<div dir="ltr"><div>Apparmor is set in complain mode, out-of-the-box, for Google Chromium.</div><div><br></div><div>It has given me 8 complaints, mostly for write requests.</div><div><br></div><div>It wants me to tell it what to do. But I feel more inclined to answer with a question: WTF?!</div><div><br></div><div>It wants write access to: gid_map, setgroups, uid_map,</div><div>And read access to: stat, ptrace_scope, and tcp_fastopen</div><div><br></div>It made for 3 requests (bizarrely) for write permission to gid_map.<div><br></div><div>I told it Yes in all cases. Was this wise? Or should I have said no? If it was wise, why bother me with it in the first place?</div><div><br clear="all"><div><div class="gmail_signature"><div class="gmail_signature">Profile:  /usr/lib/chromium-browser/chromium-browser</div><div class="gmail_signature">Path:     /proc/10203/gid_map</div><div class="gmail_signature">Mode:     w</div><div class="gmail_signature">Severity: 9</div><div class="gmail_signature"><br></div><div class="gmail_signature">Profile:  /usr/lib/chromium-browser/chromium-browser<br></div><div class="gmail_signature">Path:     /proc/10203/gid_map</div><div class="gmail_signature">Mode:     w</div><div class="gmail_signature">Severity: 9</div><div class="gmail_signature"><br></div><div class="gmail_signature">Profile:  /usr/lib/chromium-browser/chromium-browser<br></div><div class="gmail_signature">Path:     /proc/10203/gid_map</div><div class="gmail_signature">Mode:     w</div><div class="gmail_signature">Severity: 9</div><div class="gmail_signature"><br></div><div class="gmail_signature">Profile:  /usr/lib/chromium-browser/chromium-browser<br></div><div class="gmail_signature">Path:     /proc/10203/setgroups</div><div class="gmail_signature">Mode:     w</div><div class="gmail_signature">Severity: 9</div><div class="gmail_signature"><br></div><div class="gmail_signature">Profile:  /usr/lib/chromium-browser/chromium-browser<br></div><div class="gmail_signature">Path:     /proc/10203/uid_map</div><div class="gmail_signature">Mode:     w</div><div class="gmail_signature">Severity: 9</div><div class="gmail_signature"><br></div><div class="gmail_signature">Profile:  /usr/lib/chromium-browser/chromium-browser<br></div><div class="gmail_signature">Path:     /proc/10534/stat</div><div class="gmail_signature">Mode:     r</div><div class="gmail_signature">Severity: 6</div><div class="gmail_signature"><br></div><div class="gmail_signature">Profile:  /usr/lib/chromium-browser/chromium-browser<br></div><div class="gmail_signature">Path:     /proc/sys/kernel/yama/ptrace_scope</div><div class="gmail_signature">Mode:     r</div><div class="gmail_signature">Severity: 6</div><div class="gmail_signature"><br></div><div class="gmail_signature">Profile:  /usr/lib/chromium-browser/chromium-browser<br></div><div class="gmail_signature">Path:     /proc/sys/net/ipv4/tcp_fastopen</div><div class="gmail_signature">Mode:     r</div><div class="gmail_signature">Severity: 6</div><div class="gmail_signature"><br></div><div class="gmail_signature"><br></div><div class="gmail_signature"><br></div></div></div>
</div></div>