Andreas fixed that in 2.4.49+dfsg-2ubuntu1 [Focal] which started to have profile in openldap and include ssl_cert which (as Christian Bolz outlined above) do include those paths.
Fixed Focal onwads, and since users can modify the local overrides if needed I'm not sure how important an SRU of the same is (changing isolation in SRUs is discouraged AFAIK).
Andreas fixed that in 2.4.49+ dfsg-2ubuntu1 [Focal] which started to have profile in openldap and include ssl_cert which (as Christian Bolz outlined above) do include those paths.
# grep ssl_c /etc/apparmor. d/usr.sbin. slapd ssl_certs>
#include <abstractions/
# grep enc /etc/apparmor. d/abstractions/ ssl_certs letsencrypt/ archive/ */cert* .pem r, letsencrypt/ archive/ */chain* .pem r, letsencrypt/ archive/ */fullchain* .pem r,
/etc/
/etc/
/etc/
Fixed Focal onwads, and since users can modify the local overrides if needed I'm not sure how important an SRU of the same is (changing isolation in SRUs is discouraged AFAIK).