Hi, thanks Christian and Simon for summing up the problem and pointing to promising work.
As mentioned in my introductory email I don't think it's worth putting too much effort into AppArmor for the GUI apps use case, and one should not expect too much security from it. I suggest anyone interested in major redesigns and solutions for the bright future to look into the "security by designation" concept & the corresponding implementations in Flatpak and friends instead. This is why my preferred strategy here is to focus on the low-hanging fruits i.e. ship policy that works well already, or needs only small amounts of polishing. For more complex cases for which AppArmor is not well suited, let's either make the profile wide enough to avoid breaking stuff (at the cost of making it provide little security) or simply disable it by default. Thunderbird is definitely one of these complex cases so let's keep an eye on it: if AppArmor is too disruptive there then we will disable it by default for Thunderbird. Cheers, -- intrigeri
