Comment 11 for bug 1890848

This change regressed my apparmor profile for a script I'm working on, which walks over processes using python3-psutil, in bionic.

I have this config in the apparmor profile:

  capability sys_ptrace,
  ptrace trace,

With kernel 4.15.0-154-generic #161 it works.

With kernel 4.15.0-158-generic #166 I get a DENIED error and the script backtraces when reading, for example, /proc/<pid>/fd/0 of some process, with os.readlink():

[ 19.223703] audit: type=1400 audit(1632507704.072:30): apparmor="DENIED" operation="ptrace" profile="/etc/hostos-monitoring/plugins.d/process-monitoring" pid=1098 comm="process-monitor" requested_mask="read" denied_mask="read" peer="unconfined"