(In reply to James Fehlig from comment #9) > Do profile rules covering these checks need to be conditionalized based on > version? I.e., is it safe to have signal rules when not supported by the > kernel? I haven't noticed any problems with such rules on my kernel 4.13 TW > machine. No problem - the only thing you need is a new enough apparmor_parser that understands signal etc. rules. AFAIK "new enough" means 2.9, so you won't hit any problems in Leap (2.10.x) or Tumbleweed (2.11). If the kernel does not know about a rule type, these rules (for example signal) will be ignored and signals will be allowed without any restrictions.