Apparmor is set in complain mode, out-of-the-box, for Google Chromium. It has given me 8 complaints, mostly for write requests.
It wants me to tell it what to do. But I feel more inclined to answer with a question: WTF?! It wants write access to: gid_map, setgroups, uid_map, And read access to: stat, ptrace_scope, and tcp_fastopen It made for 3 requests (bizarrely) for write permission to gid_map. I told it Yes in all cases. Was this wise? Or should I have said no? If it was wise, why bother me with it in the first place? Profile: /usr/lib/chromium-browser/chromium-browser Path: /proc/10203/gid_map Mode: w Severity: 9 Profile: /usr/lib/chromium-browser/chromium-browser Path: /proc/10203/gid_map Mode: w Severity: 9 Profile: /usr/lib/chromium-browser/chromium-browser Path: /proc/10203/gid_map Mode: w Severity: 9 Profile: /usr/lib/chromium-browser/chromium-browser Path: /proc/10203/setgroups Mode: w Severity: 9 Profile: /usr/lib/chromium-browser/chromium-browser Path: /proc/10203/uid_map Mode: w Severity: 9 Profile: /usr/lib/chromium-browser/chromium-browser Path: /proc/10534/stat Mode: r Severity: 6 Profile: /usr/lib/chromium-browser/chromium-browser Path: /proc/sys/kernel/yama/ptrace_scope Mode: r Severity: 6 Profile: /usr/lib/chromium-browser/chromium-browser Path: /proc/sys/net/ipv4/tcp_fastopen Mode: r Severity: 6
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
