Hi,

It seems that AppArmor can't be effectively used to protect read access
to files from users (including roots). It is possible to create a profile
for, eg, 'cat', but then the users can use 'less'.

Is this true? Should use SELinux instead for this?

Thanks!