Hellooo,
q1)
Some apps want to access /proc/ and the directory that corresponds to the process ID. How do you handle that?
No(t yet), but there are plans to do so.
I think the best way would be to allow shell commands from within profiles. AppArmor could include an additional config file that defines a set of shell commands allowed in profile files. I think that would be nice. Maybe you can write a wrapper for the PID issue, but I have no good idea yet.
q2)
How do you automatically detect suspicous behaviour?
Have a look at aa-notify ;-)
Great. So far I have an open terminal running tail -f When I look in your example profile, I see Cx somewhere and you define the profile for the child process within the main profile file, right? Thus you don´t need several profile files, you can put the child´s profile right into the main profile file, right? Thanks BTW, sending a user agent with your mail user client may not be beneficial for security....