Hi Seth,
On Wed, 2017 Oct 4 18:39-0700, Seth Arnold wrote:
> Thanks for tackling this Daniel,
>
> On Fri, Sep 29, 2017 at 04:09:02PM -0400, Daniel Richard G. wrote:
> > alias /etc/chromium-browser/ -> /etc/chromium/,
> > alias /usr/bin/chromium-browser -> /usr/bin/chromium,
> > alias /usr/lib/ch
Thanks for tackling this Daniel,
On Fri, Sep 29, 2017 at 04:09:02PM -0400, Daniel Richard G. wrote:
> alias /etc/chromium-browser/ -> /etc/chromium/,
> alias /usr/bin/chromium-browser -> /usr/bin/chromium,
> alias /usr/lib/chromium-browser/chromium-browser-sandbox ->
> /usr/lib/chromium/chrome-sa
On Sat, 2017 Sep 30 19:19+0200, Guido Günther wrote:
>
> > #include
>
> This file is currently not included in Debian's apparmor package.
> @intrigeri, can this be added? I assume we don't want other packages
> to mess around in abstractions? If not I can pull the code from that
> file into the
Hi,
On Fri, Sep 29, 2017 at 04:09:02PM -0400, Daniel Richard G. wrote:
> On Fri, 2017 Sep 29 00:18+0200, Guido Günther wrote:
> >
> > Attaching to this the report is fine. I can handle it from there.
>
> Okay, greatly appreciated. My current profile is attached. Please Cc: me
> on the new bug repo
Hi,
Guido Günther:
> On Fri, Sep 29, 2017 at 04:09:02PM -0400, Daniel Richard G. wrote:
>> #include
> This file is currently not included in Debian's apparmor
> package. @intrigeri, can this be added?
Before r1608 (in Vcs-Bzr) we shipped that file in
/usr/share/apparmor-profiles/abstractions/
Hi Daniel,
On Fri, Sep 29, 2017 at 04:09:02PM -0400, Daniel Richard G. wrote:
> On Fri, 2017 Sep 29 00:18+0200, Guido Günther wrote:
> >
> > Attaching to this the report is fine. I can handle it from there.
>
> Okay, greatly appreciated. My current profile is attached. Please Cc: me
> on the new b
On Fri, 2017 Sep 29 00:18+0200, Guido Günther wrote:
>
> Attaching to this the report is fine. I can handle it from there.
Okay, greatly appreciated. My current profile is attached. Please Cc: me
on the new bug report.
As it happens, this file is identical to the current version of the
profile in
Hi,
On Thu, Sep 28, 2017 at 05:20:51PM -0400, Daniel Richard G. wrote:
> On Thu, 2017 Sep 28 22:07+0200, Guido Günther wrote:
> >
> > I would have hoped you'd simply report wishlist bug against chromium
> > with the new profile attached? This gives us a bug to track for futher
> > discussion. I'd d
On Thu, 2017 Sep 28 22:07+0200, Guido Günther wrote:
>
> I would have hoped you'd simply report wishlist bug against chromium
> with the new profile attached? This gives us a bug to track for futher
> discussion. I'd do it myself but my profile is less well tested since
> I just hacked it up a coup
Hi,
On Thu, Sep 28, 2017 at 03:07:15PM -0400, Daniel Richard G. wrote:
> On Thu, 2017 Sep 28 11:21+0200, Guido Günther wrote:
> >
> > > That would amount to the Debian Chromium maintainers becoming the
> > > new upstream for the profile. (Apparmor is basically maintained by
> >
> > Or maybe people
On Thu, 2017 Sep 28 11:21+0200, Guido Günther wrote:
>
> > That would amount to the Debian Chromium maintainers becoming the
> > new upstream for the profile. (Apparmor is basically maintained by
>
> Or maybe people caring about the chromium profile like you, me and
> others in this thread.
You st
Guido Günther:
> On Wed, Sep 27, 2017 at 04:47:27PM -0400, Daniel Richard G. wrote:
>> That would amount to the Debian Chromium maintainers becoming the new
>> upstream for the profile.
> Or maybe people caring about the chromium profile like you, me and
> others in this thread.
Fine with me, tha
Hi,
On Wed, Sep 27, 2017 at 04:47:27PM -0400, Daniel Richard G. wrote:
> On Wed, 2017 Sep 27 22:26+0200, Guido Günther wrote:
> >
> > Great! I'm a big fan of doing things upstream but from my pov I'd
> > consider apparmor or chromium to be upstream not Ubuntu. What about
> > filing a bug against th
On Wed, 2017 Sep 27 22:26+0200, Guido Günther wrote:
>
> Great! I'm a big fan of doing things upstream but from my pov I'd
> consider apparmor or chromium to be upstream not Ubuntu. What about
> filing a bug against the Debian chromium package with an updated
> profile as a start? We can then take
Hi Richard,
On Wed, Sep 27, 2017 at 03:49:48PM -0400, Daniel Richard G. wrote:
> Hi Guido!
>
> On Wed, 2017 Sep 27 15:31+0200, Guido Günther wrote:
> >
> > I stumbled across this today again since I was looking for a chromium
> > profile and still had one in /etc/apparmor.d/usr.bin.chromium-brows
Hi Guido!
On Wed, 2017 Sep 27 15:31+0200, Guido Günther wrote:
>
> I stumbled across this today again since I was looking for a chromium
> profile and still had one in /etc/apparmor.d/usr.bin.chromium-browser
> so it seems the fix for 742829 didn't remove existing files:
>
>$ dpkg -S /etc/ap
control: reopen -1 742829
Hi,
On Wed, Sep 27, 2017 at 03:31:26PM +0200, Guido Günther wrote:
> Hi,
> On Sat, Dec 17, 2016 at 03:21:07PM +, Debian Bug Tracking System wrote:
> > This is an automatic notification regarding your Bug report
> > which was filed against the apparmor-profiles package
on debian 8.5, I added the aliases to the profile. But When I launch apparmor
I get an error:
LaunchProcess: failed to execvp:
/usr/lib/chromium/chrome-sandbox
Ben Bailess:
> Hello:
>
>> When I used to enable to profile by using the aliases above, it would work
>> just fine, but today when I tried it on a fresh sid installation, no dice.
>> I get the following:
>>
>> apparmor="DENIED" operation="open"
>> profile="/usr/lib/chromium-browser/chromium-browse
Hello:
> When I used to enable to profile by using the aliases above, it would work
> just fine, but today when I tried it on a fresh sid installation, no dice.
> I get the following:
>
> apparmor="DENIED" operation="open"
> profile="/usr/lib/chromium-browser/chromium-browser"
> name="/run/Networ
When I used to enable to profile by using the aliases above, it would work
just fine, but today when I tried it on a fresh sid installation, no dice.
I get the following:
apparmor="DENIED" operation="open"
profile="/usr/lib/chromium-browser/chromium-browser"
name="/run/NetworkManager/resolv.conf
Hello,
Am Montag, 19. Oktober 2015 schrieb Daniel Richard G.:
> I've never expected that we could get everyone to agree on a common
> set of paths, any more than we can get everyone to agree to drive on
> the same side of the road. But at least we can harmonize things
> between Debian and Ubuntu--
On Mon, 2015 Oct 19 23:13+0200, Christian Boltz wrote:
> Hello,
>
> the aliases are a nice workaround, and the tunable might really solve
> the problem, but the better solution is: get rid of the problem ;-)
>
> I'd propose to change the packages so that all distributions use the
> same path. That
Hello,
the aliases are a nice workaround, and the tunable might really solve
the problem, but the better solution is: get rid of the problem ;-)
I'd propose to change the packages so that all distributions use the
same path. That would also mean we don't need funny hacks to adjust the
profile
This bug is still present in Jessie / stable with apparmor-profiles
version 2.9.0-3 and chromium version 45.0.2454.85-1~deb8u1. The alias hack
does *work* to get the profile properly enforced, and I can see why
maintaining a delta against upsteam is a long-term poor decision if there
were an altern
On Sat, 2014 Jun 21 12:21+0200, intrigeri wrote:
>
> I'm still very much unconvinced that maintaining a Debian delta
> against a Ubuntu delta, instead of upstreaming things, is the way to
> go, especially given the low amount of energy that's being put into
> the apparmor package in Debian. But I'l
Hi,
Daniel Richard G. wrote (20 Jun 2014 23:12:52 GMT) :
> On Sat, 2014 Jun 14 20:02-0400, Antoine Beaupré wrote:
>>
>> I would strongly recommend deploying this solution instead of
>> struggling to find the perfect one, considering how critical apparmor
>> is for this specific application...
> E
On Sat, 2014 Jun 14 20:02-0400, Antoine Beaupré wrote:
>
> I would strongly recommend deploying this solution instead of
> struggling to find the perfect one, considering how critical apparmor
> is for this specific application...
Especially given that this approach (aliases) is non-invasive, and
The following works for me so far:
diff --git a/apparmor.d/usr.bin.chromium-browser
b/apparmor.d/usr.bin.chromium-browser
index c032691..976ac2f 100644
--- a/apparmor.d/usr.bin.chromium-browser
+++ b/apparmor.d/usr.bin.chromium-browser
@@ -1,6 +1,12 @@
# Author: Jamie Strandboge
#include
+al
On Sat, 2014 Jun 7 16:41+0200, intrigeri wrote:
> Hi,
>
> [Cc'ing Jamie, who authored this profile initially, according to the
> DEP-3 headers.]
>
> @Jamie: that's about Debian bug #742829, on how to handle differences
> in packaging chromium in Debian and Ubuntu,
intrigeri wrote (07 Jun 2014 14:41:42 GMT) :
> Daniel Richard G. wrote (07 Jun 2014 08:15:51 GMT) :
>> I've found an easier way to adapt the profile to Debian: AppArmor
>> aliases to the rescue!
[...]
> However, I'm not overly enthusiastic at the idea of [...]
I should have added: I'm not the mai
Hi,
[Cc'ing Jamie, who authored this profile initially, according to the
DEP-3 headers.]
@Jamie: that's about Debian bug #742829, on how to handle differences
in packaging chromium in Debian and Ubuntu, in the corresponding
AppArmor profile.
Daniel Richard G. wrote (31 Mar 2014 16
reopen 742829
thanks
(Note: The previous upload was actually a fix for a different bug, so
I'm reopening this report.)
I've found an easier way to adapt the profile to Debian: AppArmor
aliases to the rescue!
alias /etc/chromium-browser/ -> /etc/chromium/,
alias /usr/bin/chromium-browser
On mar., 2014-05-06 at 16:49 -0400, Daniel Richard G. wrote:
> A patch would be fairly simple:
>
> --- /etc/apparmor.d/abstractions/lightdm_chromium-browser.orig 2014-04-28
> 15:33:22.0 -0400
> +++ /etc/apparmor.d/abstractions/lightdm_chromium-browser 2014-05-06
> 16:40:08.0146936
On Tue, 2014 May 6 11:32+0200, Yves-Alexis Perez wrote:
>
> Note that the “destination” maintainers don't get a copy of your mail
> when you reassign a bug, so it's usually a good idea to add them to
> CC: for that mail.
Thanks; as you probably noticed, I'm still new to BTS control-fu :]
> About
On mar., 2014-05-06 at 04:21 +, Debian Bug Tracking System wrote:
> Processing commands for cont...@bugs.debian.org:
>
> > clone 742829 -1
> Bug #742829 [apparmor-profiles] Chromium browser profile not adapted to
> Debian packaging
> Bug 742829 cloned as bug 747159
&g
clone 742829 -1
reassign -1 lightdm
thanks
The lightdm package includes an AppArmor abstraction
/etc/apparmor.d/abstractions/lightdm_chromium-browser
that also needs to be adapted for the Debian packaging of the
Chromium browser [in the same way as the main Chromium profile
/etc/apparmor.d/u
On Mon, 2014 Mar 31 13:30+0200, intrigeri wrote:
>
> I think the changing paths in this profile should be handled with a
> tunable, that maintainers can set accordingly to how Chromium is
> packaged for their distribution.
Parameterizing the profile would be great, though then it would also be
a m
Hi,
I think the changing paths in this profile should be handled with
a tunable, that maintainers can set accordingly to how Chromium is
packaged for their distribution.
Also, I don't think the profile file name actually matters. Does it?
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.pti
Package: apparmor-profiles
Version: 2.7.103-4
The /etc/apparmor.d/usr.bin.chromium-browser profile appears to have
been taken verbatim from Ubuntu, and unfortunately is not usable with
Debian's packaging of the Chromium browser without a number of
modifications (starting with a file rename):
---
40 matches
Mail list logo
