Hi, Vincas Dargis: > Running `aa-logprof` produces this error:
> ERROR: permission contains unknown character(s) Pux [...] > Looking at `man apparmor.d`, I see these modes: > EXEC TRANSITION = ( 'ix' | 'ux' | 'Ux' | 'px' | 'Px' | 'cx' | 'Cx' | > 'pix' | 'Pix' | 'cix' | 'Cix' | 'pux' | 'PUx' | 'cux' | 'CUx' | 'x' ) > and Pux is not mentioned. Interestingly http://wiki.apparmor.net/index.php/AppArmor_Core_Policy_Reference#Execute_rules says that Pux is supported since 2.5, so I wonder who's correct. Anyway, "P" was a mistake as I intended to disable environment variable scrubbing: bwrap needs $HOME (see bwrap(1)) and will clean the environment itself. Replacing Pux with pux fixes the problem you've seen here, and better expresses what I intended initially. Can you please confirm? If that works, would you be up to update my merge request upstream accordingly: https://code.launchpad.net/~intrigeri/apparmor-profiles/+git/apparmor-profiles/+merge/331058 … and then propose a branch forked off current Vcs-Git on the Debian side? Cheers, -- intrigeri