AppArmor

  1. Bug #1791711
  2. Comment #2

Comment 2 for bug 1791711

Revision history for this message
Jann Horn (corp account) (jannh) wrote : Re: path-based AppArmor controls for snap-confine are ineffective

(The reason why SELinux doesn't have such issues is that SELinux works with filesystem-root-relative paths instead of namespace-root-relative ones, so the mount hierarchy has no effect on security controls, apart from security labels that are set via mount options.)