The 'm' privilege is for _executable_ memory maps. I dislike giving this permission here -- especially since thumbnailers are so often abused and targeted by exploits.
My theory is that they are running with a code personality where READ_IMPLIES_X (based entirely on the per=400000 entries in the logs) -- is the skype team accessible? Can they report back why they use this personality? Thanks -- https://code.launchpad.net/~talkless/apparmor/gnome_abstraction_thumbnail_cache/+merge/330883 Your team AppArmor Developers is requested to review the proposed merge of lp:~talkless/apparmor/gnome_abstraction_thumbnail_cache into lp:apparmor. -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor