Hmm... indeed! I'll re-investigate why we need `m` permission by the default. I assume that if there's something that actually need `m` permission, a new key in the easyprof manifest would be needed, right?
As for `l` rule for writes, do you think it's safe to add? Given that "the new link MUST have a subset of permissions as the original file" [1], this shouldn't be able to be used to open up more permission. [1]: https://manpages.debian.org/bookworm/apparmor/apparmor.d.5.en.html#l~2 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2058690 Title: aa-easyprof: allow mmap and link from easyprof generated profiles To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2058690/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
