Hi, What is the priority if two profiles match. E.g. /usr/bin/cat matches on profiles /usr/bin/c* and /usr/bin/ca*. What profile is it using?
I use Nixos and have generate profiles for all programs which are
installed by my configuration. I then want to add a default profile
which is only used if no other profile matches.
I don't think I can do that wit profile inheritence, because if i switch
from the default profile it always switches to the systemd profile. If i
add inheritence to the systemd profile it selects the default profile
and not the more specific ones
I tried it with a config like this
```
profile /nix/store/***-systemd/** flags=(attach_disconnected) {
# allow everything
capability,
network,
mount,
remount,
umount,
pivot_root,
ptrace,
signal,
dbus,
unix,
file,
}
...
profile default /** flags=(attach_disconnected) {
capability,
network,
mount,
remount,
umount,
pivot_root,
ptrace,
signal,
dbus,
unix,
file,
# Deny some sensitive files
deny /home/florian/.ssh/{,**} mrwlk,
}
```
signature.asc
Description: PGP signature
