You can 'sudo snap connect chromium:mount-observe' for /etc/fstab.
/run/mount/utab is more complicated and you can read about it here:
https://forum.snapcraft.io/t/namespace-awareness-of-run-mount-utab-and-
libmount/5987
For the /run/udev/data accesses, can you paste the output of:
$ cat /run/udev/data/b230\:*
** Package changed: chromium-browser (Ubuntu) => snapd (Ubuntu)
** Changed in: snapd (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
https://bugs.launchpad.net/bugs/1828275
Title:
[snap] chromium generates a lot of Apparmor noise
Status in snapd package in Ubuntu:
Incomplete
Bug description:
Running Chromium's snap result in a lot of Apparmor noise like this:
audit: type=1400 audit(0): apparmor="DENIED" operation="open"
profile="snap.chromium.chromium" name="/run/mount/utab" pid=0 comm="chrome"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
audit: type=1400 audit(0): apparmor="DENIED" operation="open"
profile="snap.chromium.chromium" name="/run/udev/data/b230:0" pid=0
comm="ThreadPoolForeg" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
The above and the attached log was collected with:
journalctl -o cat -k | grep -F ' apparmor="DENIED" ' | grep -F
snap.chromium.chromium | sed 's/ audit([0-9.:]\+): / audit(0): /; s/
pid=[0-9]\+ / pid=0 /' | sort
Additional information:
$ snap info chromium
name: chromium
summary: Chromium web browser, open-source version of Chrome
publisher: Canonical✓
contact:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bugs?field.tag=snap
license: unset
description: |
An open-source browser project that aims to build a safer, faster, and more
stable way for all
Internet users to experience the web.
commands:
- chromium.chromedriver
- chromium
snap-id: XKEcBqPM06H1Z7zGOdG5fbICuf8NWK5R
tracking: edge
refresh-date: 11 days ago, at 12:08 EDT
channels:
stable: 74.0.3729.131 2019-05-02 (705) 162MB -
candidate: 74.0.3729.131 2019-05-01 (705) 162MB -
beta: 74.0.3729.61 2019-04-06 (688) 162MB -
edge: 75.0.3770.9 2019-04-27 (703) 163MB -
installed: 75.0.3770.9 (703) 163MB -
$ snap interfaces chromium
Slot Plug
:browser-support chromium:browser-sandbox
:camera chromium
:desktop chromium
:gsettings chromium
:home chromium
:network chromium
:network-bind chromium
:opengl chromium
:personal-files chromium:chromium-config
:pulseaudio chromium
:screen-inhibit-control chromium
:u2f-devices chromium
:unity7 chromium
:upower-observe chromium
:x11 chromium
gtk-common-themes:gtk-3-themes chromium
gtk-common-themes:icon-themes chromium
gtk-common-themes:sound-themes chromium
- chromium:cups-control
- chromium:mount-observe
- chromium:network-manager
- chromium:password-manager-service
- chromium:removable-media
$ apt-cache policy snapd
snapd:
Installed: 2.38+18.04
Candidate: 2.38+18.04
Version table:
*** 2.38+18.04 500
500 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64
Packages
100 /var/lib/dpkg/status
2.37.4+18.04.1 500
500 http://security.ubuntu.com/ubuntu bionic-security/main amd64
Packages
2.32.5+18.04 500
500 http://archive.ubuntu.com/ubuntu bionic/main amd64 Packages
$ lsb_release -rd
Description: Ubuntu 18.04.2 LTS
Release: 18.04
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1828275/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
