[Touch-packages] [Bug 1647142] Re: usr.bin.chromium-browser terribly outdated
This bug was fixed in the package apparmor - 2.12-4ubuntu5
---
apparmor (2.12-4ubuntu5) bionic; urgency=medium
[ Didier Roche ]
* debian/patches/ubuntu/communitheme-snap-support.patch:
- support communitheme snap (LP: #1762983)
[ Jamie Strandboge ]
* debian/patches/ubuntu/add-chromium-browser.patch: adjust for newer
chromium (LP: #1101298, LP: #1594589, LP: #1647142)
- add attach_disconnected
- allow reading /proc/vmstat
- don't require owner match for /proc/pid/{stat,status} and task
counterparts
- adjust pci[0-9] to be pci[0-9a-f]
- allow reading all uevents and /sys/devices/virtual/tty/tty0/active
- allow ptracing xdgsettings and lsb-release
- xdgsettings uses head and tr and looks at /usr/share/ubuntu/applications/
- lsb-release uses python 3.6 and looks at apport, apt.conf, dpkg and
distro-info
- use 'm' on on sandbox
* debian/patches/ubuntu/mimeinfo-snap-support.patch: allow reading
/var/lib/snapd/desktop/applications *.desktop and mimeinfo.cache
(LP: #1712039)
-- Jamie Strandboge Tue, 17 Apr 2018 20:15:16 +
** Changed in: apparmor (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1647142
Title:
usr.bin.chromium-browser terribly outdated
Status in apparmor package in Ubuntu:
Fix Released
Bug description:
Hi,
when using the Chromium Browser, the screen (LXDE) drowns in warning
messages because of heaps of apparmor profile violations. Unusable
without intense manual modifications.
For some strange reason /etc/apparmor.d/usr.bin.chromium-browser is
over a year old
-rw-r--r-- 1 root root 8243 Sep 3 2015 usr.bin.chromium-browser
and part of the apparmor-profiles and not of the chromium-package (where it
would belong to).
It seems as if the chromium browser is continuously developed and re-
compiled with new library versions, while the apparmor profile is
frozen and noone takes care about, thus things are diverging more and
more.
IMHO the profile should be
a) part of the chromium browser package
b) maintained (tested) by the same package maintainers
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: apparmor-profiles 2.10.95-0ubuntu2.5
ProcVersionSignature: Ubuntu 4.4.0-51.72-generic 4.4.30
Uname: Linux 4.4.0-51-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
CurrentDesktop: LXDE
Date: Sun Dec 4 12:44:25 2016
PackageArchitecture: all
ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-4.4.0-51-generic
root=UUID=3e286927-f1b6-4954-8b0d-7cf23484309f ro rootflags=subvol=@ splash
quiet vt.handoff=7
SourcePackage: apparmor
UpgradeStatus: Upgraded to xenial on 2016-04-06 (242 days ago)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1647142/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1647142] Re: usr.bin.chromium-browser terribly outdated
Hello Hadmut, thanks for the feedback. This is a tricky situation -- chromium-browser's new sandboxing code requests a large number of system capabilities inside a user namespace. The current AppArmor profile language and enforcement engine has no way to describe "these capabilities are only valid inside a user namespace". It's not clear how we should handle this. We could grant the capabilities and let things work, but have zero security if accidentally run by the admin, or we could deny the capabilities and break the sandboxing. Because it's difficult to have a good profile in the face of this, we haven't shipped the profile in a package that would have more users. Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1647142 Title: usr.bin.chromium-browser terribly outdated Status in apparmor package in Ubuntu: Confirmed Bug description: Hi, when using the Chromium Browser, the screen (LXDE) drowns in warning messages because of heaps of apparmor profile violations. Unusable without intense manual modifications. For some strange reason /etc/apparmor.d/usr.bin.chromium-browser is over a year old -rw-r--r-- 1 root root 8243 Sep 3 2015 usr.bin.chromium-browser and part of the apparmor-profiles and not of the chromium-package (where it would belong to). It seems as if the chromium browser is continuously developed and re- compiled with new library versions, while the apparmor profile is frozen and noone takes care about, thus things are diverging more and more. IMHO the profile should be a) part of the chromium browser package b) maintained (tested) by the same package maintainers ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: apparmor-profiles 2.10.95-0ubuntu2.5 ProcVersionSignature: Ubuntu 4.4.0-51.72-generic 4.4.30 Uname: Linux 4.4.0-51-generic x86_64 ApportVersion: 2.20.1-0ubuntu2.1 Architecture: amd64 CurrentDesktop: LXDE Date: Sun Dec 4 12:44:25 2016 PackageArchitecture: all ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-4.4.0-51-generic root=UUID=3e286927-f1b6-4954-8b0d-7cf23484309f ro rootflags=subvol=@ splash quiet vt.handoff=7 SourcePackage: apparmor UpgradeStatus: Upgraded to xenial on 2016-04-06 (242 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1647142/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1647142] Re: usr.bin.chromium-browser terribly outdated
** Changed in: apparmor (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1647142 Title: usr.bin.chromium-browser terribly outdated Status in apparmor package in Ubuntu: Confirmed Bug description: Hi, when using the Chromium Browser, the screen (LXDE) drowns in warning messages because of heaps of apparmor profile violations. Unusable without intense manual modifications. For some strange reason /etc/apparmor.d/usr.bin.chromium-browser is over a year old -rw-r--r-- 1 root root 8243 Sep 3 2015 usr.bin.chromium-browser and part of the apparmor-profiles and not of the chromium-package (where it would belong to). It seems as if the chromium browser is continuously developed and re- compiled with new library versions, while the apparmor profile is frozen and noone takes care about, thus things are diverging more and more. IMHO the profile should be a) part of the chromium browser package b) maintained (tested) by the same package maintainers ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: apparmor-profiles 2.10.95-0ubuntu2.5 ProcVersionSignature: Ubuntu 4.4.0-51.72-generic 4.4.30 Uname: Linux 4.4.0-51-generic x86_64 ApportVersion: 2.20.1-0ubuntu2.1 Architecture: amd64 CurrentDesktop: LXDE Date: Sun Dec 4 12:44:25 2016 PackageArchitecture: all ProcKernelCmdline: BOOT_IMAGE=/vmlinuz-4.4.0-51-generic root=UUID=3e286927-f1b6-4954-8b0d-7cf23484309f ro rootflags=subvol=@ splash quiet vt.handoff=7 SourcePackage: apparmor UpgradeStatus: Upgraded to xenial on 2016-04-06 (242 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1647142/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
