On 2020-08-12, Jonas Große Sundrup wrote: > Or in other words: where is my mental model of AppArmor still > incorrect?
After some further experimentation, I think I can now answer my own question here, if anyone observes a similar problem and happens to find my original mail: The executable in question, in whose profile the ix-confinement did not work, was in fact not the executable, but a symlink to it, which I didn't directly notice. While htop will then note the process via its *executed* name, aka the name of the symlink, AppArmor triggers only for the *actual* executable. After realizing this and adapting the profiles accordingly, everything now works smoothly according to the documentation. :) ~ Jonas -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
