[apparmor] [Merge] ~intrigeri/apparmor-profiles/+git/apparmor-profiles:gnome-3.26 into apparmor-profiles:master

[intrigeri]

Review: Approve

Good news: "Totem → bwrap → totem-video-thumbnailer" now seems to work just fine with PUx, contrary to how it was last time I tested :) I think that's because Totem started passing "--chdir /" to bwrap, and my understanding of bubblewrap.c is that the fallback to cwd = $HOME only happens when --chdir is not passed. So we now get the security benefits of bwrap, without relying on it too much to clean up its environment (that's one of the important things to enforce the security boundaries bwrap wants to guarantee so I trust it's done carefully, but still, less trusted code is always good).

=> case closed.
-- 
https://code.launchpad.net/~intrigeri/apparmor-profiles/+git/apparmor-profiles/+merge/332769
Your team AppArmor Developers is subscribed to branch apparmor-profiles:master.