While I get the results you describe with the testcase you've provided, I don't think the description is completely accurate.
I performed my testing on: Linux hunt 3.11.0-12-generic #19-Ubuntu SMP Wed Oct 9 16:20:46 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux I went far simpler: cp /bin/bash /tmp/ Use this profile: /tmp/bash { /tmp/bash rmix, /lib/** rm, /dev/tty rw, } apparmor_parser tmp.bash Start the /tmp/bash shell, try to run 'ls': bash: /bin/ls: Permission denied Add /bin/ls rmix, to the profile apparmor_parser --replace tmp.bash Try ls again and you get a new error: ls: cannot open directory .: Permission denied Add /tmp/ r, to the profile, reload and re-ls, and it works. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1236455 Title: Running tasks are not subject to reloaded policies To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1236455/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs