So let's say the trusted app is just a shell script with it's own profile enabled. And the script calls unshare with a fixed set of CLI parameters that only allow safe operations or even just disconnect networking for its childs.
Then we decouple the unsafe operations from unshare that are disallowed for its children from the safe operations that need to be inherited. Would that work? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2056555 Title: Allow bitbake to create user namespace To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2056555/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
