[apparmor] Profile variable for the PID of the confined process?

[intrigeri]

Simon Deziel wrote (19 Mar 2015 12:26:59 GMT) :
> On 03/19/2015 05:47 AM, intrigeri wrote:
>> lots of our profiles give access to things like
>> @{PROC}/@{pid}/[something], which in my understanding:
>> 
>>  1. is unnecessarily wide open most of the time: the process often
>>     only needs to gather information about itself, not about any other
>>     process, right?

> Maybe "owner" could help with that?

Yep, that's the workaround I had in mind. Now, since we're going to
have a variable to do it properly some day, then I *personally* won't
invest time in adding "owner" everywhere I care: validating this kind
of changes isn't very cheap.

Cheers,
-- 
intrigeri