Comment 10 for bug 1662501

I think we could really use some kind of conditional construct (IF ... THEN ...) in AppArmor syntax. Everything being talking about here should, ideally, be adjustable using tunables. With a debconf configuration option, even.

Between users who want strict access control to user files, and users who don't know "how to computer," there's no way we're going to get agreement on a default configuration that satisfies the former. The best outcome, then, is to make tightening up the access easy, and editing lines in the guts of profile and abstraction files IMO does not measure up to that.