[snap] apparmor denials on /etc/chromium-browser/policies/
Bug #1714244 reported by
Olivier Tilloy
This bug affects 6 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
chromium-browser (Ubuntu) |
Fix Released
|
Medium
|
Olivier Tilloy |
Bug Description
[1565519.440403] audit: type=1400 audit(150418508
[1565519.440527] audit: type=1400 audit(150418508
Those denials don't appear to prevent the app from running. Still, they should be investigated and fixed if possible.
Changed in chromium-browser (Ubuntu): | |
status: | Triaged → In Progress |
Changed in chromium-browser (Ubuntu): | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
The code in chromium that determines where to look for policies is there: https:/ /cs.chromium. org/chromium/ src/chrome/ common/ chrome_ paths.cc? l=482.
In the ubuntu packages this is being patched to "/etc/chromium- browser/ policies/ ": http:// bazaar. launchpad. net/~chromium- team/chromium- browser/ artful- stable/ view/head: /debian/ patches/ configuration- directory. patch.
That patch could be made $SNAP-aware.
That directory is meant for system-wide policies installed by sysadmins, not regular users. In that regard, there is little value in patching it to point to $SNAP/etc/ chromium- browser/ policies/ , since that directory is not writeable.
There doesn't appear to be any way in chromium to disable the instantiation of the policy connector that queries those directories.