Hey Christian! thanks a lot for your fast reaction on this report!
>In other words: this looks like normal and expected behaviour to me. You'll need to add a rule ok, that makes sense. >Note that abstractions/base allows signal (receive) peer=unconfined, - and "unconfined" does not match your profile name. but if we have this specific rule just for unconfined label, why we don't have analogical rule for profiles with flags=(unconfined)? Because this "unconfined" profile flag was presented as a drop-in replacement for an old unconfined label. Isn't it? The problem with your proposal of adding an extra rule in a profile is that, it's a painful for existing software to step from old "unconfined" label to a new "flags=(unconfined)" profile, because this will require revisiting and modification of many existing and stable apparmor profiles. Which is not acceptable. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2077413 Title: apparmor unconfined profile blocks signal sending To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/2077413/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
