Here is a simpler apparmor policy (that is, no tincluding lxc abstractions):
#include <tunables/global>
/home/serge/test/aasocat { #include <abstractions/base> #include <abstractions/dbus> /home/serge/test/aasocat ixr, capability, network, file, /var/** rw, /usr/bin/** ixr, /bin/** ixr, }
Here is a simpler apparmor policy (that is, no tincluding lxc abstractions):
#include <tunables/global>
/home/serge/ test/aasocat { serge/test/ aasocat ixr,
#include <abstractions/base>
#include <abstractions/dbus>
/home/
capability,
network,
file,
/var/** rw,
/usr/bin/** ixr,
/bin/** ixr,
}