The root filesystem that the chromium snap sees is the one provided by the core18 snap.
Exceptions granted by the connected interfaces can be inspected by reading the generated apparmor profile, stored at /var/lib/snapd/apparmor/profiles/snap.chromium.chromium. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to chromium-browser in Ubuntu. https://bugs.launchpad.net/bugs/1847092 Title: Sandboxing Chromium Snap without FireJail Status in chromium-browser package in Ubuntu: Triaged Bug description: I'm a Firefox user who uses Chromium for certain google websites. I like to run Chromium in a sandbox so that the "Downloads" folder is the only file system location Chromium can see. In Ubuntu 19.04, I could achieve this with: sudo apt install chromium-browser firejail ; firejail chromium-browser In Ubuntu 19.10, Chromium is only offered as a snap package: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1847092 Firejail, doesn't work with Chromium's snap package installation: https://askubuntu.com/questions/1178995 The snap installation's degree of isolation seems to be controlled by the developer of snap package. Since firejail no longer works for achieving this degree of isolation, I'm requesting that the Snap Package Maintainer (of Chromium), provide an alternative installation that only gives Chromium access to the "Downloads" folder exclusively. ProblemType: Bug DistroRelease: Ubuntu 19.10 Package: chromium-browser (not installed) ProcVersionSignature: Ubuntu 5.3.0-13.14-generic 5.3.0 Uname: Linux 5.3.0-13-generic x86_64 NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair ApportVersion: 2.20.11-0ubuntu7 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Mon Oct 7 08:15:38 2019 InstallationDate: Installed on 2019-10-06 (0 days ago) InstallationMedia: Ubuntu 19.10 "Eoan Ermine" - Beta amd64 (20191001.2) ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR=<set> LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: chromium-browser UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1847092/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
