Known issue - the problem is that the log parsing doesn't check if "owner" would be enough (the information is available in the log).
I have a big, nearly-finished patchset that rewrites the handling of file rules. When this patchset is finished and accepted, it shouldn't be too hard to add owner restrictions by default.
Proposing @{HOME} instead of /home/*/ is another can of worms ;-) - the biggest part of this can will be to teach aa-logprof about the variable content.
Known issue - the problem is that the log parsing doesn't check if "owner" would be enough (the information is available in the log).
I have a big, nearly-finished patchset that rewrites the handling of file rules. When this patchset is finished and accepted, it shouldn't be too hard to add owner restrictions by default.
Proposing @{HOME} instead of /home/*/ is another can of worms ;-) - the biggest part of this can will be to teach aa-logprof about the variable content.