[apparmor] [Bug 1101298] Re: More resources must be added into Chromium profile

[intrigeri]

This bug report is about the custom profile shipped by Ubuntu in their
apparmor-profiles package (and nowhere else AFAIK), not about the
apparmor-profiles project (yeah, it's confusing, I know).

** Project changed: apparmor-profiles => apparmor (Ubuntu)

-- 
You received this bug notification because you are a member of AppArmor
Developers, which is subscribed to AppArmor Profiles.
https://bugs.launchpad.net/bugs/1101298

Title:
  More resources must be added into Chromium profile

Status in apparmor package in Ubuntu:
  New

Bug description:
  When I install apparmor-profiles package and set Chromium AppArmor
  profile to enforce mode,  Chromium cannot detect the default browser
  and claims that it is not the default browser even though I set so.
  And I see this line in dmesg:

  ... type=1400 audit(1358526376.204:84): apparmor="DENIED"
  operation="exec" parent=6216 profile="/usr/lib/chromium-browser
  /chromium-browser//xdgsettings" name="/usr/bin/gawk" pid=6220 comm
  ="xdg-mime" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0

  Now, there is only /usr/bin/mawk line in Chromium apparmor profile but
  users may use a different implementation thanks to the alternatives
  system.

  In addition, my dmesg is flooded by these lines:

  ... type=1400 audit(1358527121.548:197): apparmor="DENIED"
  operation="open" parent=6072 profile="/usr/lib/chromium-browser
  /chromium-browser"
  name="/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq" pid=8984
  comm="chromium-browse" requested_mask="r" denied_mask="r" fsuid=1000
  ouid=0

  It would be nice to see
  "/sys/devices/system/**/cpufreq/cpuinfo_max_freq r," added to the
  profile.

  My patch regarding the issue is attached.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1101298/+subscriptions