Hi, [Cc'ing Jamie, who authored this profile initially, according to the DEP-3 headers.]
@Jamie: that's about Debian bug #742829, on how to handle differences in packaging chromium in Debian and Ubuntu, in the corresponding AppArmor profile. Daniel Richard G. wrote (31 Mar 2014 16:44:50 GMT) : > On Mon, 2014 Mar 31 13:30+0200, intrigeri wrote: >> >> I think the changing paths in this profile should be handled with a >> tunable, that maintainers can set accordingly to how Chromium is >> packaged for their distribution. > Parameterizing the profile would be great, though then it would also be > a matter of Ubuntu adopting that, so that both distributions can use the > same profile (with different tunables). I don't see why this could not happen. In Trusty, Ubuntu is still shipping this profile as part of their own delta on top of upstream, and I guess everybody would be happy if a clean profile was merged upstream, in a way that distros can easily adapt paths to the way they're packaging chromium, without having to patch the main profile file. If this profile goes upstream, then Ubuntu can simply replace their own profile with the generic one, and add a tiny tunables file on top. I'm sure they'll be delighted to cut down their maintenance costs this way. Really, upstream is nice, happy to take patches, and the needed work is quite simple :) Personally, I've no strong interest in confining chromium, so I won't take the lead on it, but I'm happy to test and review patches before you submit it upstream, if it may help. Daniel Richard G. wrote (07 Jun 2014 08:15:51 GMT) : > I've found an easier way to adapt the profile to Debian: AppArmor > aliases to the rescue! > alias /etc/chromium-browser/ -> /etc/chromium/, > alias /usr/bin/chromium-browser -> /usr/bin/chromium, > alias /usr/lib/chromium-browser/chromium-browser-sandbox -> > /usr/lib/chromium/chrome-sandbox, > alias /usr/lib/chromium-browser/chromium-browser -> > /usr/lib/chromium/chromium, > alias /usr/lib/chromium-browser/ -> /usr/lib/chromium/, I'm glad you've been working on this. Thanks! However, I'm not overly enthusiastic at the idea of adding this kind of band-aid on top of a Ubuntu-specific patch we've pulled into our packaging, and that is not fit for Debian in its current state, especially when there's an easy and clean way to improve things for everybody. Cheers! -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
