** Changed in: chromium-browser (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1714244
Title:
[snap] apparmor denials on
Indeed, for historical reasons the Ubuntu package (and now the snap)
will look for policies under /etc/chromium-browser/, not /etc/chromium/.
It's a bit unfortunate from a documentation POV, but I believe this was
originally mandated by the Debian packaging policy because the package
was named
According to the official docs:
https://www.chromium.org/administrators/linux-quick-start/
The path should be `/etc/chromium`
If the Ubuntu package maintainers move the path, how do people know
where the new path is?
--
You received this bug notification because you are a member of Ubuntu
@Olivier Ah, sorry, thank you for explaining this. This isn't what I
want to do, I was just trying to strip back to the basics of what
https://www.chromium.org/administrators/linux-quick-start said to do and
demonstrate that it wasn't working.
I changed my policy so it says
{
"HomepageLocation" has a bit of a misleading name. It defines only the
page that is opened when clicking the homepage toolbar button, which
isn't a thing anymore.
So what you really want to define is "RestoreOnStartupURLs"
(https://www.chromium.org/administrators/policy-
@Olivier Thank you for working on this, but chromium policies do not
appear to be working for me.
I have Chromium Version 86.0.4240.183 (Official Build) snap (64-bit)
running on Ubuntu Budgie.
Following https://www.chromium.org/administrators/linux-quick-start to test if
policies are being
@Jon: are your policies in /etc/chromium-browser/policies ? Is there a
symlink in that directory?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1714244
Title:
[snap] apparmor denials on
Running Chromium Version 86.0.4240.111 (Official Build) snap (64-bit) on
Ubuntu 20.04 and I'm not seeing my policies enforced inside Chromium.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1714244
Now really fixed with https://git.launchpad.net/~chromium-team/chromium-
browser/+git/snap-from-
source/commit/?id=6f2b87da50bce971f4baadae348331e1bd024cb8.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
@Ian, I meant that a snapped application, run as the current user, won't
be able to write to its $SNAP_DATA. I just verified that with:
snap run --shell chromium
cd $SNAP_DATA
touch foobar
and got "touch: cannot touch 'foobar': Permission denied"
--
You received this bug
@osomon,
> $SNAP_DATA/policies is not writable by the snap, so the import of
existing policies won't work.
$SNAP_DATA is by definition writable, so I'm curious what led you to
think that it isn't? If it is showing up as read-only then that would be
a snapd bug. Perhaps you were running as
Note to self for testing purposes:
https://www.chromium.org/administrators/linux-quick-start
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1714244
Title:
[snap] apparmor denials on
$SNAP_DATA/policies is not writable by the snap, so the import of existing
policies won't work.
This would have to be implemented in the transitional deb package's postinst
script.
What can be done is to try $SNAP_DATA/policies, and if that folder
doesn't exist fall back to
The following two commits are an attempt at fixing this:
https://git.launchpad.net/~chromium-team/chromium-browser/+git/snap-from-source/commit/?id=bfe4c3bf4e082ca6329040db23bdee858bd204d2
** Changed in: chromium-browser (Ubuntu)
Status: Triaged => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1714244
Title:
[snap] apparmor denials on
Is there any update or workaround on this issue? This is going to be a
problem to everyone in enterprise environments.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1714244
Title:
[snap] apparmor
And for migration purposes, ideally the existing policies in /etc
/chromium-browser/policies would be copied over to $SNAP_DATA/.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1714244
Title:
[snap]
You're right Oliver, the patch should be adjusted to look for policies
in $SNAP_DATA.
** Changed in: chromium-browser (Ubuntu)
Assignee: (unassigned) => Olivier Tilloy (osomon)
** Changed in: chromium-browser (Ubuntu)
Importance: Low => Medium
--
You received this bug notification
is there any particular reason to not simply adjust the patch to point
to $SNAP_DATA/etc/chromium-browser/policies ? after all this is where
system-wide configs should go ...
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
A separate bug was filed: bug #1866732.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1714244
Title:
[snap] apparmor denials on /etc/chromium-browser/policies/
To manage notifications about this
@Joachim: there's no separate bug for this yet, but you're right that
this needs attention. Would you mind filing one to track this
separately? If you can attach examples of custom policies that would be
great, too.
--
You received this bug notification because you are a member of Ubuntu
Bugs,
Is there a separate bug somewhere about actually implementing custom
policies? Since 19.10 switched Chromium to Snap this means that not
having those is an actual regression compared to 18.10 or 19.04, so I'd
say this warrants a slightly higher priority now.
--
You received this bug notification
The code in chromium that determines where to look for policies is
there:
https://cs.chromium.org/chromium/src/chrome/common/chrome_paths.cc?l=482.
In the ubuntu packages this is being patched to "/etc/chromium-
browser/policies/": http://bazaar.launchpad.net/~chromium-team/chromium-
Given that the denials are harmless and that getting rid of them would
require a patch that wouldn't enable sysadmins to actually implement
custom policies, I'll lower the importance of that bug.
** Changed in: chromium-browser (Ubuntu)
Importance: Medium => Low
** Changed in:
24 matches
Mail list logo
