Oh nice, this was overlooked for more than a year :-/ The profiles mostly look good when reading (!= testing) them.
Some small notes: In the scp profile, you have "/bin/cp PUx,". It's very unlikely that someone has a profile for it, so ffectively we get Ux. I'd prefer ix or Cx and a small child profile (assuming cp isn't too hard to profile - I never tried ;-) In the ssh profile, you have "/usr/lib/openssh/gnome-ssh-askpass mix,". Please also allow /usr/lib/ssh/ssh-askpass which seems to be openSUSE's binary name. For the ControlPath, I'm afraid you'll need a more permissive wildcard to avoid breaking cutom ControlPath settings. For example, I'm using ~/.ssh/ssh_control_HOSTNAME_PORT_USERNAME. Maybe something like ~/.ssh/*[0-9][0-9]* would work for everybody, while not opening up too many unrelated files because of the [0-9][0-9] (two digits) part which should be matched by the port. Finally, please use "mr" instead of "rm". Technically it's the same, but a) we use "mr" everywhere and b) "rm" might confuse users not too familiar with the permission syntax ;-) -- https://code.launchpad.net/~sdeziel/apparmor-profiles/ssh-scp-profiles/+merge/234310 Your team AppArmor Developers is requested to review the proposed merge of lp:~sdeziel/apparmor-profiles/ssh-scp-profiles into lp:apparmor-profiles. -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
