Code review comment for lp:~michihenning/unity-scopes-api/scope-cache-dir

> > https://wiki.ubuntu.com/SecurityTeam/Specifications/ApplicationConfinement
> but
> > iiuic Qt itself was patched to build the directory based on a few envvars.
> Imo
> > we should just do the same, afterall the path has to be "prefix + scope_id",
> > and the prefix can be passed as an envvar - it's not like a single process
> can
> > be both unconfined and leaf-net at the same time.
>
> I'm still not happy about this, as I mentioned earlier: if we have multiple
> instances of the run time in a single address space, the setting will be wrong
> for all but one of them.

My point was that you can apply only one apparmor profile, so if there are multiple runtimes and scopes in a single process, they either have to share the apparmor template or need to be unconfined, otherwise things won't work anyway. So the prefix is indeed per process, not per runtime.