@@{hex}/bus/networkctl/system,
+
   # dbus: talk bus=system name=org.freedesktop.network1 label=systemd-networkd
 
   @{exec_path} mr,

apparmor.d/groups/systemd/systemd-hostnamed

@@ -16,6 +16,8 @@ profile systemd-hostnamed @{exec_path}  flags=(attach_disconnected) {
 
   capability sys_admin,  # To set a hostname
 
+  unix (bind) type=stream addr=@@{hex}/bus/systemd-hostnam/system,
+
   # dbus: own bus=system name=org.freedesktop.hostname1
 
   dbus send bus=system path=/org/freedesktop/DBus

apparmor.d/groups/systemd/systemd-logind

@@ -29,6 +29,8 @@ profile systemd-logind @{exec_path} flags=(attach_disconnected,complain) {
 
   # mqueue r type=posix /,
 
+  unix (bind) type=stream addr=@@{hex}/bus/systemd-logind/system,
+
   # dbus: own bus=system name=org.freedesktop.login1
 
   # dbus: talk bus=system name=org.freedesktop.systemd1 label="@{systemd}"
@@ -131,10 +133,10 @@ profile systemd-logind @{exec_path} flags=(attach_disconnected,complain) {
         @{PROC}/sysvipc/{shm,sem,msg} r,
   owner @{PROC}/@{pid}/fdinfo/@{int} r,
 
-  /dev/dri/card@{int} rw,
-  /dev/input/event@{int} rw,  # Input devices (keyboard, mouse, etc)
-  /dev/mqueue/ r,
-  /dev/tty@{int} rw,
+        /dev/dri/card@{int} rw,
+        /dev/input/event@{int} rw,  # Input devices (keyboard, mouse, etc)
+        /dev/mqueue/ r,
+        /dev/tty@{int} rw,
   owner /dev/shm/{,**/} rw,
 
   include if exists <local/systemd-logind>

apparmor.d/groups/systemd/systemd-networkd

@@ -27,6 +27,8 @@ profile systemd-networkd @{exec_path} flags=(attach_disconnected,complain) {
   network packet dgram,
   network packet raw,
 
+  unix (bind) type=stream addr=@@{hex}/bus/systemd-network/bus-api-network,
+
   # dbus: own bus=system name=org.freedesktop.network1
 
   dbus send bus=system path=/org/freedesktop/hostname1

apparmor.d/groups/systemd/systemd-timedated

@@ -15,6 +15,8 @@ profile systemd-timedated @{exec_path} flags=(attach_disconnected) {
 
   capability sys_time,
 
+  unix (bind) type=stream addr=@@{hex}/bus/systemd-timedat/system,
+
   # dbus: own bus=system name=org.freedesktop.timedate1
 
   dbus send bus=system path=/org/freedesktop/systemd1/unit/*

apparmor.d/groups/systemd/systemd-timesyncd

@@ -21,6 +21,8 @@ profile systemd-timesyncd @{exec_path} flags=(attach_disconnected) {
   network inet stream,
   network inet6 stream,
 
+  unix (bind) type=stream addr=@@{hex}/bus/systemd-timesyn/bus-api-timesync,
+
   # dbus: own bus=system name=org.freedesktop.timesync1
 
   @{exec_path} mr,

apparmor.d/groups/systemd/systemd-update-utmp

@@ -17,6 +17,8 @@ profile systemd-update-utmp @{exec_path} {
 
   network netlink raw,
 
+  unix (bind) type=stream addr=@@{hex}/bus/systemd-update-/,
+
   @{exec_path} mr,
 
   @{run}/host/container-manager r,

apparmor.d/groups/systemd/systemd-user-runtime-dir

@@ -23,6 +23,8 @@ profile systemd-user-runtime-dir @{exec_path} {
   mount fstype=tmpfs options=(rw,nosuid,nodev) -> @{run}/user/@{uid}/,
   umount @{run}/user/@{uid}/,
 
+  unix (bind) type=stream addr=@@{hex}/bus/systemd-user-ru/system,
+
   @{exec_path} mr,
 
   /etc/machine-id r,