Comment on Do AppArmor and Flatpak have any weird interactions?
DeltaWingDragon@sh.itjust.works 5 weeks agoIf the applications are installed for a single user, then the executable will be different for each user. This means that one user runs the app with an Apparmor profile, another user runs it unconfined.
that_leaflet@lemmy.world 5 weeks ago
Oh I understand now, you’re referring to making AppArmor profiles to target a specific app. I just did a little research and it’s possible to create AppArmor policies for binaries that are in a user’s home folder.
Rather than hardcoding a specific user’s home, you can instead say “@{HOME}”. So you could create a profile for “@{HOME}/.local/share/flatpak/app/appID/current/active/files/bin/binaryName” that would confine the app for all users.