I dropped the 2 capabilities that were useless (dac_override and chown). The new merge proposal is also protecting the control and server key while still allowing automatic key update using the auto-trust-anchor-file mechanism (RFC5011). The paths used to express the rules are now covering a regular setup and a chrooted one using this syntax :
/{,var/lib/unbound/}etc/unbound -- https://code.launchpad.net/~sdeziel/apparmor-profiles/unbound-profile/+merge/83892 Your team AppArmor Developers is subscribed to branch lp:apparmor-profiles. -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor