[Apparmor-dev] Re: AppArmor Security Goal

[Alan Cox]

> but how can the system know if the directory the user wants to add is 
> reasonable or not? what if the user says they want to store their 
> documents in /etc?

A more clear example is wanting to wrap a specific tool with temporary
rules. Those rules would depend on the exact file being edited at this
moment - something root cannot know in advance
(although with apparmor I guess mv $my_file apparmour_magic.name ; foo;
mv it back might work 8))