TODO: tests
libapparmor performs a test for the new stacking interface, however how it does this test is problematic as it requires all confined tasks to be given read access to the task introspection interface.
This results in tasks needing to be given read access to the interface even if they don't need it. Making it possible for tasks to discover their confinement even if they are not supposed to be able to.
Instead change the check to using state on the parent directory. This will generate a getattr request instead of read and make it on the directory instead of on any interface file that could be used to obtain information.
Signed-off-by: John Johansen john.johansen@canonical.com