This bug was fixed in the package apparmor - 2.12-4ubuntu5
---------------
apparmor (2.12-4ubuntu5) bionic; urgency=medium
[ Didier Roche ]
* debian/patches/ubuntu/communitheme-snap-support.patch:
- support communitheme snap (LP: #1762983)
[ Jamie Strandboge ]
* debian/patches/ubuntu/add-chromium-browser.patch: adjust for newer
chromium (LP: #1101298, LP: #1594589, LP: #1647142)
- add attach_disconnected
- allow reading /proc/vmstat
- don't require owner match for /proc/pid/{stat,status} and task
counterparts
- adjust pci[0-9] to be pci[0-9a-f]
- allow reading all uevents and /sys/devices/virtual/tty/tty0/active
- allow ptracing xdgsettings and lsb-release
- xdgsettings uses head and tr and looks at /usr/share/ubuntu/applications/
- lsb-release uses python 3.6 and looks at apport, apt.conf, dpkg and
distro-info
- use 'm' on on sandbox
* debian/patches/ubuntu/mimeinfo-snap-support.patch: allow reading
/var/lib/snapd/desktop/applications *.desktop and mimeinfo.cache
(LP: #1712039)
-- Jamie Strandboge <[email protected]> Tue, 17 Apr 2018 20:15:16 +0000
** Changed in: apparmor (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1101298
Title:
More resources must be added into Chromium profile
Status in apparmor package in Ubuntu:
Fix Released
Bug description:
When I install apparmor-profiles package and set Chromium AppArmor
profile to enforce mode, Chromium cannot detect the default browser
and claims that it is not the default browser even though I set so.
And I see this line in dmesg:
... type=1400 audit(1358526376.204:84): apparmor="DENIED"
operation="exec" parent=6216 profile="/usr/lib/chromium-browser
/chromium-browser//xdgsettings" name="/usr/bin/gawk" pid=6220 comm
="xdg-mime" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0
Now, there is only /usr/bin/mawk line in Chromium apparmor profile but
users may use a different implementation thanks to the alternatives
system.
In addition, my dmesg is flooded by these lines:
... type=1400 audit(1358527121.548:197): apparmor="DENIED"
operation="open" parent=6072 profile="/usr/lib/chromium-browser
/chromium-browser"
name="/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq" pid=8984
comm="chromium-browse" requested_mask="r" denied_mask="r" fsuid=1000
ouid=0
It would be nice to see
"/sys/devices/system/**/cpufreq/cpuinfo_max_freq r," added to the
profile.
My patch regarding the issue is attached.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1101298/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
