apparmor: allow reading /etc/ssl/openssl.cnf

Simon Dezielrequested to merge
sdeziel-guest/squid:apparmor-openssl into master

On start squid would trigger this (in a LXD container):

audit: type=1400 audit(1649103043.583:223): apparmor="DENIED" operation="open" \
       namespace="root//lxd-squid_<var-snap-lxd-common-lxd>" \
       profile="/usr/sbin/squid" name="/etc/ssl/openssl.cnf" pid=1004228 \
       comm="squid" requested_mask="r" denied_mask="r" fsuid=1589824 ouid=1589824

Instead of allowing just the openssl.cnf file, use the proper abstraction.

Signed-off-by: Simon Deziel simon@sdeziel.info

Merge request reports