Hi Richard, On Wed, Sep 27, 2017 at 03:49:48PM -0400, Daniel Richard G. wrote: > Hi Guido! > > On Wed, 2017 Sep 27 15:31+0200, Guido Günther wrote: > > > > I stumbled across this today again since I was looking for a chromium > > profile and still had one in /etc/apparmor.d/usr.bin.chromium-browser > > so it seems the fix for 742829 didn't remove existing files: > > > > $ dpkg -S /etc/apparmor.d/usr.bin.chromium-browser > > apparmor-profiles: /etc/apparmor.d/usr.bin.chromium-browse > > > > So I ended up writing the same fixes in that were already suggested > > here and I wonder why we can't just ship a profile if it's working > > for people? > > You'll get no argument from me :) The main difficulty I've had is > getting upstream (Ubuntu) to accept patches to fix the profile whenever > Chromium's footprint gets bigger.
Great! I'm a big fan of doing things upstream but from my pov I'd consider apparmor or chromium to be upstream not Ubuntu. What about filing a bug against the Debian chromium package with an updated profile as a start? We can then take it from there and file another one against apparor once it proves working for more people. Cheers, -- Guido > > Case in point: No one's looked at this (old) merge request since it > was posted, even though I was told to file a merge request to get > my fixes in: > > > https://code.launchpad.net/~skunk/apparmor-profiles/+git/apparmor-profiles/+merge/321802 > > I wouldn't mind officially maintaining the Chromium profile myself, > given that I already do so for my own use and would like to see others > benefit as well. > > > That said I'd rather see this shipped with the chromium package so we > > could reassign this (or open a separate report). > > I'd like to see this happen too, if for no other reason than that the > Chromium profile is currently maintained in a sort of no-man's land on > the Ubuntu side. >