Comment 2 for bug 2056739

There is precedence in /etc/apparmor.d/abstractions/base holding various rules like these
$ grep etc_ro /etc/apparmor.d/abstractions/base
  @{etc_ro}/locale/** r,
  @{etc_ro}/locale.alias r,
  @{etc_ro}/localtime r,
  @{etc_ro}/bindresvport.blacklist r,
  @{etc_ro}/ld.so.cache mr,
  @{etc_ro}/ld.so.conf r,
  @{etc_ro}/ld.so.conf.d/{,*.conf} r,
  @{etc_ro}/ld.so.preload r,
  @{etc_ro}/ld-musl-*.path r,

I'd think the better fix is to allow it there.

Actually, base isn't the best.
I think it should go into /etc/apparmor.d/abstractions/crypto (which is included by base)

If Adrien knows about similar, "whoever uses it should have read access to that config to restrict it accordingly" config files we might want to add them all in one block there.