In AppArmor for docker on Ubuntu, I have a directory /var/www that contains a bunch of virtual hosts' files. I want to deny all paths except one, so that each virtual host only sees their own files. I've tried so many things like:
deny /var/www/{**^,vhost1}/ rw,
Notice that I have a comma after **^ - I think this is because the {**^} syntax is not actually supported yet. Does anyone know when that will be supported or how to get around this problem?
Judging from:
http://wiki.apparmor.net/index.php/QuickProfileLanguage
It still seems to be a "proposed feature".
uname -a Linux testerserver 4.4.0-75-generic #96-Ubuntu SMP Thu Apr 20 09:56:33 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
