Pin features to the ones provided by Apertis kernels

Apertis kernels do support dbus, unix and (old-style) network mediation via extra apertis patches. Add those to the pinned feature for the apertis apparmor.

This will cause the profile parser to upload profiles to the kernel with those features present, such that dbus/network/unix mediation is actually used.

On top of that it seems that the Apertis kernel will deny usage of unix socket if those features aren't present in the loaded profiles (in principle it should detect the profile doesn't want to mediate unix, but for some reason that doesn't work as expected).

Tested with a plain buster 4.19 kernel as well as the Apertis kernel to ensure this wouldn't cause issues on systems without extra apparmor patches, which does not seem to be the case.

Signed-off-by: Sjoerd Simons sjoerd.simons@collabora.co.uk