apparmor profile should track new chromium-browser sandbox name
Bug #1247269 reported by
Chad Miller
This bug affects 4 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apparmor (Ubuntu) |
Fix Released
|
Low
|
Chad Miller |
Bug Description
Upstream is encoding the sandbox name in source instead of a compile time flag. Instead of tracking a new patch, I'm relenting and using the invisible "chrome-browser" name in the lib directory in packaging.
/etc/apparmor.
should add
/usr/
and retain for a while the old line
/usr/
The security aspect of this is that lacking this will only make the syslog/dmesg more noisy. The cost of that is that users' attention is finite and precious.
Related branches
lp://qastaging/~cmiller/ubuntu/trusty/apparmor/chromium-new-sandbox-name
Approved
for merging
into
lp://qastaging/ubuntu/trusty/apparmor
- Chad Miller (community): Disapprove
- Jamie Strandboge: Approve
- Ubuntu branches: Pending requested
-
Diff: 69 lines (+15/-4)3 files modifieddebian/changelog (+7/-0)
debian/patches/0001-add-chromium-browser.patch (+6/-4)
profiles/apparmor.d/usr.bin.chromium-browser (+2/-0)
Changed in apparmor (Ubuntu): | |
assignee: | nobody → Chad Miller (cmiller) |
Changed in apparmor (Ubuntu): | |
status: | New → In Progress |
To post a comment you must log in.
@Chad, I run the chromium-browser on precise and there I found it needs your patch and some multiarch rules too. I've attached the complete diff.
$ apt-cache policy chromium-browser apparmor-profiles 114-0ubuntu0. 12.04.3 114-0ubuntu0. 12.04.3 114-0ubuntu0. 12.04.3 0 archive. ubuntu. com/ubuntu/ precise- updates/ universe amd64 Packages security. ubuntu. com/ubuntu/ precise- security/ universe amd64 Packages dpkg/status 0.1025. 151~r130497- 0ubuntu1 0 archive. ubuntu. com/ubuntu/ precise/universe amd64 Packages archive. ubuntu. com/ubuntu/ precise- updates/ main amd64 Packages dpkg/status 7.102-0ubuntu3. 7 0 security. ubuntu. com/ubuntu/ precise- security/ main amd64 Packages 7.102-0ubuntu3 0 archive. ubuntu. com/ubuntu/ precise/main amd64 Packages
chromium-browser:
Installed: 30.0.1599.
Candidate: 30.0.1599.
Version table:
*** 30.0.1599.
500 http://
500 http://
100 /var/lib/
18.
500 http://
apparmor-profiles:
Installed: 2.7.102-0ubuntu3.9
Candidate: 2.7.102-0ubuntu3.9
Version table:
*** 2.7.102-0ubuntu3.9 0
500 http://
100 /var/lib/
2.
500 http://
2.
500 http://