I spoke with John in IRC. While he still doesn't like the two patches that were written to fix this bug, he understands the reasoning.
They're needed for 16.04 so do not revert them. In a future release, we'll do a more complete lock down of the apparmorfs profiles file and apparmorfs profile directory to satisfy the goal that John has. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1560583 Title: reading /sys/kernel/security/apparmor/profiles requires CAP_MAC_ADMIN To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1560583/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs