Merge profiles: add /run/snapd.socket rule for curl

This ideally is a temporary fix because we do not want to allow all users
of curl to be able to access the snapd socket. However, this will work for
now until we can mediate the accesses better.

Fixes: LP: #2120669

Signed-off-by: Ryan Lee <ryan.lee@canonical.com>

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1774
Approved-by: John Johansen <john@jjmx.net>
Merged-by: John Johansen <john@jjmx.net>

profiles/apparmor.d/curl

@@ -42,6 +42,10 @@ profile curl /usr/bin/curl {
   network inet6 stream,
   network inet6 dgram,
 
+  # Allow access to the snap socket until we can revisit it with delegation
+  # or profile refactoring
+  file rw @{run}/snapd.socket,
+
   # Site-specific additions and overrides. See local/README for details.
   include if exists <local/curl>
 }