Public bug reported:
Upstream is encoding the sandbox name in source instead of a compile
time flag. Instead of tracking a new patch, I'm relenting and using the
invisible "chrome-browser" name in the lib directory in packaging.
/etc/apparmor.d/usr.bin.chromium-browser
should add
/usr/lib/chromium-browser/chrome-sandbox cx -> chromium_browser_sandbox,
and retain for a while the old line
/usr/lib/chromium-browser/chromium-browser-sandbox cx ->
chromium_browser_sandbox,
The security aspect of this is that lacking this will only make the
syslog/dmesg more noisy. The cost of that is that users' attention is finite
and precious.
** Affects: apparmor (Ubuntu)
Importance: Low
Assignee: Chad Miller (cmiller)
Status: New
** Changed in: apparmor (Ubuntu)
Assignee: (unassigned) => Chad Miller (cmiller)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1247269
Title:
apparmor profile should track new chromium-browser sandbox name
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1247269/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
