Conflict with ssh connection sharing

[m00nwtchr]

e.g. with this .ssh/config

ControlMaster auto
ControlPath ${XDG_RUNTIME_DIR}/ssh/socket-%C

aa-log:

apparmor="ALLOWED" operation="mknod" class="file" profile="ssh" name="/run/user/1000/ssh/socket-e0896e67e27e5a03a7874c8b07b0adb136169dd7.npJtXR12WaEDRI0R"  comm="ssh" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000 FSUID="m00n" OUID="m00n"
apparmor="ALLOWED" operation="link" class="file" profile="ssh" name="/run/user/1000/ssh/socket-e0896e67e27e5a03a7874c8b07b0adb136169dd7"  comm="ssh" requested_mask="l" denied_mask="l" fsuid=1000 ouid=1000 target="/run/user/1000/ssh/socket-e0896e67e27e5a03a7874c8b07b0adb136169dd7.npJtXR12WaEDRI0R" FSUID="m00n" OUID="m00n"
apparmor="ALLOWED" operation="unlink" class="file" profile="ssh" name="/run/user/1000/ssh/socket-e0896e67e27e5a03a7874c8b07b0adb136169dd7.npJtXR12WaEDRI0R"  comm="ssh" requested_mask="d" denied_mask="d" fsuid=1000 ouid=1000 FSUID="m00n" OUID="m00n"
apparmor="ALLOWED" operation="unlink" class="file" profile="ssh" name="/run/user/1000/ssh/socket-e0896e67e27e5a03a7874c8b07b0adb136169dd7"  comm="ssh" requested_mask="d" denied_mask="d" fsuid=1000 ouid=1000 FSUID="m00n" OUID="m00n"

(Maybe not possible to support directly in apparmor.d, but leaving this issue as documentation of what to add to your local customizations)

[roddhjav]

As long as the control path is in @{run}/user/@{uid}/ssh we can support it without issue. However, yes, control path set in less common location would have to be configured in a local addition file.