Just by running chromium I get these complaints:
Jun 20 20:53:22 omicron kernel: [69605.494311] audit: type=1400 audit(1466448802.236:2558): apparmor="ALLOWED" operation="open" profile="/usr/lib/chromium-browser/chromium-browser" name="/sys/devices/system/cpu/cpufreq/policy0/cpuinfo_max_freq" pid=23577 comm="chromium-browse" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0 Jun 20 20:53:22 omicron kernel: [69605.555829] audit: type=1400 audit(1466448802.296:2559): apparmor="ALLOWED" operation="open" profile="/usr/lib/chromium-browser/chromium-browser" name="/proc/23610/setgroups" pid=23610 comm="chromium-browse" requested_mask="w" denied_mask="w" fsuid=1001 ouid=1001 Jun 20 20:53:22 omicron kernel: [69605.555895] audit: type=1400 audit(1466448802.296:2560): apparmor="ALLOWED" operation="open" profile="/usr/lib/chromium-browser/chromium-browser" name="/proc/23610/uid_map" pid=23610 comm="chromium-browse" requested_mask="w" denied_mask="w" fsuid=1001 ouid=1001 Jun 20 20:53:22 omicron kernel: [69605.555952] audit: type=1400 audit(1466448802.296:2561): apparmor="ALLOWED" operation="open" profile="/usr/lib/chromium-browser/chromium-browser" name="/proc/23610/gid_map" pid=23610 comm="chromium-browse" requested_mask="w" denied_mask="w" fsuid=1001 ouid=1001 Jun 20 20:53:24 omicron kernel: [69607.268592] audit: type=1400 audit(1466448804.008:2562): apparmor="ALLOWED" operation="open" profile="/usr/lib/chromium-browser/chromium-browser" name="/sys/devices/system/cpu/cpufreq/policy0/cpuinfo_max_freq" pid=23610 comm="chromium-browse" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0 Jun 20 20:53:24 omicron kernel: [69607.299658] audit: type=1400 audit(1466448804.040:2563): apparmor="ALLOWED" operation="open" profile="/usr/lib/chromium-browser/chromium-browser" name="/proc/1/stat" pid=23610 comm="chromium-browse" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0 Jun 20 20:53:24 omicron kernel: [69607.341170] audit: type=1400 audit(1466448804.080:2564): apparmor="ALLOWED" operation="open" profile="/usr/lib/chromium-browser/chromium-browser" name="/proc/23610/setgroups" pid=23610 comm="chromium-browse" requested_mask="w" denied_mask="w" fsuid=1001 ouid=1001 Jun 20 20:53:24 omicron kernel: [69607.341225] audit: type=1400 audit(1466448804.080:2565): apparmor="ALLOWED" operation="open" profile="/usr/lib/chromium-browser/chromium-browser" name="/proc/23610/gid_map" pid=23610 comm="chromium-browse" requested_mask="w" denied_mask="w" fsuid=1001 ouid=1001 Jun 20 20:53:24 omicron kernel: [69607.341272] audit: type=1400 audit(1466448804.080:2566): apparmor="ALLOWED" operation="open" profile="/usr/lib/chromium-browser/chromium-browser" name="/proc/23610/uid_map" pid=23610 comm="chromium-browse" requested_mask="w" denied_mask="w" fsuid=1001 ouid=1001
I also get very annoying popup notifications for these...
This bug was fixed in the package apparmor - 2.12-4ubuntu5
---------------
apparmor (2.12-4ubuntu5) bionic; urgency=medium
[ Didier Roche ] patches/ ubuntu/ communitheme- snap-support. patch:
* debian/
- support communitheme snap (LP: #1762983)
[ Jamie Strandboge ] patches/ ubuntu/ add-chromium- browser. patch: adjust for newer {stat,status} and task virtual/ tty/tty0/ active ubuntu/ applications/ patches/ ubuntu/ mimeinfo- snap-support. patch: allow reading lib/snapd/ desktop/ applications *.desktop and mimeinfo.cache
* debian/
chromium (LP: #1101298, LP: #1594589, LP: #1647142)
- add attach_disconnected
- allow reading /proc/vmstat
- don't require owner match for /proc/pid/
counterparts
- adjust pci[0-9] to be pci[0-9a-f]
- allow reading all uevents and /sys/devices/
- allow ptracing xdgsettings and lsb-release
- xdgsettings uses head and tr and looks at /usr/share/
- lsb-release uses python 3.6 and looks at apport, apt.conf, dpkg and
distro-info
- use 'm' on on sandbox
* debian/
/var/
(LP: #1712039)
-- Jamie Strandboge <email address hidden> Tue, 17 Apr 2018 20:15:16 +0000