A profile declaration also has issues with variables
It looks like the profile declaration also has issues with variables. :) For instance:
abi <abi/3.0>,
include <tunables/global>
profile app "@{HOME}/dir/app" {
include <abstractions/base>
"@{HOME}/dir/app" mr,
include if exists <local/app>
}The above profile is unable to confine the app (it won't match the path). When I use /home/*/ instead of @{HOME}/, then it works well.