I dropped the 2 capabilities that were useless (dac_override and chown). The
new merge proposal is also protecting the control and server key while still
allowing automatic key update using the auto-trust-anchor-file mechanism
(RFC5011). The paths used to express the rules are now covering a regular setup
and a chrooted one using this syntax :
/{,var/lib/unbound/}etc/unbound
--
https://code.launchpad.net/~sdeziel/apparmor-profiles/unbound-profile/+merge/83892
Your team AppArmor Developers is subscribed to branch lp:apparmor-profiles.
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
