On Sat, 2014 Jun 14 20:02-0400, Antoine Beaupré wrote: > > I would strongly recommend deploying this solution instead of > struggling to find the perfect one, considering how critical apparmor > is for this specific application...
Especially given that this approach (aliases) is non-invasive, and at worse can easily be maintained as a patch against the upstream profile. We're also going to need a more up-to-date profile, however. The "few additional permissions" I mentioned earlier turned out to be things that are already covered in newer versions of the Chromium profile, or the abstractions that it uses. For what it's worth, I experimented with bringing over Ubuntu Trusty's entire /etc/apparmor.d/ directory into Jessie. I had to comment out all the ptrace () stuff, all the signal () stuff, and all the dbus directives. But once I did that, everything loaded with zero parse errors, and Chromium is no longer getting spurious denials. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
