Hi Guido!
On Wed, 2017 Sep 27 15:31+0200, Guido Günther wrote:
>
> I stumbled across this today again since I was looking for a chromium
> profile and still had one in /etc/apparmor.d/usr.bin.chromium-browser
> so it seems the fix for 742829 didn't remove existing files:
>
> $ dpkg -S /etc/apparmor.d/usr.bin.chromium-browser
> apparmor-profiles: /etc/apparmor.d/usr.bin.chromium-browse
>
> So I ended up writing the same fixes in that were already suggested
> here and I wonder why we can't just ship a profile if it's working
> for people?
You'll get no argument from me :) The main difficulty I've had is
getting upstream (Ubuntu) to accept patches to fix the profile whenever
Chromium's footprint gets bigger.
Case in point: No one's looked at this (old) merge request since it
was posted, even though I was told to file a merge request to get
my fixes in:
https://code.launchpad.net/~skunk/apparmor-profiles/+git/apparmor-profiles/+merge/321802
I wouldn't mind officially maintaining the Chromium profile myself,
given that I already do so for my own use and would like to see others
benefit as well.
> That said I'd rather see this shipped with the chromium package so we
> could reassign this (or open a separate report).
I'd like to see this happen too, if for no other reason than that the
Chromium profile is currently maintained in a sort of no-man's land on
the Ubuntu side.
