Personally I'd love to see this decomposed into a larger "epic" that has smaller goals like:
- complain profile for /usr/bin/snap - transition to strict profile for /usr/bin/snap - complain profile for /usr/lib/snapd/snapd etc The deeper we go the more complexity is there to be expected. The test suite should help see if things break but I think complain-mode is to be expected for a longer while. At some point we will also need to tackle snapd re-exec and profile generation for itself, similar to how snap-confine has a custom profile generated based on the revision number of the snapd or core snaps. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2103959 Title: Add apparmor profiles for snap To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/2103959/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
