Comment 9 for bug 1868363

Hmm, it directly seems to call the interpreter - eager to see if the rule I added actually helps.

I have not yet added anything for the ptrace denials, it might (hopefully) go away once the running of the hook inherits the profile as intended.
Otherwise granting ptrace to everything unconfined would be too open and we'll need a subprofile for the hook I guess.

Waiting for your next update here ...