"Ok so overall:

  deny capability chown -> capability chown
  (can we limit that to a certain scope)"

Unfortunately, no, not unless we get help from unbound to
change_profile/change_onexec after a fork/exec or it is happening in a
helper binary that we could separately profile.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1749931

Title:
  unbound-control local socket  broken by apparmor

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unbound/+bug/1749931/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to