We specifically disallow access to '/run/user/[0-9]*/zmq/*-r' except for '/run/user/[0-9]*/zmq/@{APP_PKGNAME}_@{APP_APPNAME}-r' since otherwise confined scopes could mess with each other. It was my understanding that aggregating scopes could call confined scopes without problems (in fact, I thought I remembered that is what the '/run/user/[0-9]*/zmq/c*-r' endpoints were for).
I'm not sure if the unity-scopes-api has a bug or this is a design issue, but we can't allow '/run/user/[0-9]*/zmq/*-r' in the policy.
We specifically disallow access to '/run/user/ [0-9]*/ zmq/*-r' except for '/run/user/ [0-9]*/ zmq/@{APP_ PKGNAME} _@{APP_ APPNAME} -r' since otherwise confined scopes could mess with each other. It was my understanding that aggregating scopes could call confined scopes without problems (in fact, I thought I remembered that is what the '/run/user/ [0-9]*/ zmq/c*- r' endpoints were for).
I'm not sure if the unity-scopes-api has a bug or this is a design issue, but we can't allow '/run/user/ [0-9]*/ zmq/*-r' in the policy.