I’m trying to generate AppArmor policies to secure my “major/internet-facing” programs.
Most of those programs are Flatpaks.
Flatpaks already have their own sandboxing mechanism, which uses bwrap and XDG portals.
Does AppArmor have any weird interactions with Flatpak, e. g. blocking too much, or blocking too little, or being unable to block anything without rendering the whole program unusable?

    • DeltaWingDragon@sh.itjust.worksOP
      1·
      8 months ago

      Doesn’t Flatpak store separate applications for every user? I could see that causing trouble (the Firefox profile only confines on Alice’s account, Bob runs it without any Apparmor profile)

        • DeltaWingDragon@sh.itjust.worksOP
          1·
          8 months ago

          If the applications are installed for a single user, then the executable will be different for each user. This means that one user runs the app with an Apparmor profile, another user runs it unconfined.