Fix systemd-logind apparmor rule

Systemd-logind fails to start in SDK, preventing other subsystems like PipeWire or WirePlumber to start, with error:

• kernel: audit: type=1400 audit(1623416689.776:50): apparmor="DENIED" operation="sendmsg" info="Failed name lookup - disconnected path" error=-13 profile="/lib/systemd/systemd-logind" name="run/systemd/notify" pid=393 comm="systemd-logind" requested_mask="w" denied_mask="w" fsuid=0 ouid=0

From https://lists.ubuntu.com/archives/apparmor/2018-July/011718.html about attach_disconnected flag, this error occurs for:

a fd that was opened outside of the namespace and "passed in". The "passed in" could be via some fd passing scheme, process inheritance - file open at exec, process inheritance - file open at clone newns, unshare, setns, or file open at pivot_root/chroot with the fd outside of the new root.

AppArmor's default behavior is to reject new accesses to disconnected paths reporting back the pathname without a leading /. Unfortunately this can break some applications, if a profile must allow for mediation of disconnected paths then the profile flag attach_disconnected can be used. This prepend a leading / to the reported name, however this may not result in the original name of the file as AppArmor can only attach the file to root, not to its original location.

See https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_2.5#path-name-lookup-and-mediation-of

Signed-off-by: Frédéric Danis frederic.danis@collabora.com