Considering the current implemention constraints that applications have to access various device files for GL (eg, /dev/dri/card0) instead of having something trusted like mir do the direct access (see bug #1197133 for background), I don't think we can avoid this access:
/sys/devices/pci[0-9]*/**/config r, While https://www.kernel.org/doc/Documentation/filesystems/sysfs-pci.txt tells us it is rw, AppArmor can at least enforce readonly. It is fine for webbrowser-app to /sys/devices/pci[0-9]*/**/config, but before we add it for all applications, can you give the complete denial messages? Perhaps there is something more fine-grained we can use.... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1590561 Title: webbrowser-app crashes on startup on fresh zesty Unity8: No suitable EGL configs found To manage notifications about this bug go to: https://bugs.launchpad.net/canonical-devices-system-image/+bug/1590561/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
