Bug#742829: Chromium browser profile not adapted to Debian packaging

[Daniel Richard G.]

Package: apparmor-profiles
Version: 2.7.103-4

The /etc/apparmor.d/usr.bin.chromium-browser profile appears to have
been taken verbatim from Ubuntu, and unfortunately is not usable with
Debian's packaging of the Chromium browser without a number of
modifications (starting with a file rename):

--- /etc/apparmor.d/usr.bin.chromium-browser    2014-03-27 16:16:54.000000000 
-0400
+++ /etc/apparmor.d/usr.bin.chromium    2014-03-27 16:22:15.119117865 -0400
@@ -2,7 +2,7 @@
 #include <tunables/global>
 
 # We need 'flags=(attach_disconnected)' in newer chromium versions
-/usr/lib/chromium-browser/chromium-browser flags=(attach_disconnected) {
+/usr/lib/chromium/chromium flags=(attach_disconnected) {
   #include <abstractions/audio>
   #include <abstractions/base>
   #include <abstractions/cups-client>
@@ -63,11 +63,11 @@
   @{PROC}/sys/kernel/shmmax r,
   owner /{dev,run}/shm/{,.}org.chromium.* mrw,
 
-  /usr/lib/chromium-browser/*.pak mr,
-  /usr/lib/chromium-browser/locales/* mr,
+  /usr/lib/chromium/*.pak mr,
+  /usr/lib/chromium/locales/* mr,
 
   # Noisy
-  deny /usr/lib/chromium-browser/** w,
+  deny /usr/lib/chromium/** w,
 
   # Make browsing directories work
   / r,
@@ -108,16 +108,16 @@
   owner @{HOME}/.config/chromium/**/Dictionaries/*.bdic mr,
 
   # Allow transitions to ourself and our sandbox
-  /usr/lib/chromium-browser/chromium-browser ix,
-  /usr/lib/chromium-browser/chromium-browser-sandbox cx -> 
chromium_browser_sandbox,
+  /usr/lib/chromium/chromium ix,
+  /usr/lib/chromium/chrome-sandbox cx -> chromium_browser_sandbox,
 
   # TODO: child profile
   /bin/ps Uxr,
-  /usr/lib/chromium-browser/xdg-settings Ux,
+  /usr/lib/chromium/xdg-settings Ux,
   /usr/bin/xdg-settings Ux,
 
   # Site-specific additions and overrides. See local/README for details.
-  #include <local/usr.bin.chromium-browser>
+  #include <local/usr.bin.chromium>
 
 profile chromium_browser_sandbox {
     # Be fanatical since it is setuid root and don't use an abstraction
@@ -161,9 +161,9 @@
     @{PROC}/[0-9]*/oom_score_adj w,
     @{PROC}/[0-9]*/task/[0-9]*/stat r,
 
-    /usr/bin/chromium-browser r,
-    /usr/lib/chromium-browser/chromium-browser Px,
-    /usr/lib/chromium-browser/chromium-browser-sandbox r,
+    /usr/bin/chromium r,
+    /usr/lib/chromium/chromium Px,
+    /usr/lib/chromium/chrome-sandbox r,
 
     owner /tmp/** rw,
   }


Likewise, /etc/apparmor.d/local/usr.bin.chromium-browser should
be renamed.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org