[Bug 1714244] Re: [snap] apparmor denials on /etc/chromium-browser/policies/

2020-09-28 Thread Olivier Tilloy
Now really fixed with https://git.launchpad.net/~chromium-team/chromium- browser/+git/snap-from- source/commit/?id=6f2b87da50bce971f4baadae348331e1bd024cb8. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1714244] Re: [snap] apparmor denials on /etc/chromium-browser/policies/

2020-08-31 Thread Olivier Tilloy
@Ian, I meant that a snapped application, run as the current user, won't be able to write to its $SNAP_DATA. I just verified that with: snap run --shell chromium cd $SNAP_DATA touch foobar and got "touch: cannot touch 'foobar': Permission denied" -- You received this bug

[Bug 1714244] Re: [snap] apparmor denials on /etc/chromium-browser/policies/

2020-08-31 Thread Ian Johnson
@osomon, > $SNAP_DATA/policies is not writable by the snap, so the import of existing policies won't work. $SNAP_DATA is by definition writable, so I'm curious what led you to think that it isn't? If it is showing up as read-only then that would be a snapd bug. Perhaps you were running as

[Bug 1714244] Re: [snap] apparmor denials on /etc/chromium-browser/policies/

2020-08-26 Thread Olivier Tilloy
Note to self for testing purposes: https://www.chromium.org/administrators/linux-quick-start -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1714244 Title: [snap] apparmor denials on

[Bug 1714244] Re: [snap] apparmor denials on /etc/chromium-browser/policies/

2020-08-26 Thread Olivier Tilloy
$SNAP_DATA/policies is not writable by the snap, so the import of existing policies won't work. This would have to be implemented in the transitional deb package's postinst script. What can be done is to try $SNAP_DATA/policies, and if that folder doesn't exist fall back to

[Bug 1714244] Re: [snap] apparmor denials on /etc/chromium-browser/policies/

2020-08-25 Thread Olivier Tilloy
The following two commits are an attempt at fixing this: https://git.launchpad.net/~chromium-team/chromium-browser/+git/snap-from-source/commit/?id=bfe4c3bf4e082ca6329040db23bdee858bd204d2

[Bug 1714244] Re: [snap] apparmor denials on /etc/chromium-browser/policies/

2020-08-25 Thread Olivier Tilloy
** Changed in: chromium-browser (Ubuntu) Status: Triaged => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1714244 Title: [snap] apparmor denials on

[Bug 1714244] Re: [snap] apparmor denials on /etc/chromium-browser/policies/

2020-08-06 Thread Damien Clabaut
Is there any update or workaround on this issue? This is going to be a problem to everyone in enterprise environments. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1714244 Title: [snap] apparmor

[Bug 1714244] Re: [snap] apparmor denials on /etc/chromium-browser/policies/

2020-06-11 Thread Olivier Tilloy
And for migration purposes, ideally the existing policies in /etc /chromium-browser/policies would be copied over to $SNAP_DATA/. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1714244 Title: [snap]

[Bug 1714244] Re: [snap] apparmor denials on /etc/chromium-browser/policies/

2020-06-11 Thread Olivier Tilloy
You're right Oliver, the patch should be adjusted to look for policies in $SNAP_DATA. ** Changed in: chromium-browser (Ubuntu) Assignee: (unassigned) => Olivier Tilloy (osomon) ** Changed in: chromium-browser (Ubuntu) Importance: Low => Medium -- You received this bug notification

[Bug 1714244] Re: [snap] apparmor denials on /etc/chromium-browser/policies/

2020-05-26 Thread Oliver Grawert
is there any particular reason to not simply adjust the patch to point to $SNAP_DATA/etc/chromium-browser/policies ? after all this is where system-wide configs should go ... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1714244] Re: [snap] apparmor denials on /etc/chromium-browser/policies/

2020-03-13 Thread Olivier Tilloy
A separate bug was filed: bug #1866732. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1714244 Title: [snap] apparmor denials on /etc/chromium-browser/policies/ To manage notifications about this

[Bug 1714244] Re: [snap] apparmor denials on /etc/chromium-browser/policies/

2019-10-23 Thread Olivier Tilloy
@Joachim: there's no separate bug for this yet, but you're right that this needs attention. Would you mind filing one to track this separately? If you can attach examples of custom policies that would be great, too. -- You received this bug notification because you are a member of Ubuntu Bugs,

[Bug 1714244] Re: [snap] apparmor denials on /etc/chromium-browser/policies/

2019-10-17 Thread Joachim Sauer
Is there a separate bug somewhere about actually implementing custom policies? Since 19.10 switched Chromium to Snap this means that not having those is an actual regression compared to 18.10 or 19.04, so I'd say this warrants a slightly higher priority now. -- You received this bug notification

[Bug 1714244] Re: [snap] apparmor denials on /etc/chromium-browser/policies/

2017-11-08 Thread Olivier Tilloy
The code in chromium that determines where to look for policies is there: https://cs.chromium.org/chromium/src/chrome/common/chrome_paths.cc?l=482. In the ubuntu packages this is being patched to "/etc/chromium- browser/policies/": http://bazaar.launchpad.net/~chromium-team/chromium-

[Bug 1714244] Re: [snap] apparmor denials on /etc/chromium-browser/policies/

2017-11-08 Thread Olivier Tilloy
Given that the denials are harmless and that getting rid of them would require a patch that wouldn't enable sysadmins to actually implement custom policies, I'll lower the importance of that bug. ** Changed in: chromium-browser (Ubuntu) Importance: Medium => Low ** Changed in: