I found myself wanting to do this again and tried this:
@{OTHER_PROFILE}="snap.foo.other" profile snap.foo.bar { /some/path Px -> @{OTHER_PROFILE}, }
This indirection allows the profile to compile but unfortunately can't transition to it:
audit: type=1400 audit(1517000294.082:10903): apparmor="DENIED" operation="exec" info="profile transition not found" error=-13 profile="snap.foo.bar" name="/some/path" pid=9534 comm="strace" requested_mask="x" denied_mask="x" fsuid=1000 ouid=1000
I found myself wanting to do this again and tried this:
@{OTHER_ PROFILE} ="snap. foo.other"
profile snap.foo.bar {
/some/path Px -> @{OTHER_PROFILE},
}
This indirection allows the profile to compile but unfortunately can't transition to it:
audit: type=1400 audit(151700029 4.082:10903) : apparmor="DENIED" operation="exec" info="profile transition not found" error=-13 profile= "snap.foo. bar" name="/some/path" pid=9534 comm="strace" requested_mask="x" denied_mask="x" fsuid=1000 ouid=1000