chromium-browser profile is too noisy with chromium-browser 23

I plan on updating 11.10 and 12.04 with the fix for bug #1045986 (going through -security) since currently the profile is broken anyway.

Uploaded fix to raring-proposed. Fix also uploaded to quantal-proposed, but it is awaiting ubuntu-sru approval.

This bug was fixed in the package apparmor - 2.8.0-0ubuntu10

---------------
apparmor (2.8.0-0ubuntu10) raring; urgency=low

  * debian/patches/0001-add-chromium-browser.patch: add accesses for chromium
    23 (LP: #1091862)
 -- Jamie Strandboge <email address hidden> Tue, 18 Dec 2012 15:20:05 -0600

This bug was fixed in the package apparmor - 2.7.102-0ubuntu3.7

---------------
apparmor (2.7.102-0ubuntu3.7) precise-security; urgency=low

  * debian/patches/0001-add-chromium-browser.patch:
    - add access for newer versions of chromium (LP: #1091862)
    - add a child profile for xdgsettings (LP: #1045986)
  * debian/patches/0021-fix-racy-onexec-test.patch: fix race in onexec.sh
    kernel regression test
 -- Jamie Strandboge <email address hidden> Wed, 19 Dec 2012 07:51:38 -0600

This bug was fixed in the package apparmor - 2.7.0~beta1+bzr1774-1ubuntu2.2

---------------
apparmor (2.7.0~beta1+bzr1774-1ubuntu2.2) oneiric-security; urgency=low

  * debian/patches/0001-add-chromium-browser.patch:
    - add various accesses for newer chromium versions (LP: #1091862)
    - add a child profile for xdgsettings (LP: #1045986)
  * debian/put-all-profiles-in-complain-mode.sh: deal with existing flags
 -- Jamie Strandboge <email address hidden> Tue, 18 Dec 2012 11:53:38 -0600

Hello Jamie, or anyone else affected,

Accepted apparmor into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/apparmor/2.8.0-0ubuntu5.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

The fix for this bug has been awaiting testing feedback in the -proposed repository for quantal for more than 90 days. Please test this fix and update the bug appropriately with the results. In the event that the fix for this bug is still not verified 15 days from now, the package will be removed from the -proposed repository.

There are more spam, probably in addition to the originally reported here:

[92594.175171] type=1400 audit(1365501890.592:231152): apparmor="ALLOWED" operation="getattr" parent=11228 profile="/usr/lib/chromium-browser/chromium-browser//null-52" name="/usr/share/mime/application/zip.xml" pid=11252 comm="kdialog" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

[92584.101494] type=1400 audit(1365501880.520:229442): apparmor="ALLOWED" operation="getattr" parent=11228 profile="/usr/lib/chromium-browser/chromium-browser//null-52" name="/usr/share/mime/inode/directory.xml" pid=11252 comm="kdialog" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

[92573.172685] type=1400 audit(1365501869.592:209673): apparmor="ALLOWED" operation="getattr" parent=11229 profile="/usr/lib/chromium-browser/chromium-browser//null-51" name="/etc/localtime" pid=11241 comm="kdialog" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

Confirmed that the quantal-proposed apparmor-profiles removes these messages.

Newer chromes add (at least, under virtualization):

[64318.372241] type=1400 audit(1365818789.203:181): apparmor="ALLOWED" operation="open" parent=1 profile="/usr/lib/chromium-browser/chromium-browser" name="/sys/devices/pci0000:00/0000:00:04.0/virtio1/block/vda/vda1/size" pid=7590 comm="Chrome_FileThre" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0

But this package fixes some denials.

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

This bug was fixed in the package apparmor - 2.8.0-0ubuntu5.1

---------------
apparmor (2.8.0-0ubuntu5.1) quantal-proposed; urgency=low

  [ Steve Beattie ]
  * 0023-lp1091642-parser-reset_matchflags.patch: prevent reuse of
    matchflags in parser dfa backend and add testcase demonstrating the
    problem (LP: #1091642)

  [ Jamie Strandboge ]
  * debian/patches/0001-add-chromium-browser.patch: add accesses for chromium
    23 (LP: #1091862)
  * debian/patches/0024-fix-racy-onexec-test.patch: fix race in onexec.sh
    kernel regression test
 -- Steve Beattie <email address hidden> Tue, 18 Dec 2012 05:42:58 -0800